About the Certified Ethical Hacker (Practical)
C|EH Practical is a six-hour, rigorous exam that requires you to demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, web app hacking, etc. to solve a security audit challenge.
This is the next step after you have attained the highly acclaimed Certified Ethical Hacker certification.
Professionals that possess the C|EH credential will be able to sit for exam that will test them to their limits in unearthing vulnerabilities across major operating systems, databases, and networks.
You will be given limited time, just like in the real world. The exam was developed by a panel of experienced SMEs and includes 20 real-life scenarios with questions designed to validate essential skills required in the ethical hacking domains as outlined in the C|EH program.
It is not a simulated exam but rather, it mimics a real corporate network through the use of live virtual machines, networks, and applications, designed to test your skills. You will be presented with scenarios and will be asked to demonstrate the application of the knowledge acquired in the C|EH course to find solutions to real-life challenges.
- Exam Title: Certified Ethical Hacker (Practical)
- Number of Practical Challenges: 20
- Duration: 6 hours
- Availability: Aspen – iLabs
- Test Format: iLabs Cyber Range
- Passing Score: 70%
- Open Book: Just Like In The Real World!
- Perform network scanning to identify live and vulnerable machines in a network
- Perform OS banner grabbing, service, and user enumeration
- Perform system hacking, steganography, steganalysis attacks, and cover tracks
- Identify and use viruses, computer worms, and malware to exploit systems
- Perform packet sniffing
- Conduct a variety of web server and web application attacks including directory traversal, parameter tampering, XSS, etc
- Perform SQL injection attacks
- Perform different types of cryptography attacks
- Perform vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems etc.
- Vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems, etc;
- System hacking, steganography;
- Network scanning to identify live and vulnerable machines in a network;
- OS banner grabbing, service, and user enumeration;
- Different types of cryptography attacks;
- SQL injection attacks;
- Packet sniffing;
- Scanning and Reconnaissance
- Sniffing
- SQL Injection
- Brute-forcing or Password Cracking
- Cryptography
- Steganography
- Realized Test with Web Browser iLabs
- One Kali Linux (No Update) and Windows Server 2016 to perform the pentest
- Five machines to compromise on an isolated network from the internet
- Search in Google? (Yes!)
- Talk to someone during the race? (No!)
- Nmap
- Hydra
- Sqlmap
- Wpscan
- Nikto
- John
- Hashcat
- Metasploit
- Responder LLMNR
- Wireshark or Tcpdump
- Steghide
- OpenStego
- QuickStego
- Dirb
- Searchsploit
- Crunch
- Cewl
- Veracrypt
- Hashcalc
- Rainbow Crack
- What is the IP of the Windows X machine?
- What is the version of the Linux Kernel?
- How many Windows machines are there?
- What is the password for user X of the FTP server?
- What is user X's IBAN number?
- Which user X's phone number?
- What is the password hidden in the .jpeg file?
Informative for CEH Practical Exam
ReplyDeleteIs the exam very difficult or difficult?
ReplyDelete