Menu
Contact US

Ethical Hacking and Penetration Testing (CEH Preparation)

Course Format: Online

Program Language: Arabic

Entry requirements

Specialized Capacity Building

40 hours (distributed over 8 days)

Information Security Specialists, Penetration Testers, and Technical Security Officers

Admission Requirements

Practical experience in networking and operating systems
Completion of the “Network Security and Threat Detection” program
Good knowledge of technical English

Introduction to Ethical Hacking

  • Definition of Ethical Hacking

    The difference between ethical hackers and malicious hackers

  • Types of Hackers (White Hat, Black Hat, Gray Hat)

    Understanding the different hacker classifications

  • Laws and Ethics

    Legal authorization, testing boundaries, and confidentiality

  • Penetration Testing Methodologies

    PTES, OSSTMM, NIST

  • EC-Council CEH Certification

    Overview of the certification and its requirements

Phases of Penetration Testing

  • Passive and Active Information Gathering
  • Identifying Devices, Services, and Open Ports
  • Using Vulnerability Scanning Tools
  • Attempting to Exploit Targeted Systems
  • Maintaining Access (With Consent)
  • Understanding How Attackers Attempt to Hide Their Tracks

Information Gathering

  • Searching open sources (OSINT), search engines, Whois, DNS
  • Using tools like Nmap, Netcat
  • Maltego, Shodan, theHarvester, Recon-ng
  • Identifying potential targets and vulnerabilities
  • Limits of what is permitted in testing

Vulnerability Scanning and Analysis

  • Nessus, OpenVAS, Qualys
  • Distinguishing real vulnerabilities from false positives
  • CVSS Scores (Common Vulnerability Scoring System)
  • Using CVE, NVD, and Exploit-DB databases
  • Which vulnerabilities require immediate remediation?

Exploitation

  • Using Metasploit to exploit vulnerabilities
  • Buffer Overflow, SQL Injection, Cross-Site Scripting
  • Exploitation techniques specific to each system
  • How to bypass Firewalls and IPS/IDS
  • BeEF (for browser exploitation), Burp Suite (for web application testing)

Post-Exploitation Analysis

  • From a standard user to system administrator
  • Files, passwords, and sensitive data
  • Using a compromised system to attack other systems on the network
  • How an attacker remains connected even after a reboot
  • Removing evidence after testing (with consent)

Penetration Testing Reporting

  • Executive Summary, Methodology, Findings, and Recommendations
  • Vulnerability Description, Evidence, and Risk Severity
  • Clear and Actionable Solutions for Each Vulnerability
  • Balancing Technical Detail with Management Understanding
  • Reviewing Professional Reports as Templates

CEH Exam Preparation

  • Exam structure, number of questions, duration
  • List of topics covered by the exam
  • References, practical exercises, virtual labs
  • Exercises simulating practical exam questions
  • Time management strategies, handling difficult questions

Program Completion Certificate

After completing all course requirements, you can apply to receive an accredited Certificate of Completion from Ru’ya Academy for Leadership and Technology.

Click here to request the certificate