O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Art of Hacking (Video Collection)

Video Description

26 Hours of Video Instruction

Description

Your complete guide to help you get up and running with your cybersecurity career!

Overview

The Art of Hacking is a series of video courses that is a complete guide to help you get up and running with your cybersecurity career. You will learn the key tenets and the fundamentals of ethical hacking and security penetration testing techniques. The videos in this series will provide step-by-step real-life scenarios, full demos and content deep dives. You will see firsthand how an ethical hacker performs initial reconnaissance of a victim and assess systems and network security controls security posture.

These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), and any other ethical hacking certification. This series was built to help you learn more about general hacking methodologies and concepts as well as gain the skills required to becoming a professional ethical hacker.

Courses include:

About the Authors

Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. He is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities.  He is the author of several cybersecurity books and video courses.

Chris McCoy is a technical leader in Cisco's Advanced Security Initiatives Group (ASIG).  He has over 20 years of experience in the networking and security industry.  He has a passion for computer security, finding flaws in mission-critical systems, and designing mitigations to thwart motivated and resourceful adversaries.  He was formerly with Spirent Communications and the U.S. Air Force.  He is CCIE certified in the Routing & Switching and Service Provider tracks, which he has held for over 10 years.

Jon Sternstein is the Founder and Principal Consultant of Stern Security, a security company focused on healthcare and credit union industries. Jon has been a lead contributor to securing a wide variety of organizations in healthcare, education, finance, legal, and government industries throughout his 13+ years in the security field. He co-chairs the Privacy and Security Workgroup at the North Carolina Healthcare Information and Communications Alliance (NCHICA). Jon was the former President of the BSides Raleigh Security conference. Stern Security's website: https://www.sternsecurity.com

Ron Taylor has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting where he gained experience in many areas. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance.   In 2012, he moved into a position with the Security Research & Operations group (PSIRT) where his focus was mostly on penetration testing of Cisco products and services. 

Ron was also involved in developing and presenting security training to internal development and test teams globally.  Additionally, he provided consulting support to many product teams as an SME on product security testing.  In his current role, he is a Consulting Systems Engineer specializing in Cisco's security product line. Certifications include GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP and MCSE.  Ron is also a Cisco Security Blackbelt, SANS mentor, Co-Founder and President of the Raleigh BSides Security Conference, and member of the Packet Hacking Village team at Defcon.

Who Should Take This Course

  • Any network and security professional who is starting a career in ethical hacking and penetration testing
  • Individuals preparing for the CompTIA PenTest+, the Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP)and any other ethical hacking certification
  • Any cyber security professional who wants to learn the skills required to becoming a professional ethical hacker or who wants to learn more about general security penetration testing methodologies and concepts.

Course Requirements

Requires basic knowledge of networking and cybersecurity concepts and technologies.

