Today’s technology is moving fast and changing the way we do business. Companies digitize all information by default, store their data in the cloud and use open source software. This raises information security issues related to network and system infrastructure.
The EXIN Ethical Hacking Foundation module covers the basic steps of ethical hacking: intelligence gathering, scanning computer network/systems, and penetrating systems.
Candidates are expected to be very aware of the difference between legal and illegal hacking, and the consequences of misuse.
In more detail the candidate will develop an understanding of the following topics:
• Network sniffing (gathering information from network traffic)• Cracking a WEP and WPA(2) key from a wireless network• Network vulnerability scanning• Basic penetration of computer systems• Password cracking• Web-based hacking, containing SQL Injections (SQLi), Cross-Site Scripting (XSS), Remote File Inclusions (RFI)
The EXIN Ethical Hacking Foundation exam tests the knowledge of the candidate on:
• the basics of Ethical Hacking, and• the practice of Ethical Hacking.
This certificate is meant for security officers, network architects, network administrators, security
auditors, security professionals, computer programmers and networking experts, managers
working in the field of ethical hacking and anyone who is interested in improving and/or testing the
security of an IT infrastructure. The module is also meant for (beginning) ethical hackers who want
to get certified and verify their knowledge.
1. Introduction to Ethical Hacking
1.1 Hacking Ethics1.1.1 understand the legal implications of hacking.1.1.2 describe different types of hackers.1.2 Basic Principles1.2.1 knows the difference between the white and black box test.1.2.2 can describe different phases in the hacking process.
2. Network Sniffing
2.1 Tools2.1.1 knows different kind of tools for Network Sniffing.2.1.2 knows how to use the most common tools for Network Sniffing.2.2 Extracting Information2.2.1 knows the function of HTTP headers.2.2.2 can extract information from HTTP headers.
3. Hacking Wireless Networks
3.1 Preparation3.1.1 find information of his own network adapter.3.2 Aircrack-NG3.2.1 can explain Airodump-NG.3.2.2 knows the different kind of functions of tools within Aircrack.3.2.3 knows what ESSID&BSSID means.
4. System Penetration
4.1 Intel Gathering4.1.1 knows how to find information on a target online.4.1.2 knows how to find information on a target within a network.4.2 Software Tools (Nmap, Metasploit)4.2.1 Can scan a target.4.2.2 knows how to combine tools.4.3 Fingerprinting and Vulnerabilities4.3.1 knows how to find vulnerabilities based on scanning results.4.3.2 knows how to perform manual fingerprinting.4.4 Exploitation and Post Exploitation4.4.1 knows how to exploit a vulnerability with Metasploit.4.4.2 knows how to extract system information after exploitation.
5. Web-based Hacking
5.1 Database Attacks5.1.1 knows the steps to test for SQLi vulnerabilities.5.1.2 can explain how to extract data with SQLi.5.1.3 knows the following functions: CONCAT, LOAD_FILE, UNION, SELECT, @@version, ORDER BY, LIMIT5.2 Client Side Attacks5.2.1 knows how to create an XSS PoC (Proof of Concept).5.2.2 knows the basics of session hijacking i/c/w XSS.5.2.3 knows how to bypass basic XSS filters.5.3 Server Side Attacks5.3.1 knows how RFI is performed.5.3.2 knows basic functionalities of php shells such as r57 and c220.127.116.11 knows the difference between Bind & Back connect shells and what they do.