The Ethical Hacking Foundation course and exam are based on the following Intended Learning Outcomes (ILOs):
1 Introduction to Ethical Hacking
1.1 Hacking Ethics
The candidate can …
1.1.1 understand the legal implications of hacking.
1.1.2 describe different types of hackers.
1.2 Basic Principles
The candidate …
1.2.1 knows the difference between the white and black box test.
1.2.2 can describe different phases in the hacking process.
2 Network Sniffing
2.1 Tools
The candidate …
2.1.1 knows different kind of tools for Network Sniffing.
2.1.2 knows how to use the most common tools for Network Sniffing.
2.2 Extracting Information
The candidate …
2.2.1 knows the function of HTTP headers.
2.2.2 can extract information from HTTP headers.
3 Hacking Wireless Networks
3.1 Preparation
The candidate can …
3.1.1 find information of his own network adapter.
3.2 Aircrack-NG
The candidate …
3.2.1 can explain Airodump-NG.
3.2.2 knows the different kind of functions of tools within Aircrack.
3.2.3 knows what ESSID&BSSID means.
4 System Penetration
4.1 Intel Gathering
The candidate …
4.1.1 knows how to find information on a target online.
4.1.2 knows how to find information on a target within a network.
4.2 Software Tools (Nmap, Metasploit)
The candidate …
4.2.1 can scan a target.
4.2.2 knows how to combine tools.
4.3 Fingerprinting and Vulnerabilities
The candidate …
4.3.1 knows how to find vulnerabilities based on scanning results.
4.3.2 knows how to perform manual fingerprinting.
4.4 Exploitation and Post Exploitation
The candidate …
4.4.1 knows how to exploit a vulnerability with Metasploit.
4.4.2 knows how to extract system information after exploitation.
5 Web-based Hacking
5.1 Database Attacks
The candidate …
5.1.1 knows the steps to test for SQLi vulnerabilities.
5.1.2 can explain how to extract data with SQLi.
5.1.3 knows the following functions: CONCAT, LOAD_FILE, UNION, SELECT, @@version, ORDER BY, LIMIT
5.2 Client Side Attacks
The candidate …
5.2.1 knows how to create an XSS PoC (Proof of Concept).
5.2.2 knows the basics of session hijacking in combination with XSS.
5.2.3 knows how to bypass basic XSS filters.
5.3 Server Side Attacks
The candidate …
5.3.1 knows how RFI is performed.
5.3.2 knows basic functionalities of php shells such as r57 and c99.
5.3.3 knows the difference between Bind & Back connect shells and what they do.
This is one of the four exams you need to pass (or for which you must obtain a waiver) to earn the stackable CDPP® certificate.