Course Outline

-

Hi Everyone!
Welcome to this course on Practical Ethical Hacking.  To enjoy this course, you need nothing but a positive attitude and a desire to learn.  No prior knowledge is required.
In this course, you will learn the practical side of ethical hacking.  Too many courses teach students tools and concepts that are never used in the real world.  In this course, we will focus only on tools and topics that will make you successful as an ethical hacker.  The course is incredibly hands on and will cover many foundational topics.
In this course, we will cover:
1.     Effective Notekeeping.  An ethical hacker is only as good as the notes he or she keeps.  We will discuss the important tools you can use to keep notes and be successful in the course and in the field.
2.     Networking Refresher.  This section focuses on the concepts of computer networking.  We will discuss common ports and protocols, the OSI model, subnetting, and even walk through a network build with using Cisco CLI.
3.     Introductory Linux.  Every good ethical hacker knows their way around Linux.  This section will introduce you to the basics of Linux and ramp up into building out Bash scripts to automate tasks as the course develops.
4.     Introductory Python.  Most ethical hackers are proficient in a programming language.  This section will introduce you to one of the most commonly used languages among ethical hackers, Python.  You'll learn the ins and outs of Python 3 and by the end, you'll be building your own port scanner and writing exploits in Python.
5.     Hacking Methodology. This section overviews the five stages of hacking, which we will dive deeper into as the course progresses.
6.     Reconnaissance and Information Gathering.  You'll learn how to dig up information on a client using open source intelligence.  Better yet, you'll learn how to extract breached credentials from databases to perform credential stuffing attacks, hunt down subdomains during client engagements, and gather information with Burp Suite.
7.     Scanning and Enumeration.  One of the most important topics in ethical hacking is the art of enumeration.  You'll learn how to hunt down open ports, research for potential vulnerabilities, and learn an assortment of tools needed to perform quality enumeration.
8.     Exploitation Basics.  Here, you'll exploit your first machine!  We'll learn how to use Metasploit to gain access to machines, how to perform manual exploitation using coding, perform brute force and password spraying attacks, and much more.
9.     Mid-Course Capstone.  This section takes everything you have learned so far and challenges you with 10 vulnerable boxes that order in increasing difficulty.  You'll learn how an attacker thinks and learn new tools and thought processes along the way.  Do you have what it takes?
10. Exploit Development.  This section discusses the topics of buffer overflows.  You will manually write your own code to exploit a vulnerable program and dive deep into registers to understand how overflows work.  This section includes custom script writing with Python 3.
11. Active Directory.  Did you know that 95% of the Fortune 1000 companies run Active Directory in their environments?  Due to this, Active Directory penetration testing is one of the most important topics you should learn and one of the least taught.  The Active Directory portion of the course focuses on several topics.  You will build out your own Active Directory lab and learn how to exploit it.  Attacks include, but are not limited to: LLMNR poisoning, SMB relays, IPv6 DNS takeovers, pass-the-hash/pass-the-password, token impersonation, kerberoasting, GPP attacks, golden ticket attacks, and much more.  You'll also learn important tools like mimikatz, Bloodhound, and PowerView.  This is not a section to miss!
12. Post Exploitation.  The fourth and fifth stages of ethical hacking are covered here.  What do we do once we have exploited a machine?  How do we transfer files?  How do we pivot?  What are the best practices for maintaining access and cleaning up?
13. Web Application Penetration Testing.  In this section, we revisit the art of enumeration and are introduced to several new tools that will make the process easier.  You will also learn how to automate these tools utilize Bash scripting.  After the enumeration section, the course dives into the OWASP Top 10.  We will discuss attacks and defenses for each of the top 10 and perform walkthroughs using a vulnerable web applications.  Topics include: SQL Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control, Security Misconfigurations, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, and Insufficient Logging and Monitoring
14. Wireless Attacks.  Here, you will learn how to perform wireless attacks against WPA2 and compromise a wireless network in under 5 minutes.
15. Legal Documentation and Report Writing.  A topic that is hardly ever covered, we will dive into the legal documents you may encounter as a penetration tester, including Statements of Work, Rules of Engagement, Non-Disclosure Agreements, and Master Service Agreements.  We will also discuss report writing.  You will be provided a sample report as well as walked through a report from an actual client assessment.
16. Career Advice.  The course wraps up with career advice and tips for finding a job in the field.
At the end of this course, you will have a deep understanding of external and internal network penetration testing, wireless penetration testing, and web application penetration testing.  All lessons taught are from a real-world experience and what has been encountered on actual engagements in the field.


