Have you received your Certified Ethical Hacker (CEH) certification or are you in the process of training to do so? After completion of baseline ethical hacking training, penetration testers have a number of choices for further security education and training to develop a variety of cyber security skills. Let’s take a look at some of these options:
The development of exploits is a technique used to explore software vulnerabilities. Exploits themselves are flaws within a program that can cause unintended behavior to happen within the software, hardware, or electronic. By learning about the vulnerabilities of different types of software, penetration testers can learn how to take advantage of them to better understand the workings of the computer software and ultimately better protect the target of the exploits. Exploits are categorized by how they target software, remotely or locally, as well as the types of vulnerabilities they exploit. As there is a variety of computer software available, exploits can be varied for different types of software as well. Exploit development classes cover a variety of topics from stack overflows and shellcoding tricks to PDF and ROP exploits.
Malware analysis sometimes referred to as “reverse engineering” of malware programs, examines how malware works in order to protect computers from malware attacks. Like the approach behind so many ethical hacking activities, penetration testers will get to learn how an attack is built and executed so that they can know how to defend networks from such attacks in the future. Malware analysis will explore different types of malicious software including viruses, worms, Trojans, spyware, adware, and rootkits. Ultimately the goal will be to learn the versatility of the software and how to combat attacks through similarly versatile and efficient methods. Malware analysis courses may cover fundamentals of PE headers and DLL interactions, identification of malware characteristics, identification of the malware’s level of the malicious capability, and even browser script analysis.
Mobile App Hacking
Mobile hacking and mobile application hacking explore how cell phones are vulnerable to break-ins and teaches penetration testers how to secure mobile devices. With smartphone usage becoming commonplace and increasing numbers of communication and financial services becoming available through mobile versions of websites or mobile apps, it is important to learn how to hack into mobile devices and then how to secure them. Ethical hackers can take what they’ve learned about computers and expand their knowledge to learn on entirely new platforms, from popular Android and Apple smartphones to tablets and iPods as well. Mobile hacking courses cover topics such as Android and Apple device forensics, exploitation of mobile apps, jail breaking, attacking web services through mobile apps, and penetration testing for mobile operating systems.
Wireless security training provides ethical hackers with the opportunity to gain a skill set that is valuable due to the current technological industry relying on wireless connections for networks. Wireless fidelity, or Wifi, allows electronic devices to exchange data and connect via a wireless local area network (WLAN). Most modern Wifi connections abide by the IEEE 802.11ac standard, so penetration testers would first engage in learning about wireless security by learning about the basics of 802.11 wireless networking. Following the introductory topics would be the exploration of wireless network encryption, of which there are two main types: Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Wireless security training includes topics like encryption cracking, encryption defense and circumvention of attacks, and the differences in wireless security for more protected networks, such as those found in the government.