Table of Contents

Table of Contents

  1. Security Penetration Testing (The Art of Hacking Series) by Omar Santos, Ron Taylor, Chris McCoy, and Jon Sternstein
    1. Introduction 00:04:29
  2. Lesson 1: Overview of Ethical Hacking and Penetration Testing
    1. Learning objectives 00:01:03
    2. 1.1 Introducing Ethical Hacking and Pen Testing 00:03:56
    3. 1.2 Getting Started with Ethical Hacking and Pen Testing 00:06:26
    4. 1.3 Understanding the Legal Aspects of Penetration Testing 00:07:34
    5. 1.4 Exploring Penetration Testing Methodologies 00:03:39
    6. 1.5 Exploring Penetration Testing and other Cyber Security Certifications 00:08:19
    7. 1.6 Building Your Own Lab: Overview 00:07:54
    8. 1.7 Building Your Own Lab: VIRL and Operating System Software 00:09:21
    9. 1.8 Understanding Vulnerabilities, Threats, and Exploits 00:02:54
    10. 1.9 Understanding the Current Threat Landscape 00:07:07
  3. Lesson 2: Kali Linux
    1. Learning objectives 00:00:32
    2. 2.1 Installing Kali 00:06:17
    3. 2.2 Examining Kali Modules and Architecture 00:07:34
    4. 2.3 Managing Kali Services 00:06:39
  4. Lesson 3: Passive Reconnaissance
    1. Learning objectives 00:00:31
    2. 3.1 Understanding Passive Reconnaissance 00:04:56
    3. 3.2 Exploring Passive Reconnaissance Methodologies: Discovering Host and Port Information 00:12:26
    4. 3.3 Exploring Passive Reconnaissance Methodologies: Searching for Files 00:07:21
    5. 3.4 Exploring Passive Reconnaissance Methodologies: Searching for Names, Passwords, and Sensitive Information 00:05:53
    6. 3.5 Surveying Essential Tools for Passive Reconnaissance: SpiderFoot, theHarvester, and Discover 00:09:08
    7. 3.6 Surveying Essential Tools for Passive Reconnaissance: Recon-ng 00:20:33
  5. Lesson 4: Active Reconnaissance
    1. Learning objectives 00:00:32
    2. 4.1 Understanding Active Reconnaissance 00:02:26
    3. 4.2 Exploring Active Reconnaissance Methodologies from an Ethical Hacker Perspective 00:01:59
    4. 4.3 Surveying Essential Tools for Active Reconnaissance: Port Scanning and Web Service Review 00:12:42
    5. 4.4 Surveying Essential Tools for Active Reconnaissance: Network and Web Vulnerability Scanners 00:06:02
  6. Lesson 5: Hacking Web Applications
    1. Learning objectives 00:00:40
    2. 5.1 Understanding Web Applications 00:05:24
    3. 5.2 Understanding Web Architectures 00:01:54
    4. 5.3 Uncovering Web Vulnerabilities 00:08:25
    5. 5.4 Testing Web Applications: Methodology 00:01:55
    6. 5.5 Testing Web Applications: Reconnaissance 00:05:12
    7. 5.6 Testing Web Applications: Mapping 00:05:45
    8. 5.7 Testing Web Applications: Vulnerability Discovery 00:11:54
    9. 5.8 Understanding the Exploitation of Web Applications 00:10:13
    10. 5.9 Surveying Defenses to Mitigate Web Application Hacking 00:03:14
  7. Lesson 6: Hacking User Credentials
    1. Learning objectives 00:00:28
    2. 6.1 Understanding Authentication and Authorization Mechanisms 00:02:57
    3. 6.2 Understanding Authentication and Authorization Attacks 00:05:43
    4. 6.3 Exploring Password Storage Mechanisms 00:02:56
    5. 6.4 Understanding Password Storage Vulnerability 00:03:41
    6. 6.5 Cracking Passwords with John the Ripper 00:12:52
    7. 6.6 Cracking Passwords with hashcat 00:09:20
    8. 6.7 Improving Password Security 00:02:13
  8. Lesson 7: Hacking Databases
    1. Learning objectives 00:00:31
    2. 7.1 Reviewing Database Fundamentals 00:07:43
    3. 7.2 Attacking a Database: Discovery, Validation, and Exploitation 00:14:43
    4. 7.3 Attacking a Database: Automated Scanners 00:03:28
    5. 7.4 Surveying Defenses to Mitigate Database Hacking 00:06:36
  9. Lesson 8: Hacking Networking Devices
    1. Learning objectives 00:01:06
    2. 8.1 Understanding the Reasons for and the Steps to Hacking a Network 00:05:57
