EC-COUNCIL Certified Ethical Hacker v13
The Certified Ethical Hacker v13 is a professional cybersecurity certification designed to provide individuals with the knowledge and practical skills required to think and act like a hacker in order to identify, prevent, and respond to potential cyber threats.
The course introduces participants to the latest tools, techniques, and methodologies used by cybercriminals while emphasizing how to ethically apply the same approaches to strengthen security defenses. It covers a broad spectrum of topics including information security, network and system hacking, malware threats, cryptography, penetration testing, and cloud and IoT security. Learners are guided through real-world scenarios and hands-on labs that simulate the environment of cyberattacks, giving them the opportunity to develop critical problem-solving skills and an understanding of the hacker mindset.
By the end of the training, participants are equipped to detect vulnerabilities, analyze risks, and implement security measures that safeguard organizations against evolving cyber threats, making them valuable assets in the field of cybersecurity.
ENTRY REQUIREMENT
- A basic understanding of computer networks, operating systems, and security concepts is recommended.
- Fundamental knowledge of TCP/IP, Windows/Linux systems, and networking technologies
- No degree is strictly required, but a background in IT, cybersecurity, or system administration is advantageous.
COURSE SYLLABUS
Beginner to Advance Level
• What is hacking, types of hackers
• Information security principles (CIA triad, etc.)
• Threats, attacks, vulnerabilities
• Cyber Kill Chain, MITRE ATT&CK framework
• Laws, regulations, compliance, responsible disclosure
• Role of AI in ethical hacking (in v13)
• Footprinting concepts, methodology
• Public / open-source intelligence (OSINT)
• Search engines, advanced Google hacking
• Whois, DNS enumeration
• Email & network footprinting
• social media, people search
• Tools: theHarvester, Shodan, etc.
• Countermeasures & defensive footprinting
• Use of AI / enhanced reconnaissance in v13
• Scanning concept, discovery / stealth scans
• Port scanning, service/version detection
• Network mapping, OS fingerprinting
• Firewall, IDS evasion
• Use of proxies, scan tools (e.g. Nmap)
• AI-enhanced scanning (in v13)
• Scanning countermeasures & defense
• Enumeration concept & methodology
• SMB / NetBIOS / NetBIOS enumeration
• WMI, SNMP, LDAP, DNS
• SMTP, RPC, others
• Website directory enumeration
• Active Directory and local user enumeration
• Enumeration using AI techniques
• Defensive enumeration countermeasures
• Review & hands-on activities
• Vulnerability scanning, assessment
• Tools (OpenVAS, Nessus, etc.)
• Types of vulnerabilities (configuration, software)
• Risk / impact analysis
• AI-assisted vulnerability analysis
• Categorization, reporting
• Mitigation planning
• Countermeasures
• Lab / practice exercises
• System hacking phases & concepts
• Exploits: buffer overflow, code injection
• Tools / frameworks: Metasploit, Meterpreter
• Netcat, keylogging, spyware
• Windows vs Linux exploitation
• Privilege escalation, pivoting, lateral movement
• Persistence, backdoors
• Covering tracks & anti-forensics
• Password attacks & cracking (hashcat, etc.)
• AI role in system hacking (v13)
• Lab exercises (full hacking from start to finish)
• Types of malware: viruses, worms, Trojans
• APTs, fileless malware
• Malware analysis process
• Tools for static/dynamic analysis
• Malware evasion techniques
• Countermeasures & remediation
• Use of AI in malware detection / evasion
• Hands-on labs / case studies
• Network sniffing fundamentals
• ARP poisoning, MAC spoofing
• Packet capture tools (Wireshark, etc.)
