Video DescriptionMore than 3.5 hours of video instruction to help you learn the skills necessary to perform advanced penetration testing in an enterprise networking environment.
Enterprise Penetration Testing and Continuous Monitoring LiveLessons, part of The Art of Hacking video series, provides step-by-step, real-life complex scenarios of performing security assessments (penetration testing) of enterprise networks using internal/external reconnaissance, social engineering, and network and vulnerability scanning. You also learn how to perform web app testing, internal network testing, privilege escalation, password cracking, and data exfiltration to probe for and mitigate enterprise vulnerabilities. The course concludes with a look at reporting and evaluation methods to ensure that your enterprise environment stays secure from ever-evolving threats and security vulnerabilities.
Get step-by-step guidance so you can learn ethical hacking, penetration testing, and security posture assessment. You also learn the various concepts associated with many different leading-edge offensive security skills in the industry. Full of multimedia tutorials and hands-on demos that users can apply to real-world scenarios, this is a must for anyone interested in pursuing an ethical hacking career or simply keeping abreast of evolving threats to keep your enterprise network secure from vulnerabilities.
* Introduction to enterprise penetration testing and continuous monitoring
* External and internal reconnaissance
* Enterprise social engineering
* Network and vulnerability scanning
* Web app testing
* Internal testing
* Privilege escalation
* Enterprise secrets, post exploitation, and data exfiltration
* Cloud services
* Reporting and continuous evaluation
Learn How To
* Plan, build, and run a Red Team to conduct enterprise hacking
* Probe for enterprise vulnerabilities using passive/active reconnaissance, social engineering, and network and vulnerability scanning
* Target hosts and deploy tools to compromise web apps
* Infiltrate the network, scan vulnerable targets and open-source software, and host a “capture-the-flag” event to identify enterprise vulnerabilities
* Escalate network access privilege using proven methods and tools
* Perform password cracking, compromise network and user credentials, exfiltrate sensitive data, and cover your tracks in the process
* Test cloud services for vulnerabilities
* Conduct reports for penetration testing events and set up a continuous monitoring infrastructure to mitigate ongoing threats
Who Should Take This Course?
* Any network and security professional who is starting a career in ethical hacking and penetration testing
* Individuals preparing for the CompTIA PenTest+, the Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and any other ethical hacking certification
* Any cybersecurity professional who wants to learn the skills required to become a professional ethical hacker or who wants to learn more about general security penetration testing methodologies and concepts
Requires basic knowledge of networking and cybersecurity concepts and technologies.
Lesson 1, "Introduction to Enterprise Penetration Testing and Continuous Monitoring," covers Red Teams and enterprise hacking. This lesson differentiates continuous evaluation of an enterprise security posture using Red Teams from the traditional penetration testing done in a transactional basis. The lesson concludes with a look at how to plan for, fund, and establish the scope and ground rules for Red Team collaboration.
Lesson 2, "External and Internal Reconnaissance," further defines the Red Team environment and then differentiates between passive and active reconnaissance before delving into the techniques and tools for performing reconnaissance, with attention on the legal and moral concerns associated with the continuous monitoring of an enterprise network.
Lesson 3, "Enterprise Social Engineering," reviews different social engineering methodologies, how Red Teams target employees, and the use of open-source social engineering tools.
Lesson 4, "Network and Vulnerability Scanning," reviews different methodologies for performing network and vulnerability scanning, the operational impact of enterprise-wide scanning, and the available open-source and commercial scanning tools. This lesson also covers how enterprises are shifting from transactional penetration testing to deploying Red Teams to perform continuous monitoring.
Lesson 5, "Web App Testing," covers how to target enterprise host and web applications with a focus on several tools to perform web application testing as well as how to perform continuous testing within the enterprise.
Lesson 6, "Internal Testing," reviews techniques to initially get on the network, identify the hosts to target, and establish the scope of the testing.
Lesson 7, "Privilege Escalation," defines privilege escalation and how to achieve it, using several examples facilitated by readily available tools to do so. The lesson concludes with how to understand and perform lateral movement.