    3. 8.2 Reviewing Networking Technology Fundamentals: OSI and DoD Internet Models 00:05:02
    4. 8.3 Reviewing Networking Technology Fundamentals: Forwarding Device Architecture and Communication 00:06:19
    5. 8.4 Building an Internetwork Topology Using VIRL 00:05:43
    6. 8.5 Hacking Switches: Reviewing Ethernet Fundamentals 00:15:10
    7. 8.6 Hacking Switches: Demo 00:06:24
    8. 8.7 Hacking Switches: ARP Vulnerabilities and ARP Cache Poisoning 00:06:47
    9. 8.8 Reviewing Router Fundamentals 00:16:18
    10. 8.9 Examining ICMP, First Hop Redundancy and Routing Protocol Attacks 00:11:58
    11. 8.10 Hacking the Management Plane 00:19:57
    12. 8.11 Understanding Firewall Fundamentals and Levels of Inspection 00:10:46
    13. 8.12 Performing Firewall Reconnaissance and Tunneling 00:05:50
    14. 8.13 Surveying Essential Tools for Hacking Network Devices: Packet Capture 00:09:36
    15. 8.14 Surveying Essential Tools for Hacking Network Devices: Switch and Router Hacking Tools 00:05:04
    16. 8.15 Surveying Essential Tools for Hacking Network Devices: ARP Spoofing Tools 00:09:35
    17. 8.16 Surveying Essential Tools for Hacking Network Devices: MiTM Tools 00:02:52
    18. 8.17 Surveying Essential Tools for Hacking Network Devices: Linux Tools 00:03:52
    19. 8.18 Using Network Device Hacking Tools to Perform a MiTM Attack 00:03:53
  10. Lesson 9: Fundamentals of Wireless Hacking
    1. Learning objectives 00:00:34
    2. 9.1 Reviewing Wireless Technology Fundamentals 00:09:04
    3. 9.2 Surveying Wireless Hacking Tools: Wireless Adapters 00:07:52
    4. 9.3 Surveying Wireless Hacking Tools: Software 00:05:50
    5. 9.4 Hacking WEP, WPA, and Other Protocols 00:13:04
    6. 9.5 Understanding Hacking Wireless Clients 00:15:22
  11. Lesson 10: Buffer Overflows
    1. Learning objectives 00:00:34
    2. 10.1 Understanding Buffer Overflows 00:08:22
    3. 10.2 Exploiting Buffer Overflows 00:06:31
    4. 10.3 Overcoming Defenses for Buffer Overflow Vulnerabilities 00:02:42
    5. 10.4 Understanding Fuzzing 00:03:26
    6. 10.5 Creating a Fuzzing Strategy 00:07:48
    7. 10.6 Exploring Mutation-based, Generation-based, and Evolutionary Fuzzers 00:05:21
    8. 10.7 Surveying Tools to Find and Exploit Buffer Overflows 00:09:29
  12. Lesson 11: Powershell Attacks
    1. Learning objectives 00:00:22
    2. 11.1 Understanding Powershell 00:06:56
    3. 11.2 Pwning Windows Using PowerShell: Empire Components, Setup, and Basic Exploits 00:15:54
    4. 11.3 Pwning Windows Using PowerShell: Empire Modules and Advanced Exploits 00:09:21
    5. 11.4 Gathering Network Information Using PowerShell 00:04:19
  13. Lesson 12: Evasion and Post Exploitation Techniques
    1. Learning objectives 00:00:29
    2. 12.1 Understanding Security Evasion Techniques 00:11:01
    3. 12.2 Exploring Post Exploitation Techniques 00:02:39
    4. 12.3 Covering Your Tracks 00:02:59
  14. Lesson 13: Social Engineering
    1. Learning objectives 00:00:34
    2. 13.1 Understanding Social Engineering 00:15:24
    3. 13.2 Exploring the Social Engineering Toolkit (SET) 00:08:38
    4. 13.3 Exploring Maltego 00:07:51
    5. 13.4 Surveying Social Engineering Case Studies 00:15:55
  15. Lesson 14: Maintaining Persistence, Pivoting, and Data Exfiltration
    1. Learning objectives 00:00:35
    2. 14.1 Understanding Persistence 00:04:12
    3. 14.2 Gaining Network Access 00:12:11
    4. 14.3 Gaining Network Access with SMB Relay Attacks, NetBIOS Name Service and LLMNR Poisoning 00:07:30
    5. 14.4 Maintaining Persistence 00:02:04
    6. 14.5 Understanding Pivoting and Lateral Movement 00:09:05
    7. 14.6 Defending Against the Advanced Persistent Threat 00:03:29
  16. Lesson 15: Writing Penetration Testing Reports
    1. Learning objectives 00:00:40
