mile2® Store

Certified Professional Ethical Hacker Professional


Course Overview

  • 5 Days
  • $3,000
  • 40 CPE Credits

The Certified Professional Ethical Hacker course is the introductory training to mile2’s line of penetration testing courses and certifications. The course training helps students gain a valuable skill-set in penetration testing by understand the importance of vulnerability assessments and ethical hacking through:

  1. Learning the knowledge and skills behind a vulnerability assessment.
  2. Preparation to apply this knowledge and exercise these skills in the interest of others.
  3. Understand the importance of a Vulnerability Assessment and how it can help you prevent serious break-ins to your organization.

This is accomplished by:

  • Performing in-depth labs with industry standard tools.
  • Learning the penetration testing methodology through conceptual theories and real-world practices.
  • Equipping you with the knowledge about what hackers look for when trying to hack into your network.
  • Assessing for the cause of testing your company’s security posture to help better secure the infrastructure against intrusion.


Upon Completion

Students will:

  • Have knowledge to perform ethical hacking for vulnerability assessments.
  • Have knowledge to accurately report on their findings.
  • Be ready to sit for the C)PEH Exam


Course Content

With 14 Modules and 5 appendices, the C)PEH will not only teach you the know-how of penetration testing, but you'll have real-world experience to solidify what you have learned.

Click on a module or appendix to view its agenda.

Part 1 Fundamentals

1: Security Fundamentals

The Growth of Environments and Security
Our Motivation…
The Goal: Protecting Information!
CIA Triad in Detail
Approach Security Holistically
Security Definitions
Definitions Relationships
Method: Ping
The TCP/IP Stack
Which Services Use Which Ports?
TCP 3-Way Handshake
TCP Flags
Types of Malware
Types of Viruses
More Malware: Spyware
Trojan Horses
Back Doors
Packet Sniffers
Passive Sniffing
Active Sniffing
Firewalls, IDS and IPS
Firewall – First
Line of Defense
IDS – Second Line of Defense
IPS – Last Line of Defense?
Firewall Types: (1) Packet Filtering
Firewall Types: (2) Proxy Firewalls
Firewall Types – Circuit-Level Proxy Firewall
Type of Circuit-
Level Proxy – SOCKS
Firewall Types –
Application-Layer Proxy
Firewall Types: (3) Stateful
Firewall Types: (4) Dynamic Packet-Filtering
Firewall Types: (5) Kernel Proxies
Firewall Placement
Firewall Architecture Types – Screened Host
Multi- or Dual-Homed
Screened Subnet
Wi-Fi Network Types
Wi-Fi Network Types
Widely Deployed Standards
Standards Comparison
802.11n: MIMO
Overview of Database Server

2: Access Controls

Role of Access Control
More Definitions
Categories of Access Controls
Physical Controls
Logical Controls
“Soft” Controls
Security Roles
Steps to Granting Access
Access Criteria
Physical Access
Control Mechanisms
Biometric System Types
Synchronous Token
Asynchronous Token Device
Memory Cards
Smart Card
Cryptographic Keys
Logical Access Controls
OS Access Controls
Linux Access Controls
Accounts and Groups
Password &
Shadow File Formats
Accounts and Groups
Linux and UNIX Permissions
Set UID Programs
Trust Relationships

3: Protocols

Protocols Overview
OSI – Application Layer
OSI – Presentation Layer
OSI – Session Layer
OSI: Transport Layer
OSI – Network Layer
OSI – Data Link
OSI – Physical Layer
Protocols at
Each OSI Model Layer
TCP/IP Suite
Port and Protocol Relationship
Conceptual Use of Ports
UDP versus TCP
Protocols – ARP
Protocols – ICMP
Network Service – DNS
SSH Security Protocol
Protocols – SNMP
Protocols – SMTP
Packet Sniffers
Example Packet Sniffers

4: Cryptography

Cryptographic Definitions
Encryption Algorithm
Symmetric Encryption
Symmetric Downfalls
Symmetric Algorithms
Crack Times
Asymmetric Encryption
Public Key
Cryptography Advantages
Algorithm Disadvantages
Algorithm Examples
Key Exchange
Symmetric versus Asymmetric
Using the
Algorithm Types Together
Instructor Demonstration
Common Hash Algorithms
Birthday Attack
Example of a Birthday Attack
Generic Hash Demo
Instructor Demonstration
Security Issues in Hashing
Hash Collisions
MD5 Collision Creates
Rogue Certificate Authority
Hybrid Encryption
Digital Signatures
SSL Connection Setup
SSL Hybrid Encryption
IPSec: Network Layer Protection
Public Key Infrastructure
Quantum Cryptography
Attack Vectors
Network Attacks
More Attacks (Cryptanalysis)

Part 2 Vulnerability Assessments

5: Why Vulnerability Assessments?

