Certified Professional Ethical Hacker - C)PEH Course Outline

(5 Days)


* This class is also available as a self-study package with 12 months of class access and an exam

The Certified Professional Ethical Hacker vendor neutral certification course is the foundational training to mile2’s line of penetration testing courses.

The CPEH certification training enables students to understand the importance of vulnerability assessments by providing industry knowledge and skills in Vulnerability Assessments. In doing so, the CPEH student is able to understand how malware and destructive viruses function. In addition, the CPEH course helps students learn how to implement counter response and preventative measures when it comes to a network hack.

The CPEH course provides in-depth labs that focus on both open source and commercial based tools with industry best practices. These hands on labs emulate real world hacking scenarios and equip the candidate to assess your company’s security posture, help implement controls to better secure your company’s network infrastructure and how to combat against hackers and/or viruses, etc.

Audience Profile

  • Information System Owners
  • Security Officers
  • Ethical Hackers
  • Information Owners
  • Penetration Testers
  • System Owner and Managers
  • Cyber Security Engineers


  • 12 months of IT security experience
  • 12 months of Networking Experience

Course Outline

Module 1 – Security Fundamentals

Module 2 – Access Controls

Module 3 – Protocols

Module 4 -Cryptography

Module 5 – Why Vulnerability Assessments?

Module 6 – Vulnerability Tools of the Trade

Module 7 – Output Analysis and Reports

Module 8 – Reconnaissance, Enumeration & Scanning

Module 9 – Gaining Access

Module 10 – Maintaining Access

Module 11 – Covering Tracks

Module 12 – Malware

Module 13 – Buffer Overflows

Appendix 1 – Economics and Law

Appendix 2 – Vulnerability Types

Appendix 3 – Assessing Web Servers

Appendix 4 – Assessing Remote & VPN Services

Appendix 5 – Denial of Services

Module 1 – Security Fundamentals


The Growth of Environments and Security

Our Motivation…

The Goal: Protecting Information!

CIA Triad in Detail

Approach Security Holistically

Security Definitions

Definitions Relationships

Method: Ping

The TCP/IP Stack

Which Services Use Which Ports?

TCP 3-Way Handshake

TCP Flags


Types of Malware

Types of Malware Cont…

Types of Viruses

More Malware: Spyware

Trojan Horses

Back Doors



Packet Sniffers

Passive Sniffing

Active Sniffing

Firewalls, IDS and IPS

Firewall – First
Line of Defense

IDS – Second Line of Defense

IPS – Last Line of Defense?


Firewall Types:
(1) Packet Filtering

Firewall Types:
(2) Proxy Firewalls

Firewall Types –
Circuit-Level Proxy Firewall

Type of Circuit-
Level Proxy – SOCKS

Firewall Types –
Application-Layer Proxy

Firewall Types: (3) Stateful

Firewall Types:
(4) Dynamic Packet-Filtering

Firewall Types:
(5) Kernel Proxies

Firewall Placement

Firewall Architecture
Types – Screened Host

Multi- or Dual-Homed

Screened Subnet

Wi-Fi Network Types

Wi-Fi Network Types

Widely Deployed Standards

Standards Comparison

802.11n – MIMO

Overview of Database Server


Module 2 – Access Controls


Role of Access Control


More Definitions

Categories of Access Controls

Physical Controls

Logical Controls

“Soft” Controls

Security Roles

Steps to Granting Access

Access Criteria

Physical Access
Control Mechanisms

Biometric System Types

Synchronous Token

Asynchronous Token Device

Memory Cards

Smart Card

Cryptographic Keys

Logical Access Controls

OS Access Controls

Linux Access Controls

Accounts and Groups

Password &
Shadow File Formats

Accounts and Groups

Linux and UNIX Permissions

Set UID Programs

Trust Relationships


Module 3 – Protocols

Protocols Overview

OSI – Application Layer

OSI – Presentation Layer

OSI – Session Layer

Transport Layer

OSI – Network Layer

OSI – Data Link

OSI – Physical Layer

Protocols at Each OSI Model Layer

TCP/IP Suite

Port and Protocol Relationship

Conceptual Use of Ports

UDP versus TCP

Protocols – ARP

Protocols – ICMP

Network Service – DNS

SSH Security Protocol


Protocols – SNMP

Protocols – SMTP

Packet Sniffers

Example Packet Sniffers


Module 4 -Cryptography




Cryptographic Definitions

Encryption Algorithm


Symmetric Encryption

Symmetric Downfalls

Symmetric Algorithms

Crack Times

Asymmetric Encryption

Public Key
Cryptography Advantages

Algorithm Disadvantages

Algorithm Examples

Key Exchange

Symmetric versus Asymmetric

Using the
Algorithm Types Together

Instructor Demonstration


Common Hash Algorithms

Birthday Attack

Example of a Birthday Attack

Generic Hash Demo

Instructor Demonstration

Security Issues in Hashing

Hash Collisions

MD5 Collision Creates
Rogue Certificate Authority

Hybrid Encryption

Digital Signatures


SSL Connection Setup

SSL Hybrid Encryption


IPSec – Network Layer Protection



Public Key Infrastructure

Quantum Cryptography

Attack Vectors

Network Attacks

More Attacks (Cryptanalysis)


Module 5 – Why Vulnerability Assessments


What is a
Vulnerability Assessment?

Vulnerability Assessment

Benefits of a Vulnerability Assessment

What are Vulnerabilities?

Security Vulnerability Life Cycle

Compliance and Project Scoping

The Project
Overview Statement

Project Overview Statement

Assessing Current
Network Concerns

Vulnerabilities in Networks

More Concerns

Network Vulnerability
Assessment Methodology

Network Vulnerability
Assessment Methodology

Phase I: Data Collection

Phase II: Interviews, Information Reviews, and Hands-On Investigation

Phase III: Analysis

Analysis cont.

Risk Management

Why Is Risk
Management Difficult?

Risk Analysis Objectives

Putting Together the Team and Components

What Is the Value of an Asset?

Examples of Some Vulnerabilities that Are Not Always Obvious

Categorizing Risks

Some Examples of Types of Losses

Different Approaches to Analysis

Who Uses What?

Qualitative Analysis Steps

Quantitative Analysis

ALE Values Uses

ALE Example

ARO Values and Their Meaning

ALE Calculation

Can a Purely Quantitative Analysis Be Accomplished?

Comparing Cost and Benefit

Countermeasure Criteria

Calculating Cost/Benefit

Cost of a Countermeasure

Can You Get Rid of All Risk?

Management’s Response to Identified Risks

Liability of Actions

Policy Re