Class Details

Price: $3,995

10-Day Course Includes:

Enroll in this Course with Federal Training Dollars - Learn More!

  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Course retake option
  • Exam Voucher
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available throughout the day
  • Freshly baked cookies every afternoon - *only at participating locations

Course Outline

CEH Section

Introduction to Ethical Hacking

  • Information security overview
  • Skills of an ethical hacker
  • Hacking concepts and phases
  • Types of attacks
  • Information security threats, attack vectors, and controls
  • Information Assurance (IA)
  • Information Security Laws and Standards
  • Security Policies: types, HR/legal implications
  • Physical security
  • Threat modeling
  • Enterprise Information Security Architecture (EISA)
  • Network Security Zoning

Footprinting and Reconnaissance

  • Footprinting concepts, threats, attack vectors, and controls
  • Footprinting through Search Engines
  • Footprinting through Social Network sites
  • Website footprinting
  • Competitive Intelligence
  • WHOIS Footprinting
  • Footprinting tools

Scanning Networks

  • Scanning methodology, techniques, and countermeasures
  • Techniques for IDS evasion, scanning, HTTP tunneling, and IP spoofing
  • Drawing network diagrams--latest network discovery and mapping tools, network discovery tools for mobile
  • Proxing chaining--latest proxy tools, proxy tools for mobile


  • Protocols: NetBIOS, SNMP, LDAP, NTP, SMTP, DNS
  • Countermeasures
  • Techniques

System Hacking

  • Cracking passwords, escalating privileges, executing applications, hiding files and covering tracks
  • Steganography--application and classification, tools, methods/attacks on steganography, steganography detection tools

Malware Threats

  • Introduction to malware
  • Trojans--attacks, how to infect a system, crypters, how to deploy, latest types, analysis, countermeasures
  • Viruses--stages, types, latest virus maker, analysis, countermeasures
  • Worms--types, makers, analysis, countermeasures
  • Malware analysis
  • Antivirus tools
  • Penetration testing


  • Attacks: MAC, DHCP, and spoofing
  • Poisoning: ARP and DNS
  • Tools

Social Engineering

  • Concepts, techniques, impersonation, identity theft, and countermeasures
  • Phases of an attack
  • Common targets of an attack
  • Impersonation scenario
  • Computer based, mobile based, social networking based

Denial of Service

  • Concepts, case study, tools, attack techniques, and countermeasures
  • Botnet
  • Scanning methods for vulnerable machines
  • Detection Techniques and tools

Session Hijacking

  • Concepts, case study, tools, attack techniques, and countermeasures
  • Five stages of a web malware attack
  • Application level session hijacking
  • Network level session hijacking
  • TCP/IP Hijacking

Hacking Webservers

  • Web application threats
  • Concepts, hacking methodology, tools, and countermeasures
  • Analyze web applications
  • Web application pen testing

Hacking Web Applications

  • Concepts, methodologies, types of SQL injection, and countermeasures
  • Evasion techniques and tools
  • Information gathering

SQL Injection

  • Concepts, methodologies, types of SQL injection, advanced SQL injections, and countermeasures
  • Evasion techniques and tools

Hacking Wireless Networks

  • Concepts, encryption, threats, Bluetooth hacking, methodology, and countermeasures
  • Wireless security tools and hacking tools

Evading IDS, Firewalls, and Honeypots

  • Concepts and countermeasures
  • Honeypot, firewalls, IDS for mobile
  • Evading IDS, firewalls
  • Detecting honeypots

Cloud Computing

  • Concepts, methodologies, examples, detection, and countermeasures
  • Seperation of responsibilities
  • Virtualization
  • Threats and attacks
  • Cloud Security Control Layers
  • Tools
  • Cloud Penetration Testing


  • Concepts, encryption algorithms, email encryption, disk encryption and attaccks
  • Public Key Infrastructure (PKI)
  • Cryptanalysis and cryptography tools
  • Hash calculators for Mobile

ECSA Section

Security Analysis

  • Statistics and Impact of Vulnerabilities on Business
  • Challenges against Security Efforts
  • Challenges of and Simplifying Risks
  • Security Policies and Procedures
  • ISO 17799 Security Standards
  • Important Laws and Regulations to Information Security

Advanced Goggling Techniques

  • Google Penetration Testing
  • Software Error Messages
  • Default Pages
  • Techniques for Revealing Passwords
  • Locating Targets
  • Searching for Passwords