Lesson 8, "Enterprise Secrets, Post Exploitation, and Data Exfiltration," focuses on persistent access and post exploitation techniques. The lesson covers how to achieve domain access, compromise user credentials, and implement password cracking and reporting tools, search for sensitive data, and exfiltrate data. Finally, you learn how to cover your tracks to avoid detection, with the end goal of identifying how to respond to these types of attacks so that you can mitigate the vulnerabilities for the enterprise.
Lesson 9, "Cloud Services," reviews the challenges and caveats when performing penetration testing in the enterprise cloud environment, supported by some illustrative case studies.
Lesson 10, "Reporting & Continuous Evaluation," covers the differences between final reports for traditional penetration testing and how enterprise Red Teams report their findings to stakeholders and executives with a focus on continuous monitoring.
About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world- leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.
Table of Contents
Lesson 1: Introduction to Enterprise Penetration Testing and Continuous Monitoring
- Learning objectives 00:01:14
- 1.1 Introducing Red Teams and Enterprise Hacking 00:05:43
- 1.2 Understanding Enterprise Wide Penetration Testing 00:08:14
- 1.3 Understanding the Difference Between Red and Blue Teams 00:02:54
- 1.4 Exploring How to Plan and Fund a Red Team 00:03:23
- 1.5 Surveying Operational Processes and Policies for the Red Team 00:03:52
- 1.6 Understanding How to Create and Hire the Red Team 00:02:29
- 1.7 Understanding Red Team Collaboration 00:02:45
- Lesson 2: External and Internal Reconnaissance
- Lesson 3: Enterprise Social Engineering
Lesson 4: Network and Vulnerability Scanning
- Learning objectives 00:00:43
- 4.1 Exploring Network and Vulnerability Scanning Methodologies 00:03:51
- 4.2 Understanding the Operational Impact of Enterprise-wide Scanning 00:09:40
- 4.3 Understanding Scanning Tools 00:04:34
- 4.4 Exploring How to Automate Scans 00:07:40
- 4.5 Using Shodan and Its API 00:03:30
- 4.6 Exploring Vulnerability Scanners 00:10:22
- 4.7 Understanding Binary and Source Code Scanners 00:02:45
- 4.8 Understanding How to Perform Continuous Monitoring 00:03:33
Lesson 5: Web App Testing
- Learning objectives 00:00:31
- 5.1 Exploring How to Target Hosts 00:05:36
- 5.2 Exploring Web App Testing Essential Tools 00:07:37
- 5.3 Understanding Enterprise Application Continuous Testing 00:03:37
Lesson 6: Internal Testing
- Learning objectives 00:00:22
- 6.1 Understanding How to Initially Get on the Network 00:02:52
- 6.2 Understanding What Hosts to Target and the Scope of the Testing 00:06:37
- 6.3 Exploring the Hidden Cost of Open Source Software 00:04:04
- 6.4 Learning How to Host Enterprise Capture the Flag Events 00:03:01
Lesson 7: Privilege Escalation
- Learning objectives 00:00:34
- 7.1 Learning Privilege Escalation Methodologies 00:06:51
- 7.2 Understanding Lateral Movement 00:04:09
- 7.3 Surveying Privilege Escalation Essential Tools 00:02:31
Lesson 8: Enterprise Secrets, Post Exploitation, and Data Exfiltration
- Learning objectives 00:01:00
- 8.1 Understanding Persistent Access 00:02:03
- 8.2 Learning How to Achieve Domain Admin Access 00:02:54
- 8.3 Understanding How to Compromise User Credentials 00:05:25
- 8.4 Surveying Password Cracking &amp; Reporting 00:02:58
- 8.5 Understanding That Domain Admin Is Not the End Goal 00:01:08
- 8.6 Searching for Sensitive Data 00:04:37
- 8.7 Understanding Data Exfiltration Techniques 00:07:44
- 8.8 Understanding How to Cover Your Tracks 00:04:01
Lesson 9 Cloud Services
- Learning objectives 00:00:27
- 9.1 Understanding the Challenge of Testing Cloud Services 00:03:50
- 9.2 Exploring How to Test in the Cloud 00:03:33
- Lesson 10 Reporting &amp; Continuous Evaluation
- Title: Enterprise Penetration Testing and Continuous Monitoring The Art of Hacking
- Release date: May 2018
- Publisher(s): Cisco Press
- ISBN: 9780134854779