Professional Documents
Culture Documents
MatiasKatz
ConsultorIT
TrainerIT
EspecialistaenSeguridadInformtica
8aosdeexperiencia
Mail:matias@matiaskatz.com
Blog:www.matiaskatz.com
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
02
Presentaciones
Nombre
Empresa
Cargo/Rol
ResponsabilidadesdelCargo
ExperienciaenInfraestructurasInformticas
ExperienciaenSeguridadInformtica
ExpectativasdelCurso
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
03
Terminologas
Hacker:
Unapersonacuriosayentusiastaquedisfrutadeaprendersobrelossistemas
decomputacinylasposibilidadesdeexpandirsusalcancesmediante
tcnicasavanzadasdeusodeequiposinformticos
Hacking:
Prcticaqueabarcaeldesarrolloyusodesistemasymetodologas
paralaexpansindedichosalcances,confinesacadmicos
Cracker:
Unapersonaqueutilizasusconocimientos
deHackingconfinesmaliciosos
(Tambinselallamaas alagalletitasalada)
EthicalHacker:
Unprofesionaldeseguridadqueutilizasus
conocimientosdeHackingconfinesdefensivos
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
04
TareasdeunEthicalHacker
Determinarelniveldeseguridaddeunainfraestructuraysuinformacin:
Qu niveldeaccesoalainformacinyrecursosdelsistematiene
unusuarionoautorizado?
Qu medidaspreventivas,detectivasy/ocorrectivashayestablecidas
parareducirdichonivel?
Estamosenriesgo?
Paralograrlo,sedebenrealizarlassiguientestareas:
PenetrationTesting
VulnerabilityAssessments
PlanesdeProteccin
AuditorasConstantes
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
05
CEH
SiglasdeCertifiedEthicalHacker
EsunacertificacinotorgadaporelECCouncil (www.eccouncil.org)
Est dirigidaaAdministradoresdeSistemasyResponsablesdeSeguridad
Requieredeunbackgroundtcnicoavanzado
PasosparaCertificar:
Demostrar2aosdeexperienciaenSeguridadInformtica
CompletarelCommonBodyofKnowledge(67mdulos)
Llenarelformulariodeadmisinyesperarsuaprobacin
AprobarelExamenEC0350
ReCertificarobteniendoECCouncilContinuing
EducationCredits(ECE)
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
06
CEH(Cont.)
ExamendeCertificacin
AsistidoporComputadora
4HorasdeDuracin
100%MultipleChoice
Aprobacinconun70%
Costo:U$S250
RegistracinatravsdePrometric
Links:
www.eccouncil.org/certification/certified_ethical_hacker.aspx
www.eccouncil.org/training/assessments.aspx
www.eccouncil.org/certification/exam_information/ceh_exam_31250.aspx
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
07
CommonBodyofKnowledge 67Mdulos
Module01:IntroductiontoEthicalHacking
Module02:HackingLaws
Module03:Footprinting
Module04:GoogleHacking
Module05:Scanning
Module06:Enumeration
Module07:SystemHacking
Module08:TrojansandBackdoors
Module09:VirusesandWorms
Module10:Sniffers
Module11:SocialEngineering
Module12:Phishing
Module13:HackingEmailAccounts
Module14:DenialofService
Module15:SessionHijacking
Module16:HackingWebServers
Module17:WebApplication
Vulnerabilities
Module18:WebBasedPassword
CrackingTechniques
Module19:SQLInjection
Module20:HackingWirelessNetworks
Module21:PhysicalSecurity
Module22:LinuxHacking
Module23:EvadingIDS,Firewallsand
DetectingHoneyPots
Module24:BufferOverflows
Module25:Cryptography
Module26:PenetrationTesting
Module27:CovertHacking
Module28:WritingVirusCodes
Module29:AssemblyLanguageTutorial
Module30:ExploitWritingModule31:
SmashingtheStackforFunandProfit
Module32:WindowsBasedBuffer
OverflowExploitWriting
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
08
CommonBodyofKnowledge 67Mdulos(Cont.)
