Certified Ethical Hacker - CEH

This lab is designed to introduce learners to the fundamentals of ethical hacking, hacker classifications, cyber attacks, CEH methodology, Cyber Kill Chain, cyber laws, and TTPs.

Session hijacking is a security vulnerability where an attacker gains unauthorized access to a user’s active session by stealing or manipulating the session identifier. This module explains how sessions work in web applications, the common techniques used by attackers to hijack them, and the potential risks involved, such as unauthorized account access and data theft. It also covers key preventive measures to secure sessions and protect user authentication.

Footprinting is the process of collecting information about a target system, organization, network, or individual before performing an attack or security assessment. It is considered the first phase of ethical hacking and reconnaissance.

Scanning is the process of identifying active systems, open ports, running services, and available network resources on a target machine or network. It is one of the earliest stages of a penetration test or security assessment.

Enumeration is the process of extracting detailed information from identified services, systems, and applications. Enumeration goes deeper than scanning.

This module introduces the basics of Wi-Fi security testing and WPA/WPA2 password auditing in a controlled environment. Learners explore wireless authentication, capture WPA handshakes, analyze network details, and perform dictionary attacks using tools like Aircrack-ng to understand wireless security vulnerabilities and password strength.

This lab is designed to teach learners how modern network defense systems work in real-world environments. The lab gradually moves from basic concepts to advanced detection, prevention, evasion, and defensive strategies. Each section focuses on a specific technology or security concept so users can build knowledge step-by-step in a structured and professional manner.

Learn the core concepts of vulnerability assessment, including identifying, analyzing, and prioritizing security weaknesses in systems, networks, and applications. Understand how security professionals discover vulnerabilities, assess risk levels, and support remediation efforts to strengthen organizational security.

It is designed to provide learners with theoretical knowledge of different malware threats, attack techniques, and defensive concepts used in cybersecurity environments. The lab will focus on professional content presentation, scenario-based questions, and short-answer assessments. Each section will contain detailed learning content followed by shuffled questions and answers.

Social engineering is the practice of manipulating human behavior to gain unauthorized access to information, systems, or physical environments. Unlike traditional cyberattacks that focus on exploiting technical vulnerabilities, social engineering attacks exploit trust, psychology, emotions, and human decision-making. Modern cybercriminals often combine reconnaissance, impersonation, and communication-based manipulation techniques to increase the effectiveness of attacks.

SQL Injection (SQLi) is a web security vulnerability where attackers inject malicious SQL code into application input fields to manipulate backend databases.

Explore the fundamentals of web application security by learning how attackers identify and exploit common vulnerabilities in websites and online platforms. In this module, participants will gain hands-on experience with authentication flaws, insecure inputs, session manipulation, and other real-world web security issues while understanding how to defend against them. Perfect for beginners looking to build practical offensive and defensive cybersecurity skills.

IoT (Internet of Things) Hacking refers to the process of identifying, analyzing and testing security vulnerabilities in internet-connected smart devices and embedded systems. These devices communicate over networks and exchange data automatically with minimal human interaction.

Cryptography is the science of securing information and communications through the use of mathematical algorithms, encryption techniques and cryptographic keys. It ensures that sensitive information remains protected from unauthorized access, modification or disclosure.

System hacking refers to the process of identifying vulnerabilities and exploiting weaknesses within operating systems, authentication mechanisms, applications, or user configurations to gain unauthorized access to computer systems.

Cloud computing is the delivery of computing services such as servers, storage, databases, networking, software, analytics, and intelligence over the internet. Instead of owning and maintaining physical infrastructure, organizations can access these resources on demand from cloud service providers.

Sniffing is one of the most important concepts in network security and traffic analysis. In modern computer networks, data continuously travels between systems in the form of packets. Understanding how these packets move, how they can be captured, and how attackers misuse network communication is essential for cybersecurity professionals.

Web Server Hacking refers to the process of identifying, analyzing and exploiting security vulnerabilities in web servers, hosted applications and server-side services. Web servers are responsible for hosting websites, web applications and online services accessible over the internet.

Mobile devices have become one of the most targeted technologies in modern cybersecurity because they store sensitive information such as credentials, authentication tokens, banking details, and enterprise data. This section introduces the architecture of mobile platforms and explains how Android and iOS applications interact with operating systems, APIs, local storage, and cloud environments.

A Denial of Service (DoS) attack is a cyberattack designed to disrupt the availability of systems, applications, or network services by exhausting critical resources such as bandwidth, CPU power, memory, or connection tables. Unlike attacks that focus on data theft, DoS attacks primarily target accessibility and operational continuity.