What is a
Vulnerability Assessment?
Vulnerability Assessment
Benefits of a
Vulnerability Assessment
What are Vulnerabilities?
Security Vulnerability Life Cycle
Compliance and Project Scoping
The Project
Overview Statement
Project Overview Statement
Assessing Current
Network Concerns
Vulnerabilities in Networks
More Concerns
Network Vulnerability
Assessment Methodology
Network Vulnerability
Assessment Methodology
Phase I: Data Collection
Phase II: Interviews, Information Reviews, and Hands-On Investigation
Phase III: Analysis
Analysis cont.
Risk Management
Why Is Risk
Management Difficult?
Risk Analysis Objectives
Putting Together
the Team and Components
What Is the Value of an Asset?
Examples of Some Vulnerabilities that Are Not Always Obvious
Categorizing Risks
Some Examples
of Types of Losses
Different Approaches
to Analysis
Who Uses What?
Qualitative Analysis Steps
Quantitative Analysis
ALE Values Uses
ALE Example
ARO Values and Their Meaning
ALE Calculation
Can a Purely Quantitative Analysis Be Accomplished?
Comparing Cost and Benefit
Countermeasure Criteria
Calculating Cost/Benefit
Cost of a Countermeasure
Can You Get Rid of All Risk?
Management’s Response to Identified Risks
Liability of Actions
Policy Review
(Top-Down) Methodology
Policy Types
Policies with Different Goals
Industry Best
Practice Standards
Components that Support the Security Policy
Policy Contents
When Critiquing a Policy
Technical (Bottom-Up)

6: Vulnerability Tools of the Trade

Vulnerability Scanners
SAINT – Sample Report
Tool: Retina
Qualys Guard
Tool: LANguard
Microsoft Baseline Analyzer
MBSA Scan Report
Dealing with Assessment Results
Patch Management Options

7: Output Analysis and Reports

Staying Abreast: Security Alerts
Vulnerability Research Sites
SAINT Reports
GFI Languard
GFI Reports
MBSA Reports

Part 3 Ethical Hacking

8: Reconnaissance, Enumeration and Scanning

Reconnaissance Overview
Step One in the
Hacking “Life-Cycle”
What Information is
Gathered by the Hacker?
Passive vs. Active Reconnaissance
Footprinting Defined
Social Access
Social Engineering Techniques
Social Networking Sites
People Search Engines
Internet Archive:
The WayBack Machine
Footprinting Tools Overview
Maltego GUI
Google (cont.)
Domain Name Registration
WHOIS Output
DNS Databases
Using Nslookup
Traceroute Operation
Web Server Info Tool: Netcraft
Introduction to Port Scanning
Which Services
use Which Ports?
Port Scan Tips
Port Scans Should Reveal…
Popular Port Scanning Tools
Ping (Is the host online?)
Stealth Online Ping
TCP 3-Way Handshake
TCP Flags
TCP Connect Port Scan
Half-open Scan (SynScan)
Firewalled Ports
NMAP TCP Connect Scan
Enumeration Overview
Web Server Banners
DNS Enumeration
SNMP Insecurity
SNMP Enumeration Tools
SNMP Enumeration Countermeasures
Active Directory Enumeration
AD Enumeration Countermeasures
Null Sessions
Viewing Shares
Tool: DumpSec
Tool: Enumeration
with Cain and Abel
Null Session
Countermeasures (cont.)

9: Gaining Access

How Do Exploits Work?
Physical Access Attacks
Lock Picking
Tool Kit: Torque Wrench
Tool Kit: Picks
Tool Kit: Snap Gun
Tool Kit: Electric Pick
Internal Mechanism
Pin Tumblers
Pin Tumblers
Binding Pin
Binding Order
Bump Keying
Shimming Door Locks
Padlock Shims
Shock Energy
Lock Picking Countermeasures
The Metasploit Project
Defense in Depth
Instructor Demonstration
SaintExploit at a Glance
SaintExploit Interface
Core Impact Overview
Core Impact

10: Maintaining Access

Back Doors
Backdoor via Rootkits
Linux Backdoor via Rootkits
Linux Backdoor via Rootkits
Windows RootKit Countermeasures
Tool: Netcat
Netcat Switches
Netcat as a Listener

11: Covering Tracks

Covering Tracks Overview
Disabling Auditing
Clearing and Event Log
Hiding Files with
NTFS Alternate Data Stream
NTFS Streams Countermeasures
Stream Explorer
What is Steganography?
Steganography Tools
Shedding Files Left Behind
Leaving No Local Trace
More Anonymous Software
StealthSurfer II Privacy Stick
Tor: Anonymous Internet Access
Encrypted Tunnel Notes

