Best Seller!
312-50: CEH Certified Ethical Hacker (312-50v9)

312-50: CEH Certified Ethical Hacker (312-50v9) Certification Video Training Course

312-50: CEH Certified Ethical Hacker (312-50v9) Certification Video Training Course includes 182 Lectures which proven in-depth knowledge on all key concepts of the exam. Pass your exam easily and learn everything you need with our 312-50: CEH Certified Ethical Hacker (312-50v9) Certification Training Video Course.

404 Students Enrolled
182 Lectures
15:48:58 hr

Curriculum for ECCouncil CEH 312-50 Certification Video Training Course

312-50: CEH Certified Ethical Hacker (312-50v9) Certification Video Training Course Info:

The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including 312-50: CEH Certified Ethical Hacker (312-50v9) Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.

Ethical Hacking Overview

9. MetaData

The next lecture is going to be on metadata. Now, metadata is typically described as data about data. Now, metadata describes what is on the envelope as opposed to what is inside the envelope. It all boils down to a 1979 Supreme Court decision that ruled that telephone numbers we dial are essentially like addresses on the outside of an envelope. No privacy is inferred except on the inside of the envelope. You have protections against somebody opening up your envelope, but not necessarily from somebody reading the outside of the envelope. But think about it: how much information could we actually glean just from that particular envelope? I can tell you right now, just from experience, if I receive a letter from the IRS, I'm going to be very concerned. If my wife were to receive a letter from the IRS, I would be very concerned for her. It's not necessarily because I know what's on the inside of the envelope, just simply because it came from an individual company or group within the government. That typically denotes fear within a lot of people. Humans are actually the key to this vulnerability. Governments are going to monitor us for communication to try and keep us safe. And social engineering is absolutely the key to this. Now I want you to take a look at a logical flow of distributed metadata. Now the metadata that I'm going to use in this example is simply going to be a file. Now we know that a file is nothing more than a number of discrete allocation units. You may call it a block; you may call it a sector; you may call it a cluster. But for this particular explanation, I don't really care what you call it. I'm going to call it an allocation unit. All right? It starts off at a root area. So in other words, one starting spot And here is one of these allocation units. All right? It's going to then point to another allocation unit. And that allocation unit may point to a file. And that file may have multiple allocation units that make up that file. So let's go back to the start. You can see here if we have any metadata about this data. The metadata could indicate that it is every one off the root. It may have things like the day that it was created, the day that it was modified, or any attributes that it has. If it is on a network system or a high-performance file system of some kind, it may also have permissions that are associated with it. The next step down is more directory data. So it's where it resides within the directory structure. Then, when we get down to the file, it's going to have information about the file itself and, again, all the different allocation units that make up that file. So I can see information about this particular file without ever opening that file.

10. Types of PenTests

The types of penetration testing will be discussed in the following lecture. Now we're going to start off with the various terms. So let's start off with a black box test. A black box test is going to assume you know nothing about the organization. A lot of times I'm given a black-box test to do. And then, once I've gathered as much information as possible about that particular organisation and its functionality and all of that type of stuff that I can glean from them without them actually telling me themselves, I go ahead and compare my notes with them to what they would have given me in a white box test. in a white box test, where it provides the testers with complete knowledge of the infrastructure. You could think of it as providing you with the viz, diagrams, source code, IP, and addressing information. Basically, it's a completely open book. You still have to try to break in, but it's much easier to do now. And then the grape box test is somewhere in between. So, to summarise in a nutshell, a black box penetration test versus a white box penetration test. One of the common questions we get from our clients is about what the differences are. Whitebox testing, also known as "clearbox testing" or "glass box testing," is a penetration testing approach that uses the knowledge of the internals of the target system to elaborate the test cases. In application penetration tests, the source code is frequently provided alongside the design information, interviews with developers and analysts, basically anything that we want to know, we're basically given that information in infrastructure, penetration tests, network maps, infrastructure details, and the like. The goal of the white box penetration test is to provide as much information as possible to the penetration tester so that he or she can gain insight and understanding of the system and elaborate the test based on it. Now, the white box penetration test obviously has some clear benefits and provides us with deep and thorough testing. It also maximises the testing time. Generally, when you're doing a pen test, they like to break the pen test into five-day segments. Now, that's not always the case, but it just seems like that's about what it is. You're usually given about five days to complete the onsite portion of the penetration test. The faster that you need to go generally ishow much more resources you have to do it. So in other words, you need to bring more people to do the pen test because having one person do the pen test is just not going to be realistic or be able to cover all the things that may need to get done in five days or in a week. Sometimes the pen tests, if it's a red team pen test, meaning we're going to test everything, may take us two weeks. It just depends on the size of the organization. So there are also some disadvantages to doing a white test. It's not really a realistic attack as the penetration tester is not in the same position as a non-informed potential attacker. A black box penetration test requires no previous information and usually takes on the approach of an uninformed attacker. In a black box penetration test, the penetration tester has no previous information about the target system. So the benefits of this type of attack are that it simulates a very realistic scenario. The disadvantage of the black box penetration test, of course, is that testing time can't be maximised in certain situations. Some areas of the infrastructure might have to go untested. When commissioning a penetration test, there's not really any right or wrong decision about whether you use a black box or a white box, or possibly even a grey box, which is kind of something in between. It really depends on the scenario that needs to be tested. Now, consider whether the penetration testing will be an internal test, which basically means we'll consider it to be inside the perimeter of security of a company, and you'll notice I didn't say inside the company. With the advent of the cloud, your resources may be all over the map, so they would need to fall inside of it. An external penetration test is considered to be outside of that perimeter of security. An external penetration test can generally be done from anywhere. An internal penetration test, you either need to haveequipment that is shipped to them and then finallywe have something called an unannounced pen test. This is going to be able to test the response capabilities of the organization.

