Certified Ethical Hacker (C|EH) Compete
IN 145 COUNTRIES
NEW ETHICAL HACKING CHALLENGES EVERY MONTH
OWASP Top 10 Web Application Threat Vectors
Web application security has become a common concern for organizations around the world due to the increasing rate and sophistication of web application attacks. According to a new report by NTT Application Security, 50% of all sites were susceptible to at least one serious exploitable vulnerability in 2021. The average number of targeted attacks is constantly increasing, and financial institutions have been the primary targets of these attacks.
In this scenario, you work for a large financial institution that provides services nationally and internationally. Your institution’s primary banking application was recently compromised. Attackers were able to inject malicious data as part of a command to execute unintended commands and gain access to sensitive data. As a result, the institution has faced intense legal scrutiny and suffered a substantial financial loss..
You have recently been hired as part of the Red Team at the organization to fortify their information systems and avoid future security breaches. You are required to perform automated and manual web application audits to identify potential vulnerabilities and suggest countermeasures. Your goal is to ensure that the company’s web applications are safe against OWASP top 10 vulnerabilities.
System Hacking and Privilege Escalation
MegaCloud, a large cloud service provider, has recently set up a new data center to better serve its customers in the APAC region. The data center relies primarily on Linux to power its servers. The organization wants the entire data center to undergo comprehensive penetration testing to ensure that it meets the mandatory security requirements to achieve and maintain compliance with various industry standards.
You work as an ethical hacker with the red team at the organization and have been assigned a specific task to perform penetration testing on various Linux endpoints. You are required to perform a vulnerability assessment of the systems, identify vulnerabilities, and pawn the systems. It would help if you also tried lateral and vertical privilege escalations to audit access control configurations used on the systems.
You work as an ethical hacker with the red team at a major healthcare organization that manages a chain of elite hospitals across several major cities in North America.
Attackers exploited a zero-day vulnerability in the organization’s Java-based billing system to perform a remote code execution (RCE) attack. This vulnerability allowed attackers to create an order with a first name that contained the exploit executed on the web server, resulting in unauthorized access to the customer database and the billing system. Attackers could gain elevated access to the systems, allowing them complete control of the billing system.
You have been hired as part of the red team at the organization. You are asked to recreate the attacker’s path to identify the existence of such vulnerabilities in other systems in the organization and recommend countermeasures.
You work for a large MNC that provides IT solutions to many large MSME companies across the globe. Recently, a hacker group hijacked the company’s widely used technology management software and embedded it with sophisticated ransomware. This enabled the hackers to encrypt files simultaneously in all customer systems using the company’s software.
The company’s incident response team couldn’t extract the ransomware codes from the infected system, so you’ve been called in for your services as an ethical hacker. Your job is to reverse engineer the ransomware to identify the nature of the attack, encryption algorithms, and any traces of remote command and control sources that might be helpful to law enforcement agencies.
Web Application Hacking and Pen Testing
GigaMall is a top retailer with over 100 physical stores, 3,000 employees, and 400 million visitors to their online store each year. The company has spent over a million dollars developing its new online shopping portal.
You as part of the red team at the organization, The company is looking for comprehensive web application penetration testing to identify vulnerabilities in its new online portal and guidance for remediation.
Recently, a significant data exfiltration attack happened on an organization’s cloud network. An incident response team was called to respond to the incident. During the primary investigation, it was found that the attacker had gained access through potential risky ports that were open on the server and then performed lateral movement and internal network scans to exfiltrate the organization’s critical data. After further investigation, it was found that outbound access had been granted to RDP and SSH ports on a server whose security was compromised. The attacker targeted this common cloud misconfiguration vulnerability to access the system.
Now, learning from this past mistake, the organization has decided to hire you as an external ethical hacker to evaluate the security organization’s cloud systems. You’re tasked with conducting a security scan to find the ports on the organization’s cloud network systems that have been granted access.
Social Engineering/Phishing Attacks
The faculty members at StanX University all received a spoofed email pretending to come from the university itself. The email contained a password reset link with a message saying, “Your password will expire soon. Please reset your password with the following link.” Several faculty members clicked the link in the email, which took them to a web page similar to their StanXuniversity website at first glance. They entered their existing password and new password according to the reset instructions. However, this was a fake web page sent by an attacker to steal faculty members’ passwords. Later, it was discovered that faculty members’ critical information was compromised with the help of stolen passwords from this mass-distributed phishing attack on StanX University.
This incident revealed the negligence and ignorance of faculty members about phishing attacks, so the university has decided to hire you as an ethical hacker. You’ve been asked to run a phishing campaign on all the university employees and train them on identifying and countering phishing attempts.
Madelifeeasy, a large medical IoT device company, has manufactured an implantable cardiac device called an implantable cardioverter-defibrillator (ICD). The ICD is a small battery-operated IoT device implanted in the chest to detect and stop irregular heartbeats. It continuously monitors the wearer’s heartbeat and delivers electric shocks when needed to restore a regular heart rhythm. This device constantly transmits, processes, and collects data in the cloud without encryption. Recently, an attacker managed to gain access to the device through an existing vulnerability and was able to control the device’s functioning. The attacker could have easily manipulated information and transmitted false signals, such as depleting the battery or administering incorrect pacing or shocks. This could have caused a life-threatening incident for patients who have the ICD implanted.
Fortunately, no patients were harmed. Once the vulnerability was discovered, the organization immediately released a software patch to fix the problem in the device’s transmitter.
To avoid such mistakes in the future, the company has decided to hire you as an ethical hacker to run regular vulnerability assessments and identify weaknesses in their medical IoT devices.