TCP/IP Packet Analysis

  • Advanced Techniques for Conducting TCP/IP Packet Analysis
  • TCP/IP Model of Networking and OSI Comparison
  • Addressing, Subnetting and Windowing of TCP/IP Packets
  • TCP/IP Protocols
  • TCP and UDP Port Numbers
  • Operation Sequencing Numbers – TCP and UDP 
  • ICMP Control Messages

Advanced Sniffing Methods

  • Wireshark – Features and IP Display Filters
  • Wireshark – Command Functions
  • Wireshark for Network Troubleshooting
  • Scanning Techniques

Nessus Vulnerability Analysis

  • Features of the Nessus Vulnerability Scanner
  • Nessus Assessment Process – Scanning, Enumeration and Vulnerability Detection
  • Plug-Ins and Report Generation
  • Security Center Features

Advanced Wireless Testing

  • Advanced Techniques for Wireless Penetration Testing
  • Wireless Concepts – Components and Standards
  • Wired Equivalent Privacy – Issues, Flaws and Security
  • Wireless Security Technologies – WPA, EAP, TKIP
  • Wireless Attacks and Tools – War Driving, Netstumbler and MITM

DMZ Design

  • Primary Techniques for DMZ Design
  • DMZ Concepts and Fundamentals for Design
  • DMZ Security Analysis
  • Windows DMZ Design
  • Sun Solaris DMZ Design
  • WLAN DMZ Design

Snort Analysis

  • Overview of Snort – Network Intrusion Prevention and detection System
  • Snort Features, Operation Modes, Configuration and Working
  • Snort Configuration Components – Variables, Preprocessors, Output Plugins and Rules
  • Snort Rules, Rule Header and Rule Options
  • Using Snort Rules and Tools to Write Rules 

Log Analysis

  • Overview of Log Analysis Techniques
  • Syslog
  • Web Server Logs
  • Router Logs
  • Wireless Network Devices Logs
  • Windows Logs
  • Linux Logs
  • SQL Server Logs
  • VPN Server Logs
  • Firewall Logs
  • IDS Logs
  • DHCP Logs

Advanced Exploits and Tools

  • Thorough Review of Common Vulnerabilities
  • Anatomy of an Exploit
  • Typical Overflow
  • Understanding, Strengths and Uses of Common Payload Generators and Exploitation Tools

Methods for Penetration Testing

  • Overview and Process of Penetration Testing 
  • Penetration Testing Strategies
  • Adopting a Methodology – Open, Flexible and Applicable
  • Pre-Attack, Attack and Post-Attack Phases of Penetration Testing

Customers and Legal Agreements

  • ‘Rules of Behavior’ – Outline the Internal and External Framework
  • “Get Out of Jail Card Free Card” Agreement
  • Nondisclosure Agreements
  • Negligence Claims
  • Planning a Crisis Management and Communications Strategy

Rules of Engagement

  • Obtaining Formal Permission for Pen Testing
  • Defining the Scope of ROE
  • Determining the Allowed and Prohibited Activities while Performing a Pen Test

Planning for and Scheduling a Penetration Testing

  • IEEE Std.829 for Software Testing Documentation
  • Kickoff Meeting
  • Creating a Clear Project Plan
  • Organizing a Work Breakdown Structure
  • Establishing the Timing and Duration Constraints for each Program within the Pen Test

Pre-Penetration Test Checklist (42 Steps)

Information Gathering

  • Effectively Collecting and Documenting the Pieces of Data Used

Vulnerability Analysis

  • Identify Weaknesses within the Network
  • Testing the Effectiveness of Security Measures
  • Active and Passive Assessment
  • Effective Tools for a Vulnerability Assessment

External Penetration Testing

  • Steps in the External Penetration Testing Process (83)
  • Scanning for Default Ports of various Services

Internal Network Penetration Testing

  • Steps in the Internal Network Penetration Testing Process (44)
  • Attempt Test for Every Machine in the Network
  • Core Impact – Automated Tool for Pen Testing
  • Metasploit
  • Canvas – Automated Tool
  • Vulnerability Scanning Tools
  • Document All Actions and Findings

Router and Switches Pen Testing

  • Overview of Routers and Router Testing
  • NSlookup
  • Nmap
  • Cisco Discovery Protocol (CDP)
  • Routing Information Protocol (RIP)
  • Router Misconfigurations

