CEHv12 (Certified Ethical Hacker (CEHv12) Eğitimi) , siber güvenlik uzmanlarının etik bir şekilde sistemleri test ederek güvenlik açıklarını tespit etmelerini ve bu açıkları gidermelerini sağlayan kapsamlı bir eğitim programıdır.

Eğitim İçeriği

• Module 1: Introduction to Ethical Hacking
  Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.
• Module 2: Foot Printing and Reconnaissance
  Learn how to use the latest techniques and tools to perform foot printing and reconnaissance, a critical pre-attack phase of the ethical hacking process.
• Module 3: Scanning Networks
  Learn different network scanning techniques and countermeasures.
• Module 4: Enumeration
  Learn various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, and associated countermeasures.
• Module 5: Vulnerability Analysis
  Learn how to identify security loopholes in a target organization’s network, communication infrastructure, and end systems. Different types of vulnerability assessment and vulnerability assessment tools.
• Module 6: System Hacking
  Learn about the various system hacking methodologies—including steganography, steganalysis attacks, and covering tracks—used to discover system and network vulnerabilities.
• Module 7: Malware Threats
  Learn different types of malware (Trojan, virus, worms, etc.), APT and fileless malware, malware analysis procedure, and malware countermeasures.
• Module 8: Sniffing
  Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks.
• Module 9: Social Engineering
  Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures.
• Module 10: Denial-of-Service
  Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections.
• Module 11: Session Hijacking
  Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.
• Module 12: Evading IDS, Firewalls, and Honeypots
  Get introduced to firewall, intrusion detection system (IDS), and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures.
• Module 13: Hacking Web Servers
  Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.
• Module 14: Hacking Web Applications
  Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.
• Module 15: SQL Injection
  Learn about SQL injection attacks, evasion techniques, and SQL injection countermeasures.
• Module 16: Hacking Wireless Networks
  Understand different types of wireless technologies, including encryption, threats, hacking methodologies, hacking tools, Wi-Fi sedcurity tools, and countermeasures.
• Module 17: Hacking Mobile Platforms
  Learn Mobile platform attack vector, android and iOS hacking, mobile device management, mobile security guidelines, and security tools.
• Module 18: IoT Hacking
  Learn different types of IoT and OT attacks, hacking methodology, hacking tools, and countermeasures.
• Module 19: Cloud Computing
  Learn different cloud computing concepts, such as container technologies and server less computing, various cloud computing threats, attacks, hacking methodology, and cloud security techniques and tools.
• Module 20: Session Hijacking
  Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.

Ethical Hacking Nedir?

Ethical hacking, bilgisayar sistemlerinde güvenlik açıklarını (security flaws) ve güvenlik zafiyetlerini (security vulnerabilities) tespit etmek amacıyla yapılan, yetkili kişiler tarafından gerçekleştirilen bir siber saldırı testidir. Ethical hacker’lar, penetration tests (sızma testleri) yaparak, sistemdeki zayıf noktaları belirler ve bu zafiyetlere karşı güvenlik önlemleri (security measures) almayı sağlar. Ayrıca, açık portları (open ports) tarayarak (scan for open ports) güvenlik açıklarını tespit eder ve SQL enjeksiyonları (SQL injections) gibi yaygın saldırı yöntemleriyle sisteme izinsiz erişim (gain unauthorized access) sağlamaya çalışan kötü niyetli hacker’lara karşı savunma stratejileri geliştirir.

Bu tür testler, gerçek dünya (real world) senaryolarını simüle ederek, ağların ve yazılımların dayanıklılığını artırır. Black hat hackers (kötü niyetli hacker’lar) genellikle yasa dışı yollarla sisteme sızmayı amaçlarken, white hat hackers (beyaz şapkalı hacker’lar) ve penetration testers (sızma testi uzmanları) etik kurallara uygun şekilde güvenlik açıklarını tespit eder. Grey hat hackers, bazen etik sınırları zorlayarak sızma testleri gerçekleştirir, ancak nihai hedefleri güvenliği artırmak olan profesyonellerdir.