11. Types of Hackers

In this lecture, we're going to talk about the different types of hackers. Of course, the one you probably heard about most often is someone called the "black hat hacker." They're regarded as evil underground villains. They are the person who will go to any length to gain access to your network and break in. They don't care how much damage it may do. We also have something called the "grey hat hacker." And this is kind of in between the black hat and the white hat. Perhaps someone who acts offensively at times, in good faith at others, and defensively at others. I've been told that these individuals may have been black hats at one time and are now doing things on the good side. And some people may refer to that as a "great hat hacker." Kevin Nitnick may be a good example of this because he spent several years in prison for his black hat activities. But now he typically works with the FBI and the FBI.Maybe they trust him, maybe they don't. Now, here's a bit of trivia for you. Where do you think the terms "blackhat" and "white hat" actually came from? Now, if you've guessed that the white hat came from the old Western movies, the guy wearing the white hat was the good guy. The guy wearing the black hat was always the bad guy, whether or not you guessed correctly, because that's exactly where it came from.

12. Common Definitions

In this lecture, let's cover just a few common definitions and terms. The black-hat hacker is frequently referred to as a cracker. Now, this can actually be a derogatory term in some cultures, but it actually stands for a criminal hacker. Hence the term "cracker." The hacker in reality is someone whois just interested in how things work. Hollywood has actually made the term "hacker" something that seems to be villainous or underground. Hacktivism means hacking for a cause. They actually want something to be brought out. A good case in point here are the anonymous folks. Now, a lot of times during the course, you'll hear me use the term "attacker." This just simply states anyone trying to break incould be a pen tester, could be a cracker. It's basically an all-encompassing word to mean either one or both. Another thing you'll typically see is the rationale. The penetration test should be carried out on any computer system that is to be deployed into a hostile environment. For example, in the DMZ or on the Internet. In most pentest courses, in most security courses,you'll often see them quote the book fromThe Sun The Art of War. One of the things he's famous for stating is that if you know the enemy and you know yourself, you need not fear the result of 100 battles. Basically, it's saying that you have to think like a hacker in order to catch a hacker.

