Certificate of Ethical Hacking

• Threats
• General threat landscape
• Basic terms, and common IT security objectives
• Motivations common to the threat actor
• Threat categories and attack vectors
• Types of defences against threats
• Hacking concepts
• Concepts of hackers
• Common phases of hacking
• What makes a good hacker
• Types of hackers (Script Kiddies, White Hats and Black Hats)
• Covert data gathering
• Cloud computing threats
• Cloud computer attacks
• Password attacks
• High and low tech approaches to password attacks
• Using Medusa and Hydra software
• Packet sniffing tools
• Popular password cracking tools
• GUI based password cracking tools
• Man-in-the-middle attacks
• Pass-the-hash to gain access without cracking the password hash
• Privilege Escalation
• DLL hijacking
• File/folder permission exploitation
• Gaining higher privileges using scheduled tasks and insecure sudo implementations
• Operating system vulnerabilities and webshells
• techniques to gain unauthorised privileges

• Cloud computer attacks
• Vulnerabilities and attacks that lead to cloud systems being compromised
• Cloud computing threats
• Cloud computer attacks
• Cloud computing concepts
• Basic cloud computing
• Understanding cloud computing attacks
• Concepts and key characteristics of cloud computing and accepted service models
• Cloud deployment models and cloud actors

• Threats against web apps and injection-based attacks
• Unauthorised remote access and code execution
• Attacks against web apps using weak or broken authentication methods
• Cross-site scripting
• Dangers of broken and weak authentication methods
• Data leaking with poor or no encoding
• Using cross-site scripting (XSS) to execute code
• Dangers of using indirect object references (IDOR)

• Mobile hacking
• Challenges of managing a BYOD environment.
• the process of cracking WEP encrypted wireless networks
• Aircrack-ng suite of wireless hacking tools
• The process of cracking WPA encrypted wireless networks using the Aircrack-ng suite of wireless hacking tools

• Cryptography attacks
• Attack a cryptographic system
• Cryptography concepts
• Cryptography concepts and the goals of cryptography
• digital signatures
• Symmetric cryptography
• Asymmetric cryptography
• Cryptanalysis, cryptology, and collision
• Symmetric and asymmetric key algorithms and management
• types of cryptosystems, hashing algorithms, and digital signatures
• Public Key Infrastructure, digital certificates, certificate lifecycle, key wrapping, and key encrypting keys

• Distributed denial of service attacks
• Types of attacks
• DoS/DDoS attacks,
• Amplification and reflective DoS attacks
• Volumetric attacks
• Protocol type attacks
• Application layer

• IDS and firewalls
• Using Nmap to evade firewalls
• Honeypot setups
• Install and test Snort intrusion detection software
• Snort post-installation
• Structure of a ruleset

• Footprinting tools and techniques
• Footprinting and web-based tools
• Using whois, traceroute, recon-ng, and other tools to collect info on a target website

• Common web server attack tactics
• Motivations for targeting web servers.
• Exploiting vulnerabilities associated with web servers
• Common methodologies
• Hidden files and covering tracks
• Necessity of hiding files
• How to cover tracks
• Alternate data streams and steganography
• Disabling auditing systems and clearing logs
• Host discovery and scanning with Nmap
• Discovering hosts
• Common system tools
• Scripting to perform host discovery
• Nmap host scanning techniques
• Using Nmap to target specific hosts

• IoT Attacks
• IoT vulnerabilities
• Common IoT attack areas and threats
• IoT concepts
• Concept of IoT
• IoT communication models
• Challenges associated with the use of IoT
• IoT Hacking and Countermeasures
• IoT hacking methodology
• Countermeasures for securing IoT devices

• Malware distribution
• Malware distribution methods
• Malware threats
• Malware threats used to attack a system
• Malware types and components

• SQL Injection
• SQL Injection attacks
• SQL Injection to bypass authentication on a web app
• SQL Injection types and tools
• Error-based and blind SQL Injection
• Using SQL Injection to read, write, and execute files on a remote system

• Wireless hacking common threats
• Common threats against wireless networks
• Recognising complex wire network attacks
• Wireless hacking concepts
• Wireless hacking technologies and concepts
• Wireless terms and standards
• Authentication mechanisms
• Encryption schemes
• Wireless hacking tools
• Using wireless hacking tools
• Common wireless hacking tools

• Networking sniffing purposes
• Sniffing network traffic
• Types phases, and methodologies of penetration testing
• Common security laws, regulations and standards
• Methods of web app hacking
• Configuration of a web app
• Bypass security features using ProxyChains
• Perform enumeration
• Things commonly targeted during enumeration
• Explore Security policies
• Protecting information, systems, networks and physical threats
• Workplace policies and physical security policies
• Risk management and threat modelling
• Impacts of successful hijacking attacks
• Conduct a session replay attack
• Token prediction, cross-site request gorgery (CSRF/XSRF), session fixation, and man-in-the-browser attacks
• Network-layer session hijacking
• Mitigation strategies
• Using tactics like to gain access or information from their targets
• Using social engineering techniques to gain information from a target
• Gathering information using malicious apps from a target
• Vulnerability management life-cycle
• Vulnerability assessments
• Vulnerability tools

When you study with Australian Online Courses, you will be assessed using a competency-based training method.

Competency-based training focuses on the achievement of skills and knowledge against set criteria to ensure your competency is industry relevant. You will not be benchmarked against other students.

If you do not achieve a competency result on your first attempt, you have two more attempts to pass your assessment. So, you have three attempts in total to obtain a competency result.

In this way, you can complete your course in your own time and at your own pace with the assistance of unlimited tutor support.

In this course, you will be assessed via multiple-choice questions to determine your mastery of details and specific knowledge gained during your studies to achieve a ‘competent’ or ‘not yet competent’ result.

Benefits of Multiple-Choice Assessments

• Appropriate for assessing students’ mastery of details and specific knowledge.
• Can be used to assess both simple knowledge and complex concepts.
• Questions can be answered quickly to accurately assess a students’ mastery of many topics relatively quickly.
• Assessment can be quickly and reliably scored to achieve a ‘competent’ or ‘not yet competent’ result.
• As the answers are visible, multiple-choice questions offer the opportunity for the continuation of the learning process, offering educational value.

• Professional development that is widely recognised and respected;
• Improve your employment opportunities;
• Study online, anywhere via our elearning system;
• High-quality professional development programs written by industry experts;
• No entry requirements;
• All course materials provided online – no textbooks to buy;
• Unlimited tutor support;
• Easy to understand course content;
• We offer twelve (12) months’ access, with extensions available upon application (fees apply);
• Certificate of Attainment/Completion issued for your CV (hard copy provided); and
• Course may be tax deductible; see your tax advisor.

The approximate study hours for this course is 50 hours. We offer twelve (12) months’ access, with extensions available upon application (fees apply).

While printed materials are not available for purchase, transcripts of video lectures and other learning resources are available for printing via our elearning system.

You can start within 60 minutes during business hours when you enrol and pay in full with a credit card!

Credit card: Within 60 mins during business hours.

BPAY: Within 1-2 working days.

Internet Banking: Within 1-2 working days.

Cheque/Money Order: Upon receipt of mailed cheque.

Yes! You will receive a Certificate of Attainment upon successful completion of your assessment.

No. All courses are delivered online via our e-learning system and there are no work placement requirements in this course.

Unlimited tutor support is available throughout your studies via email during business hours Monday to Friday. Our Administrative team are available Monday to Friday via email, live chat and telephone.

Yes! We accept enrolments from individuals both within Australia and internationally; location is no barrier to entry into our programs.