Giters

NotSooShariff / ceh-v12-notes

A Repository to maintain short notes for my CEHv12 attempt. Give this repo a :star: if it's useful to you

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CEH v12 Short Notes

A repository for CEHv12 Notes in bullet points for skimming through content quickly or revising.

Exam Pattern

  • 125 questions in 4 hours (around ≈ 2 min per question)

Tips for reviewing the notes

  • Good idea to repeat common exam areas (marked with 📝) before the exam.
  • Do practice tests, and search for the information you're not sure about while doing to tests to get a better understanding.

Exam Rules

  • No interruption is allowed, e.g. going to toilet
    • Go to toilet before.
  • Allowed to have paper and pencil, but probably not needed.
  • Home proctored, ensure you have more than 4 hours to talk to the proctor.
  • Your room:
    • Door must be closed
    • Cannot have more than one monitor (if laptop, only laptop screen)
    • No more than one PC
    • They require you to put your cell-phone far from camera where they can see it.
  • Have your exam code ready, on paper on a text-editor ready to copy / paste
  • You'll install software where proctor can see your desktop, see you on camera and listen to your on microphone.
  • Microphone must stay on
  • No headset is allowed
  • For any problems you have a live chat window where proctor will answer to technical issues e.g. page is frozen.
  • You can not speak during exam, cannot read questions out loud.
  • You can reschedule if you're not ready.
  • Scheduling exam: Manual process by writing to them with e-mail confirmations.

Answers

  • Not so much trickery, the answer that "sounds" true is likely to be true
  • Encryption and authentication (e.g. • IPSecDNSSec) are generally best solutions.
  • Active/passive analogy is quite popular where active usually involves "interaction with the target".

Exam techniques

  • Read slowly, don't rush, if you don't understand question when reading twice, skip
    • Some answers can be correct answers for different questions.
    • Important to understand the question.
  • Don't be scared: Questions looking complicated are not so complicated
  • Sometimes multiple answers are right, but they want the most correct one.
    • Don't overthink, the simpler is probably the right one.

Content

  1. Introduction
    1. Information security
      1. Information security overview
      2. Security threats and attacks
      3. Information security controls
        1. Information security controls overview
        2. Risk management
        3. Incident management
        4. Network security
        5. Security policies
        6. Physical security
        7. Data leakage backup and recovery
        8. Identity access management (IAM)
      4. Threat intelligence and forensics
      5. Laws, standards and regulations
    2. Hacking
      1. Hacker types
      2. Hacking stages
    3. Penetration testing
      1. Penetration testing overview
      2. Penetration testing phases
  2. Footprinting
    1. Footprinting overview
    2. Search engines and online resources
    3. WHOIS, GeoIpLocation and DNS interrogation
    4. Email footprinting
    5. Website footprinting
    6. Network footprinting
  3. Scanning networks
    1. Scanning networks overview
    2. TCP/IP basics
    3. Scanning tools
    4. Scanning techniques
    5. Bypassing IDS and firewall
    6. Banner grabbing
  4. Enumeration
    1. Enumeration Overview
    2. DNS enumeration
  5. Vulnerabilities
    1. Vulnerability analysis
    2. Common vulnerabilities
    3. Automated penetration testing tools
  6. System hacking
    1. Cracking passwords
      1. Cracking passwords overview
      2. Microsoft authentication
      3. Password cracking tools
    2. Linux basics
    3. Escalating privileges
    4. Executing applications
    5. Hiding files
    6. Covering tracks
  7. Malware overview
    1. Malware overview
    2. Trojans
    3. Viruses
    4. Malware analysis
  8. Sniffing
    1. Sniffing overview
    2. Sniffing tools
    3. Sniffing attacks
      1. Sniffing attacks overview
      2. Spoofing attacks
      3. ARP poisoning
  9. Wireless networks
    1. Wireless networks overview
    2. AAA protocols
    3. Wireless threats and attacks
    4. Wireless security tools
    5. Bluetooth
  10. Social engineering
    1. Social engineering overview
    2. Social engineering types
  11. Firewalls IDS and Honeypots
    1. Intrusion detection system (IDS)
      1. Intrusion detection system (IDS) overview
      2. Evading IDS
    2. Firewall
      1. Firewall overview
      2. Evading firewalls
    3. Honeypot
  12. Web servers
    1. Hacking web servers
    2. Web server threats and attacks
  13. Web applications
    1. Hacking web applications
    2. OWASP top 10 threats
    3. Denial of service
    4. Session hijacking
  14. SQL injection
    1. SQL injection overview
    2. SQL injection types
  15. Cryptography
    1. Cryptography overview
    2. Encryption algorithms
    3. Hashing algorithms
    4. Communication
      1. Encrypting communication
      2. Tunneling protocols
    5. Encrypting disk
    6. Cryptanalysis
  16. Cloud
    1. Cloud computing
    2. Cloud security
    3. Container security
  17. Mobile platforms
    1. Mobile hacking
    2. Mobile attack vectors
    3. Mobile attacks
  18. IoT and OT
    1. IoT overview
    2. IoT security
  19. Exam readiness

Note

Most of the content in the theory section was forked from a repository I no longer have the source to. Reach out to me for credit.

Jump to top ↑

About

A Repository to maintain short notes for my CEHv12 attempt. Give this repo a :star: if it's useful to you

Languages

Language:Batchfile 59.5%Language:Makefile 40.5%