13. Hacker vs. Penetration Tester

Now in this lecture, we're going to actually compare the hacker to the penetration tester. On our left side of our column, you can see that the hacker has all these attributes, and the Pentagon also has its version of these attributes. So let's compare the two. The hacker has absolutely, absolutely no code of ethics whatsoever. He can do anything without regard to what kind of information you may lose or what kind of overtime this may cost you anything.It doesn't make any difference to the hacker. They're not interested in what kinds of things this may cause you. To do. The penetration tester has to follow a strict code of ethics. He also has a certain scope of work that he must fall inside of.And sometimes this can lead you into a little trouble because the scope of the work will actually become narrower and narrower. So I may be told that, okay, you can only test from five in the evening till seven in the evening because we have to start our backups right after that and they're not going to finish before the morning. And sometimes, due to this window of opportunity, it's almost unrealistic to do your penetration test. So sometimes it gets to be very difficult to do that. Now the next one is a hacker, completely unauthorised, whereas with a penetration tester, you have to have signed authorization in order to be able to do the things that you're doing. Otherwise, it's absolutely illegal. The hacker can typically try any technique without regard to what's going to happen. Penetration tester, you've got that scope of work, and if it's within scope, you can do it. If it's not within scope, unfortunately, you can't. A hacker tries to circumvent any type of logging or the penetration tester. You've got to log all of your activity. every single thing that you do. Myself, what I typically do is start recording, and I can't tell you how many times this has bailed me out. Because the first thing that happens is that whenever you go in to do a penetration test, you're going to get blamed for every single thing that goes wrong in that organisation that week. I don't care what it is. One time we got blamed for the coffee pot not working, and I just threw out my hands and had to give up. People typically want to blame what they don't understand. give you an example. Let's say you brought your car into the shop to have the brakes fixed. The very next day, the muffler falls off. More than likely you're going to bring it back to the shop and say, "What the heck did you do to my muffler?" And it's possible they may have done something to it; that's not necessarily exactly what happened. So you're going to get the blame for a lot of things. And if you have some way of being able to prove this is exactly what I've done, you're going to be in a lot better shape. I've known some penetration testers who have had to pay out a claim because the person they pentested believed they did this amount of damage when, in fact, they didn't. It was easier for them to pay out for the damage than it was for them to admit it. The hacker has no report at all. And I tell you, that's the best thing, because doing the pen test and going in and trying to find the vulnerabilities can be kind of fun. But boy, I tell you what, providing that detailed report is not fun at all. And the report needs to be substantial as well. If I were to go in with one sheet of paper and turn it into the company and say, "Your network really stinks; pay me," they're probably not going to feel they got a fair shake on it. So if the penetration test costs $25,000, for example, and I provided you with a one-page report of how I got in there, and it feels just a little bit shortchanged, you need to beef up that report. You need to have a number of things that are going to provide them with what they need. Now, the hacker also attempts to exploit vulnerabilities where the penetration tester attempts to correct the vulnerabilities. And you'll notice I put a little star up here because if you're following the OSSTMM model from Peter Herzog, he basically states that you should not correct any vulnerabilities. As a matter of fact, you can list the vulnerabilities, and you can explain to them how to fix them, but you really shouldn't be the one fixing them. The reason for that is that you could actually do a whole lot of work for yourself. Now, I'm going to tell you what the OSS TMM model or methodology actually says, but I'm then going to tell you there's a number of places that do high-level pen testing that actually tell you up front, and we're going to try and sell you our solutions to correct some of these vulnerabilities. Now, as long as they do it upfront and you know exactly what they're doing, I guess you could give them a pass on that. but according to the OSS TM, you're not supposed to. So you can take that however you want to. So the hacker is considered to be the bad guy, while the penetration tester is typically considered to be the good guy.

Read More

* The most recent comment are at the top
  • Abigail
  • Vietnam
  • Feb 11, 2019

Fantastic course! It has helped me to prepare and perform excellently in the EC-Council exam. I managed to score 87 percent in the exam. I'm looking forward to commencing a career in the field of information security.

  • Feb 11, 2019
  • Liam
  • Canada
  • Feb 09, 2019

The course was really interesting. The content is very detailed and informative. I am now able to protect the systems of our firms against malicious attacks. You’ve made me proud guys.

  • Feb 09, 2019
  • Isabella
  • United States
  • Feb 05, 2019

EC-Council 312-50 is a great course. It provides the learners with all details they may need regarding hacking. I would recommend this course to any individual who wishes to become a professional hacker.

  • Feb 05, 2019
  • Grace
  • United States
  • Jan 30, 2019

I have benefited a lot from this course. I am now knowledgeable about the cryptography and encryption techniques. I’m very happy that I can manage to ensure effective protection of critical data of our firm.

  • Jan 30, 2019
  • David
  • Belgium
  • Jan 20, 2019

I liked the way the instructor explains the concepts contained the course. The instructor has simplified them in such a way that I definitely understood them. I actually compliment the work of the instructor.

  • Jan 20, 2019

Add Comments

Feel Free to Post Your Comments About EamCollection's ECCouncil CEH 312-50 Certification Video Training Course which Include ECCouncil 312-50 Exam Dumps, Practice Test Questions & Answers.

Only Registered Members Can Download VCE Files or View Training Courses

Please fill out your email address below in order to Download VCE files or view Training Courses. Registration is Free and Easy - you simply need to provide an email address.

  • Trusted By 1.2M IT Certification Candidates Every Month
  • VCE Files Simulate Real Exam Environment
  • Instant Download After Registration.
Please provide a correct e-mail address
A confirmation link will be sent to this email address to verify your login.
Already Member? Click Here to Login

Log into your ExamCollection Account

Please Log In to download VCE file or view Training Course

Please provide a correct E-mail address

Please provide your Password (min. 6 characters)

Only registered members can download vce files or view training courses.

Registration is free and easy - just provide your E-mail address. Click Here to Register


ExamCollection Premium

ExamCollection Premium Files

Pass your Exam with ExamCollection's PREMIUM files!

  • ExamCollection Certified Safe Files
  • Guaranteed to have ACTUAL Exam Questions
  • Up-to-Date Exam Study Material - Verified by Experts
  • Instant Downloads
Enter Your Email Address to Receive Your 10% Off Discount Code
A Confirmation Link will be sent to this email address to verify your login
We value your privacy. We will not rent or sell your email address


Use Discount Code:


A confirmation link was sent to your e-mail.
Please check your mailbox for a message from and follow the directions.


Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.