• Protocol-level sniffing
• Session hijacking via sniffing
• Countermeasures: encryption, switches, IDS
• Sniffing via AI enhancements
• Lab / simulation exercises
• Social engineering concepts & types
• Phishing, vishing, pretexting, baiting
• Impersonation, tailgating
• Psychological manipulation techniques
• Human factor vulnerabilities
• Countermeasures, training, awareness
• Lab / scenario practice
• DoS vs DDoS fundamentals
• Attack vectors (flooding, amplification, botnets)
• Tools and techniques
• Attack detection & mitigation
• Countermeasures: rate limiting, filtering, cloud mitigations
• Hands-on / simulation labs
• Integration with modern AI detection
• Session hijacking concepts
• Techniques: cross-site, session fixation, sidejacking, token stealing
• Tools / exploitation
• Defense: secure cookies, token expiration, TLS
• Countermeasures & best practices
• Lab / practice scenario
• IDS / IPS fundamentals
• Techniques to bypass IDS / firewall rules (fragmentation, tunneling)
• Honeypots and deception
• Evasion tools & countermeasures
• Defense conceptualization
• Hands-on exercises
• Web server concepts & vulnerabilities
• Directory traversal, file inclusion
• Web application security (OWASP top 10)
• Tools: Burp Suite, ZAP
• SQL injection, XSS, CSRF
• Session management attacks
• API hacking, modern web tech
• Countermeasures & secure coding
• Lab / CTF exercises
• Integration of AI / automation in web hacking (v13)
• SQL fundamentals
• SQL injection attack types (in-band, blind, time-based)
• Exploitation via web apps
• Bypassing filters, prepared statements
• Countermeasures: ORM, parameterized queries
• Lab practice
• Advanced / blind SQL techniques
• AI-assisted SQL injection detection / exploitation (v13)
• Wireless networking basics (802.11)
• WEP, WPA, WPA2, WPA3 attacks
• Rogue AP, Evil Twin
• Wireless sniffing & packet injection
• Tools: Aircrack-ng, etc.
• Countermeasures: encryption, MAC filtering, IDS
• Lab exercises
• AI-enhanced wireless attack/defense features (v13)
- Mobile OS landscapes (Android, iOS)
• App vulnerabilities, mobile threats
• Reverse engineering, decompilation
• Mobile malware, sideloading
• Mobile network attacks
• Countermeasures: sandboxing, secure app design
• Lab / hands-on mobile exploitation
• AI in mobile threat detection (v13)
• IoT / OT fundamentals
• Architecture, protocols (MQTT, Modbus, etc.)
• IoT vulnerability vectors
• Hacking techniques, exploitation
• Countermeasures & securing IoT / OT
• Lab / simulation of IoT / OT attacks
• AI-assisted IoT/OT detection & defense (prominent in v13)
• Cloud models (IaaS, PaaS, SaaS)
• Virtualization, containers, serverless
• Cloud threat vectors & attack surfaces
• Identity / IAM, privilege abuse
• Lateral movement in cloud, pivoting
• Cloud API attacks
• Countermeasures, cloud security best practices
• Lab / cloud pentest scenarios
• AI role in cloud security (v13)
• Cryptography principles, symmetric / asymmetric
• Encryption algorithms, hashing, digital signatures
• PKI, certificates, SSL/TLS
• Steganography
• Cryptanalysis / attacks
• Countermeasures & secure implementations
• Lab / exercises
• AI-assisted cryptanalysis (v13)
• Overview of tools (Kali, Metasploit, Burp, etc.)
• Tool integration, chaining techniques
• Full-phase ethical hacking process (Recon → Scan → Gaining Access → Maintaining Access → Covering Tracks)
• Real-world scenario practice (CTFs)
• Reporting, documentation, post-engagement process
• Use of AI / automation across phases
• Lab / practical challenge exercises
• Review and exam preparation
COURSE BRIEF
- Course Title: Certified Ethical Hacker v13
- Duration: 3 Months instructor-led Training
- Level: Beginner to Advance Level
- Format: Online Training with Series of Projects
- Regular Assignments & Case Studies
SCHEDULES
- Days: Monday – Friday
- Duration: 1hr Everyday
- Time: 9pm (CST)