Firewall Penetration Testing

  • Overview of Firewalls
  • Types of Firewalls
  • Steps for a Firewall Pen Test (16)
  • Document Findings – Firewall Logs, Tools Output, Analysis and Recommendations

IDS Penetration Testing

  • Overview and Features of an IDS
  • Network-Based IDS
  • Application-Based IDS
  • IDS Informer Tests
  • Steps for IDS Penetration Testing (37)

Wireless Network Penetration Test

  • Wireless Threats, Assessment, Monitoring, Vulnerability
  • Wireless Penetration Testing Steps (12)
  • Wireless Penetration Testing Tools
  • Document all Findings and Results

Denial of Service Penetration Testing

  • Overview of DoS Attacks
  • DoS vs. DDoS Attacks
  • Steps to Running a DoS Attack Penetration Testing (11)
  • Effects of Launching a DoS Attack
  • Internet Scanner for DoS Vulnerabilities   
  • Mercury Quick Test Professional and Flame Thrower
  • Avalanche and Avalanche Analyzer
  • Web Testing Tools
  • Java Test Tools

Password Cracking

  • Overview of Passwords and Common Vulnerabilities
  • Password Cracking Techniques and Attack Types
  • Steps in Password Cracking (7)
  • Password Extraction Techniques and Tools

Social Engineering Pen Testing

  • Overview of and Requirements for Social Engineering
  • Steps of a Social Engineering Attack (20)

Pen Testing with Stolen Laptops, PDAs and Cell Phones

  • Laptop Theft and the Loss of Sensitive Information
  • Steps for Penetration Testing (9)
  • Attempt to Enable Wireless

Application Penetration Testing

  • Application Testing
  • Overview of Defects
  • Design Testing
  • Web Application Penetration Testing Steps (35)
  • Testing Tools

Physical Security Penetration Testing

  • Overview and Steps of a Physical Attack (47)
  • Document all Findings

Database Pen Testing

  • Overview and Steps of a Database Penetration Test (9)

VoIP Penetration Testing

  • Vulnerability Assessment
  • Vulnerability and Penetration Testing
  • VoIP Risks, Vulnerabilities and Security Threats
  • VoIP Pen Testing Steps (18)
  • Overview of VoIP Security Tools
  • VoIP Fuzzing Tools
  • VoIP Signaling and Media Manipulation Tools

VPN Penetration Testing

  • Overview and Steps of VPN Pen Testing (5)
  • Web Application Scanning Tools

War Dialing

  • Overview of War Dialing and Common Techniques
  • Pre-requisites for War Dialing
  • Software Selection and Configuration
  • Establishing an Effective War Dialing Process and Interpreting the Results
  • Overview of War Dialing Tools

Virus and Trojan Detection

  • Steps for Virus and Trojan Detection (5)
  • Overview of Spyware Detectors, Anti-Trojans and Anti-Virus Software

Log Management Pen Testing

  • Overview of and Need for Log Management
  • Challenges in Log Management
  • Steps in a Log Management Pen Test (8)
  • Checklist for Secure Log Management

File Integrity Checking

  • Overview of File Integrity and Checking Techniques
  • File Integrity Checking Steps (3)
  • Tools for Checking File Integrity

Blue Tooth and Hand Held Device Pen Testing

  • Tools and Techniques for Jailbreaking an iPhone
  • Steps for iPhone Penetration Testing (7)
  • Blackberry Vulnerabilities
  • Steps for Blackberry Pen Testing (2)
  • PDA Attacks and Steps for Pen Testing (4)
  • Bluetooth Overview
  • Types of Bluetooth Attacks
  • Steps for Pen Testing in Bluetooth (11)

Telecommunication and Broadband Communication Pen Testing

  • Overview of and Risk in Broadband Communication
  • Steps for Broadband Communication Pen Testing (4)
  • Steps for Securing Telecommuting and Home Network Resources

Penetration Testing in Email Security

  • Overview of and Pre-requisites for Email Penetration Testing
  • Steps for Email Pen Testing (15)
  • Anti-Phishing and Anti-Spamming Tools

Security Patches Pen Testing

  • Patch Management and PVG
  • Pen Testing Steps (8)
  • Patch Management Security Checklist
  • Patch Management Tools  

Data Leakage Pen Testing

  • Overview of and Statistics for Data Leakage
  • Doors of Data Leakage and What to Protect
  • Steps for Data Leakage Pen Testing (14)
  • Data Privacy and Protection Acts
  • Tools for Data Protection