Module33:ReverseEngineering
Module34:MACOSXHacking
Module35:HackingRouters,cable
ModemsandFirewalls
Module36:HackingMobilePhones,PDA
andHandheldDevices
Module37:BluetoothHacking
Module38:VoIPHacking
Module39:RFIDHacking
Module40:Spamming
Module41:HackingUSBDevices
Module42:HackingDatabaseServers
Module43:CyberWarfare Hacking,Al
QaidaandTerrorism
Module44:InternetContentFiltering
Techniques
Module45:PrivacyontheInternet
Module46:SecuringLaptopComputers
Module47:SpyingTechnologies
Module48:CorporateEspionage Hacking
UsingInsiders
Module49:CreatingSecurityPolicies
Module50:SoftwarePiracyandWarez
Module51:HackingandCheatingOnline
Games
Module52:HackingRSSandAtom
Module53:HackingWebBrowsers
(Firefox,IE)
Module54:ProxyServerTechnologies
Module55:DataLossPrevention
Module56:HackingGlobalPositioning
System(GPS)
Module57:ComputerForensicsand
IncidentHandling
Module58:CreditCardFrauds
Module59:HowtoStealPasswords
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
09
CommonBodyofKnowledge 67Mdulos(Cont.)
Module60:FirewallTechnologies
Module61:ThreatsandCountermeasures
Module62:CaseStudies
Module63:Botnets
Module64:EconomicEspionage
Module65:PatchManagement
Module66:SecurityConvergence
Module67:IdentifyingtheTerrorist
Osea,muchsimos
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
10
Currculadelcurso
ConceptosdelHacking
Hacking101
Hacking&Software
InternetHacking
SystemHacking
DeviceHacking
NetworkHacking
PenetrationTesting
HackingPrevention
WebHacking
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
11
Contenidosincludosenelcurso
Teora
Prctica
Debates
Demostraciones
Autoestudio
Mailings
Workshops
Materiales
Exmenes
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
12
PreguntadeExamenEjemplo 1
Inthecontextofpassword,whatisabruteforceattack?
A. Youblackmailsomeonetomakethemgiveuptheirpassword
B. Youcreatehashesofalargenumberofwordsandcompareitwith the
encryptedpasswordvalue
C. Youtryeverysinglepossibility
D. Youwaituntilthepasswordexpires
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
13
PreguntadeExamenEjemplo 2
Whatportswouldyoublockonyourfirewalltoensurethat
NetBIOStrafficisNOTcomingthroughthefirewallifyouhave
amixedWindowsNT,2000and2003environment?
(Chooseallthatapply)
A.21
B.25
C.53
D.110
E.111
F.135
G.139
H.389
I.445
J.1024
K.1434
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
14
PreguntadeExamenEjemplo 3
Yourassessmentteamisconductingapentestagainsta
company'sinternalwebsite.Oneoftheteammembers
receivedthefollowingerrorswhilereviewingthesite:
"MicrosoftOLEDBProviderforODBCDriverserror80040e14.
Whatdoesthismean?
A. ThesiteisvulnerabletotheUnicodeexploit
B. ThesiteisvulnerabletoSQLinjection
C. Theteammemberhasattemptedtoaccesstheglobal.asafileandhascaused
abufferoverflow
D. Theteammemberhasaccessedawebpagethatcontainsawebbugorerror
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
15
BeneficiosdecertificarCEH
Paraelprofesional:
Adquirirconocimientos
Diferenciarsedelresto
Posibilidaddeaplicaraunmejorempleo
Demostraraprendizajeyexperienciaenelrea
Paralaorganizacin:
Cumplirconnormasy/oregulaciones
Diferenciarsedelresto
Crecerenelmercado
Afianzarsuimagenycalidaddeservicioantepotencialesclientes
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
16
Referencias
http://www.eccouncil.org
http://www.cccure.org
http://www.wikipedia.org
http://www.amazon.com
http://www.mkit.com.ar
http://www.matiaskatz.com
Mailsalprofe
CertifiedEthicalHackerTraining IntroduccinaCEH
Copyright MkitArgentina www.mkit.com.ar
17