    2. 15.1 Understanding Pen Test Reports and How They Are Used 00:01:43
    3. 15.2 Planning and Organizing Your Report 00:06:57
    4. 15.3 Understanding the Pen Test Report Format 00:03:11
    5. 15.4 Exploring Risk Ratings 00:03:38
    6. 15.5 Distributing Pen Test Reports 00:02:57
  17. Summary
    1. Security Penetration Testing: Summary 00:01:02
  18. Hacking Web Applications (The Art of Hacking Series): Security Penetration Testing for Today's DevOps and Cloud Environments by Omar Santos
    1. Introduction 00:01:46
  19. Lesson 1: Introduction to Web Application Penetration Testing
    1. Learning objectives 00:00:45
    2. 1.1 Understanding Ethical Hacking and Penetration Testing 00:03:10
    3. 1.2 Surveying Web Application Penetration Testing Methodologies 00:05:34
    4. 1.3 Understanding the Need for Web Application Penetration Testing 00:04:29
    5. 1.4 Exploring How Web Applications Have Evolved Over Time 00:05:51
    6. 1.5 Exploring What Programming Languages You Should Know 00:03:58
  20. Lesson 2: Overview of Web Applications for Security Professionals
    1. Learning objectives 00:00:48
    2. 2.1 Understanding the Web Application Protocols 00:11:18
    3. 2.2 Exploring the HTTP Request and Response 00:05:06
    4. 2.3 Surveying Session Management and Cookies 00:08:37
    5. 2.4 Introducing DevOps 00:03:09
    6. 2.5 Exploring Cloud Services 00:06:38
    7. 2.6 Exploring Web Application Frameworks 00:04:43
    8. 2.7 Surveying Docker Containers 00:06:28
    9. 2.8 Introducing Kubernetes 00:03:31
  21. Lesson 3: Build Your Own Web Application Lab
    1. Learning objectives 00:00:51
    2. 3.1 Exploring Kali Linux 00:14:35
    3. 3.2 Introducing Vulnerable Applications 00:01:16
    4. 3.3 Surveying DVWA 00:02:09
    5. 3.4 Surveying WebGoat 00:02:25
    6. 3.5 Surveying Hackazon 00:02:12
    7. 3.6 Exploring the Web Security Dojo 00:02:40
    8. 3.7 Understanding Web Application Proxies 00:03:30
    9. 3.8 Understanding Cyber Ranges and Capture the Flag Events 00:02:25
  22. Lesson 4: Reconnaissance and Profiling Web Applications
    1. Learning objectives 00:00:56
    2. 4.1 Understanding Passive vs. Active Reconnaissance 00:02:55
    3. 4.2 Using Search Engines and Public Information 00:03:50
    4. 4.3 Exploring Shodan, Maltego, Recon-NG, SpiderFoot, and TheHarvester 00:10:58
    5. 4.4 Exploring CMS and Framework Identification 00:03:36
    6. 4.5 Surveying Web Crawlers and Directory Brute Force 00:03:35
    7. 4.6 Understanding How Web Application Scanners Work 00:01:26
    8. 4.7 Introducing Nikto 00:02:41
    9. 4.8 Introducing the Burp Suite 00:16:41
    10. 4.9 Introducing OWASP Zed Application Proxy (ZAP) 00:03:44
    11. 4.10 Introducing OpenVAS 00:10:03
  23. Lesson 5: Authentication and Session Management Vulnerabilities
    1. Learning objectives 00:00:29
    2. 5.1 Understanding Authentication Schemes in Web Applications and Related Vulnerabilities 00:17:51
    3. 5.2 Exploring Session Management Mechanisms and Related Vulnerabilities 00:09:40
  24. Lesson 6: Exploiting Injection-Based Vulnerabilities
    1. Learning objectives 00:00:36
    2. 6.1 Understanding Command Injection 00:01:31
    3. 6.2 Exploiting Command Injection Vulnerabilities 00:02:41
    4. 6.3 Understanding SQL Injection 00:04:59
    5. 6.4 Exploiting SQL Injection Vulnerabilities 00:17:57
    6. 6.5 Understanding XML Injection 00:01:01
    7. 6.6 Exploiting XML Injection Vulnerabilities 00:02:28
    8. 6.7 Mitigating Injection Vulnerabilities 00:02:06
  25. Lesson 7: Cross-Site Scripting (XSS) and Cross-Site Request Forgery Vulnerabilities
    1. Learning objectives 00:00:47
    2. 7.1 Introducing XSS 00:01:11
    3. 7.2 Exploiting Reflected XSS Vulnerabilities 00:01:57
    4. 7.3 Exploiting Stored XSS Vulnerabilities 00:02:44
    5. 7.4 Exploiting DOM-based XSS Vulnerabilities 00:02:22