Pen Testing Deliverables and Conclusion

  • Presenting the Findings
  • Destroying the Report
  • Sign Off Document

Penetration Testing Report and Documentation

  • Report Construction - Summary, Scope, Results, Recommendations and Appendices 
  • Writing the Documentation – Best Practices
  • Test Reports
  • Executive Report
  • Activity Report
  • Host Report
  • Vulnerability Report
  • PCI Report
  • Client-Side Test and Penetration Test Reports
  • User Report
  • Web Applications Test Report
  • Writing, Formatting and Delivering the Final Report
  • Report Retention

Penetration Testing Report Analysis

  • Report on Pen Test
  • Pen-Test Team Meeting
  • Research Analysis
  • Pen-Test and Rating Findings and Format Examples
  • Analyze Findings

Post Testing Actions

  • Prioritize Recommendations
  • Action Plan
  • Minimize Misconfiguration Chances
  • Updates and Patches
  • Security Polices and Employee Training 
  • Destroy the Report

Ethics of an LPT

  • Best Practices to Follow for LPTs
  • Evolving as an LPT

Standards and Compliance

  • Laws Governing Information Security Consultants
  • GLBA Compliance Checklist
  • HIPAA Compliance Checklist
  • Sarbanes-Oxley Compliance Checklist
  • FISMA Compliance Checklist
  • FERPA Compliance Checklist
  • ECPA Compliance Checklist


Class Exam

CEH Exam


  • 125 Questions
  • Passing Score: 70%
  • Test Duration: 4 hours
  • Test Format: Multiple choice
  • Test Delivery: Prometric or Pearson VUE

Exam Code

The exam code varies when taken at different testing centers.

  • Exam 312-50-ANSI: Web based ‘Prometric Prime’ at Accredited Training Centers (ATC).
  • Exam 312-50: Pearson VUE Testing centers
  • Exam 350CEH: Proctored test at Authorized Prometric Testing Centers (APTC) globally.


Exam 312-50 tests CEH candidates on each of the 18 domains covered in-depth through the training course, including:

  1. Introduction to Ethical Hacking
  2. Footprinting and Reconnaissance
  3. Scanning Networks
  4. Enumeration
  5. System Hacking
  6. Malware Threats
  7. Sniffing
  8. Social Engineering
  9. Denial of Service
  10. Session Hijacking
  11. Hacking Webservers
  12. Hacking Web Applications
  13. SQL Injection
  14. Hacking Wireless Networks
  15. Hacking Mobile Platforms
  16. Evading IDS, Firewalls, and Honeypots
  17. Cloud Computing
  18. Cryptography



  • Number of Questions: 150
  • Passing Score: 70%
  • Duration: 4 hours
  • Format: Multiple Choice
  • Delivery: Prometric and Pearson VUE

The ECSA exam domains:

  • Introduction to Penetration Testing and Methodologies
  • Penetration Testing and Scoping Engagement Methodology
  • Open Source Intelligence (OSINT) Methodology
  • Social Engineering Penetration Testing Methodology
  • Network Penetration Testing Methodology - External
  • Network Penetration Testing Methodology - Interla
  • Network Penetration Testing Methodology - Perimeter Defenses
  • Web Application Penetration Testing Methodology
  • Database Penetration Testing Methodology
  • Wireless Penetration Testing Methodology
  • Cloud Penetration Testing Methodology
  • Report Writing and Post Testing Actions

Upon passing the certification exam, candidates will receive credit towards attaining the status of EC-Council Certified Security Analyst and then may apply to become a Licensed Penetration Tester (LPT). 

After completing the ECSA v10 knowledge exam, students can take the ECSA v10 Practical exam.

ECSA v10 Practical Exam*

  • Exam name: EC-Council Certified Security Analyst (Practical)
  • Number of Challenges: 8 
  • Duration: 12 hours 
  • Format: iLabs cyber range 
  • Passing score: 5 out of 8 challenges and the submission of an acceptable penetration testing report

*Practical exam requires a $100 nonrefundable if you do not hold one of these certifications in good standing: CEH, ECSA, or CHFI

You can purchase the exam vouchers separately through Phoenix TS.

Phoenix TS is an authorized testing center for Prometric and Pearson VUE exams. Contact us to register for exams or visit the Prometric and Pearson VUE websites.