Wi-Fi Network Attack/Hacking
A city in Florida decided to provide free Wi-Fi to its citizens and set up access points accordingly. However, no one paid much attention to the network’s security. One day, Bob, a curious citizen, found one of the free Wi-Fi access point on his way home from work and decided to connect to the network. He happened to check his IP address while connected to the internet. He then disconnected his device from the Wi-Fi and scanned his device for open ports. To his surprise, his device showed a web-based login interface through port 443 (HTTPS). Later, he found a buffer overflow vulnerability on his device that could be exploited to take complete control of the device.
He suspected that a hacker might have taken over the city’s public Wi-Fi and immediately reported this information to local officials. The officials then called you, an expert ethical hacker, to help assess and secure their Wi-Fi network.
Recently, customers of a major e-commerce company in Florida experienced a service outage for 3–4 hours. Their customers continuously raised complaints about the outage. The company was unaware of what was happening as it was not part of their scheduled weekly downtime. After an investigation from the IT team, it was discovered that the company was under a significant DDoS attack. The IT team immediately called an incident response team to restore system functionality and avoid further loss. This incident damaged the company’s reputation and cost hundreds of thousands of dollars.
The company has decided to investigate the reason behind the DDoS attack and evaluate the security of its information system—their stakeholders want assurance that this won’t happen again. The company has decided to carry out red team exercises on their network. As a part of the red team, you have been assigned to assess the company’s servers against DDoS attacks.
KYC InfoSystem Inc. recently allowed employees to use their mobile phones under their BYOD policy. Albert, an employee of the company, was using his Android phone in the workplace to send emails to his colleagues. Suddenly, KYC’s security team noticed a suspicious data transfer from Albert’s phone. The security team questioned Albert, asking if he carried out the activity intentionally. Albert was unaware of the activity and denied that he had transferred anything from his phone. The security team then asked Albert to surrender his phone for further investigation. During their investigation, the security team found that it was a case Android application permissions being abused: a malicious app on the phone was using legitimate app permissions to perform the data transfer. The security team immediately remediated the incident and uninstalled the malicious app.
As an ethical hacker with the organization’s security team, you must assess the security of mobile devices adopted under the BYOD policy before granting them access to the organization’s data.
Supply Chain Cyberattacks
ACN, a NY-based tech company, experienced supply chain cyberattacks throughout the past year. During an investigation, it was found that cybercriminals first infiltrated ACN’s digital infrastructure through malware-infected software updates released by ACN. The malicious actors were able to gain access to sensitive data from several of ACN’s customer organizations. The incident compromised the security of several ACN customers and led to millions of dollars in total losses.
As a proactive security measure, one of the ACN customer organizations hired you as an ethical hacker. Your responsibility is to assess the organization’s security with all of its supply chain vendors and software providers.
You Can’t Progress
WHAT ARE THE C|EH GLOBAL CHALLENGES?
The C|EH Compete Global Challenges part of C|EHv12 Training occurs every month, providing capture-the-flag style competitions that teach students about new technologies and platforms from web applications, OT, IoT, SCADA, and ICS systems to cloud and hybrid environments. Our compete structure lets ethical hackers fight their way to the top of the leaderboard each month in these curated 4-hour CTFs.
C|EH GLOBAL CHALLENGE CALENDAR
December 2022Outdated/Unpatched Software
|October 2022||OWASP Top 10 Web Application Threat Vectors|
|November 2022||System Hacking and Privilege Escalation|
|December 2022||Outdated/Unpatched Software|
|January 2023||Ransomware/Malware Analysis|
|February 2023||Web Application Hacking and Pen Testing|
|March 2023||Cloud Attack/Hacking|
|April 2023||Social Engineering/Phishing attacks|
|May 2023||IoT Attack/Hacking|
|June 2023||Wi-Fi Network Attack/Hacking|
|July 2023||DOS/DDoS Attack|
|August 2023||Mobile Attack/Hacking|
|September 2023||Supply Chain Cyber Attacks|
Why C|EH Global Challenges?
The new 4-phase Learn, Certify, Engage Compete learning framework makes the C|EH program the first of its kind to actually take trainees beyond knowledge and put their skills to practical use.
Once their applied skills are mastered, candidates can participate in 12 months of global hacking competitions under the Compete methodology of the new C|EH learning model. Candidates will see monthly skill-enriching competitions, leaderboards, and detailed assessments of their performance in each competition setting. With the global Ethical Hacker Challenge Leaderboards, aspiring professionals will compete for top ranks among ethical hackers across the world with dynamic challenges covering everything from malware to service exploitation to web application attacks to SCADA and ICS systems that control everything from power grids to water supply systems of cities all over the world.
- 5 Days of Training
- 20 Modules.
- Over 200 hands-on-labs with competition flags
- Over 3,500 Hacking Tools
- Learn how to hack Multiple Operating System
(Windows 11, Windows Servers, Linux, Ubuntu, Android)
C|EH Knowledge Exam
- 125 Multiple Choice Question
- 4 hours
C|EH Practical Exam
- 6 hours Practical Exam
- 20 Scenario based Questions
- Prove your skills and abilities
- ANSI 17024 Accredited
- Conduct a real-world Ethical Hacking Assignment
- Apply the 5 Phases
- Gaining Access
- Maintaining Access
- Covering your Tracks
- New Challenges Every Month
- 4 Hour Competition
- Compete with your peers all over the world
- Hack your way to the top of the Leaderboard
- Gain recognition
Become a Certified Ethical Hacker