Note: This course has been created for educational purposes only.  All attacks shown were done so with given permission.  Please do not attack a host unless you have permission to do so. Also this blog post is copied directly from the course description. 
What you’ll learn
·         Practical ethical hacking and penetration testing skills
·         Network hacking and defenses
·         Active Directory exploitation tactics and defenses
·         Common web application attacks
·         How to hack wireless networks
·         Learn how to write a pentest report
·         Understand the security threats affecting networks and applications
·         OWASP Top 10
·         IT security trends
Are there any course requirements or prerequisites?
·         Basic IT knowledge
·         For Mid-Course Capstone: A subscription to hackthebox is suggested, but not required to complete the course.
·         For Wireless Hacking: A wireless adapter that supports monitor mode (links provided in course).
·         For Active Directory Lab Build: A minimum of 16GB of RAM is suggested. Students can still participate in the course, but may experience slow lab environments.
Who this course is for:
·         Beginner students interested in ethical hacking and cybersecurity.

By the numbers
Skill level: Beginner Level
Languages: English
Lectures: 189





Comments

Post a Comment

Popular posts from this blog

P3- Basic Bash Scripting

-
Image
Hi Everyone! Today we are learning basic bash scripting. So let's begin. We will learn about the following commands grep cut tr scripting with bash for loop grep : it will narrow down our results, for example, if we ping any IP, and we want to gather info, if ping was valid or not, so for that, we will use grep to narrow down, let say we have a list of pings of different IP addresses, and we want to get only those pings that were valid, we will use grep on that list and so narrowing our results. cut, tr, both also narrow down our results. let's get started First, I am gonna ping my very own machine with my IP address If we wanna send only one packet to see if the host machine is alive or not, we will use "-c 1" to send only one packet to the host. Now as you can see, if I write -c 3, it will send only 3 packets, so it depends. I am gonna put the ping results into a text file, and after placing the results in i.txt file, I cat the file, so it ...
Read more

P2- Intro to Kali Linux

-
Image
Hi Everyone! Today we are recalling some Kali Linux commands, So let's begin. ============================== Navigate to File System ============================== ·     Command:   ls -la It shows hidden folders. mkdir  For making a new folder. cd cd for changing the folders or going in other folders or directories.  cd .. For going backward in the folder in the same directory. man command e.g man ls it now gives a manual guide of the command, man is like a help command, both are pretty close but man gives more detailed guide. also, ls --help can be used echo "hi" > test.txt This command makes a txt file with name "test" and writes "hi" inside of it cp test.txt downloads/ This command  means copy "test.txt" to "downloads" folder rm Downloads/test.txt remove command, so it removes the "test.txt" command that we just made. mv test.txt Downloads/ move command, it moves the "tes...
Read more

P4- Stages of Ethical Hacking

-
Image
Hi, Today we are starting to learn the actual course content that we are here for, "Ethical Hacking". let's begin! There are five stages of ethical hacking: Reconnaissance Scanning & Enumeration Gaining Access Maintaining Access Covering tracks Reconnaissance: Reconnaissance aka information gathering. There are two types of Reconnaissance, Active and Passive Reconnaissance. Passive Reconnaiosece is where an ethical hacker google about any company, gather the information by going through different search engines, by going through the Facebook page of the company or by visiting the profile of the employees, making a list of the email of the employees by going through their twitter or FB account, etc, etc, so not doing anything directly, the company does not know about this. Whereas Active Rconnaisence is where an ethical hacker goes through the network of any company by any means. In this, the ethical hacker actually discovers the hosts Ip, servers,...
Read more