12: Malware

Distributing Malware
Malware Capabilities
Countermeasure: Monitoring Autostart Methods
Tool: Netcat
Netcat Switches
Netcat as a Listener
Executable Wrappers
Benign EXE’s Historically Wrapped with Trojans
Tool: Restorator
Tool: Exe Icon
The Infectious CD-Rom Technique
Trojan: Backdoor.Zombam.B
Trojan: JPEG GDI+ All in One Remote Exploit
Advanced Trojans: Avoiding Detection
Malware Countermeasures
Gargoyle Investigator
Spy Sweeper Enterprise
CM Tool: Port Monitoring Software
CM Tools: File Protection Software
CM Tool: Windows File Protection
CM Tool: Windows Software Restriction Policies
CM Tool: Hardware Malware Detectors
Countermeasure: User Education

13: Buffer Overflows

Buffer Overflow Definition
Overflow Illustration
Buffer Overflows
Memory Organization
How Buffers and Stacks
Are Supposed to Work
Stack Function
How a Buffer Overflow Works
Buffer Overflows
Secure Code Review

14: Password Cracking

Attack Vectors
Unix Passwords and Encryption
Password Cracking Tools
NAT Dictionary Attack Tool
Password Guessing
Password Cracking
LM/NTLM Hashes
LM Hash Encryption
NT Hash Generation
Windows Syskey Encryption
Creating Rainbow Tables
Free Rainbow Tables
NTPASSWD:Hash Insertion Attack
Password Sniffing
Sniffing Remote Passwords
Tool: Cain and Abel


1: Economics and Law

Attack Vectors
Unix Passwords and Encryption
Password Cracking Tools
NAT Dictionary Attack Tool
Password Guessing
Password Cracking
LM/NTLM Hashes
LM Hash Encryption
NT Hash Generation
Windows Syskey Encryption
Creating Rainbow Tables
Free Rainbow Tables
NTPASSWD:Hash Insertion Attack
Password Sniffing
Sniffing Remote Passwords
Tool: Cain and Abel

2: Vulnerability Types

Critical Vulnerabilities
Critical Vulnerability Types
Buffer Overflows
URL Mappings
to Web Applications
IIS Directory Traversal
Format String Attacks
Default Passwords
Known Backdoors
Information Leaks
Memory Disclosure
Network Information
Version Information
Path Disclosure
User Enumeration
Denial of Service
Best Practices

3: Assessing Web Servers

Web Servers
Accessible Web Servers
Identifying and Assessing
Reverse Proxy Mechanisms
Proxy Mechanisms
Identifying Subsystems
and Enabled Components
Basic Web Server Crawling
Web Application
Technologies Overview
Web Application Profiling
HTML Sifting and Analysis
Active Backend
Database Technology Assessment
Why SQL “Injection”?
Web Application
Attack Strategies
Web Application Vulnerabilities
Authentication Issues
Parameter Modification
SQL Injection: Enumeration
SQL Extended Stored Procedures
Shutting Down SQL Server
Direct Attacks
SQL Connection Properties
Attacking Database Servers
Obtaining Sensitive Information
URL Mappings
to Web Applications
Query String
Changing URL Login Parameters
URL Login Parameters Cont.
IIS Directory Traversal
Cross-Site Scripting (XSS)
Web Security Checklist

4: Assessing Remote & VPN Services

Assessing Remote & VPN Services
Remote Information Services
Retrieving DNS
Service Version Information
DNS Zone Transfers
Forward DNS Grinding
Default Community Strings
RPC rusers
Remote Maintenance Services
X Windows
Microsoft Remote
Desktop Protocol
Assessing IP VPN Services
Microsoft PPTP

5: Denial of Service

DDoS Issues
Zombie Definition
DDoS Attack Types
Wifi Denial of Service (DoS)
Evading The Firewall and IDS
Evasive Techniques
Firewall – Normal Operation
Evasive Technique:Example
Evading With Encrypted Tunnels
Man-in-the-middle Attacks
ARP Cache Poisoning
ARP Normal Operation
ARP Cache Poisoning
ARP Cache Poisoning (Linux)
Tool: Cain and Abel
What is DNS spoofing?
Tools: DNS Spoofing
Breaking SSL Traffic
Tool: Breaking SSL Traffic
Tool: Cain and Abel
Voice over IP (VoIP)
Intercepting VoIP
Session Hijacking


Class Format Options

Mile2 offers certification courses around the year and around the globe. You can attend in these ways:


Who Should Attend

The C)PEH is the introduction course in our Penetration Testing Track of security certifications. As an introductory course we have only one modest requirement: a desire to learn.

After students complete the C)PEH course and get certified, we recommend students to further develop their penetration testing skill-set by being certified as a:

C)PTE: Certified Penetration Testing Engineer by taking the course and passing exam. In the C)PTE, you'll gain more experience performing penetration test, learn advanced security topics, and be trained on industry standard tools that will set you apart as a security professional.


Exam Information

The Certified Professional Ethical Hacker exam is taken on-line through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your account. The C)PEH exam will take 2 hours and consist of 100 multiple choice questions. The cost is $400 USD and must be purchased from the store on

Purchase the exam

GTR Classes - C)PTE 11/30–12/4 REGISTER HERE C)IHE 12/07–12/11 REGISTER HERE
Toggle Bar