    6. 7.5 Understanding Cross-Site Request Forgery (CSRF) 00:00:56
    7. 7.6 Exploiting CSRF Vulnerabilities 00:01:57
    8. 7.7 Evading Web Application Security Controls 00:04:06
    9. 7.8 Mitigating XSS and CSRF Vulnerabilities 00:05:15
  26. Lesson 8: Exploiting Weak Cryptographic Implementations
    1. Learning objectives 00:00:40
    2. 8.1 Introducing Cryptography, Encryption, and Hashing Protocols 00:18:04
    3. 8.2 Identifying Common Flaws in Data Storage and Transmission 00:06:22
    4. 8.3 Surveying Examples of Crypto-based Attacks and Vulnerabilities 00:03:54
    5. 8.4 Mitigating Flaws in Cryptographic Implementations 00:02:45
  27. Lesson 9: Attacking Application Programming Interfaces (APIs)
    1. Learning objectives 00:00:22
    2. 9.1 Understanding the APIs 00:02:07
    3. 9.2 Exploring the Tools Used to Test the APIs 00:05:15
  28. Lesson 10: Client-side Attacks
    1. Learning objectives 00:00:27
    2. 10.1 Surveying the Client-side Code and Storage 00:04:22
    3. 10.2 Understanding HTML5 Implementations 00:06:43
    4. 10.3 Understanding AJAX Implementations 00:01:55
    5. 10.4 Mitigating AJAX, HTML5, and Client-side Vulnerabilities 00:01:34
  29. Lesson 11: Additional Web Application Security Vulnerabilities and Attacks
    1. Learning objectives 00:00:36
    2. 11.1 Understanding the Other Common Security Flaws in Web Applications 00:02:56
    3. 11.2 Exploiting Insecure Direct Object References and Path Traversal 00:07:02
    4. 11.3 Surveying Information Disclosure Vulnerabilities 00:01:08
    5. 11.4 Fuzzing Web Applications 00:08:12
  30. Summary
    1. Hacking Web Applications: Summary 00:01:09
  31. Wireless Networks, IoT, and Mobile Devices Hacking (The Art of Hacking Series) by Omar Santos
    1. Introduction 00:02:05
  32. Lesson 1: Introducing Wireless
    1. Learning objectives 00:00:31
    2. 1.1 Introducing Wireless Hacking 00:04:38
    3. 1.2 Introducing Wireless Standards and Technologies 00:09:36
    4. 1.3 Understanding the 802.11 Standard 00:13:09
    5. 1.4 Understanding Bluetooth 00:11:06
    6. 1.5 Understanding NFC 00:11:42
    7. 1.6 Understanding 802.1x and Wireless Authentication Mechanisms 00:10:03
  33. Lesson 2: Wireless Client Attacks
    1. Learning objectives 00:00:47
    2. 2.1 Understanding Wireless Client Attacks and Their Motives 00:05:19
    3. 2.2 Learning Packet Injection Attacks 00:01:54
    4. 2.3 Eavesdropping and Manipulating Unencrypted Wi-Fi Communications 00:04:26
    5. 2.4 Attacking Publicly Secure Packet Forwarding (PSPF) 00:03:25
    6. 2.5 Attacking the Preferred Network List (PNL) 00:02:04
  34. Lesson 3: Building Your Lab and Attack Hardware
    1. Learning objectives 00:00:26
    2. 3.1 Understanding Wireless Antennas 00:02:26
    3. 3.2 Surveying Wi-Fi Devices Like the Pinneaple 00:06:20
    4. 3.3 Building Your Own Lab 00:03:00
  35. Lesson 4: Aircrack-ng
    1. Learning objectives 00:00:33
    2. 4.1 Introducing the Aircrack-ng Suite 00:05:52
    3. 4.2 Introducing Airmon-ng 00:01:45
    4. 4.3 Understanding Airodump-ng 00:03:12
    5. 4.4 Introducing Aireplay-ng 00:02:33
    6. 4.5 Introducing Airdecap-ng 00:01:44
    7. 4.6 Introducing Airserv-ng 00:02:35
    8. 4.7 Introducing Airtun-ng 00:01:34
  36. Lesson 5: Cracking WEP
    1. Learning objectives 00:00:24
    2. 5.1 Understanding WEP Fundamentals 00:01:46
    3. 5.2 Learning How to Crack WEP 00:05:22
  37. Lesson 6: Hacking WPA
    1. Learning objectives 00:00:34
    2. 6.1 Understanding WPA Fundamentals 00:02:21
    3. 6.2 Surveying Attacks Against WPA2-PSK Networks 00:03:26
    4. 6.3 Using coWPAtty 00:05:35
    5. 6.4 Using Pyrit 00:02:47
    6. 6.5 Exploring WPA Enterprise Hacking 00:02:49
  38. Lesson 7: Performing Wireless Reconnaissance
    1. Learning objectives 00:00:27
    2. 7.1 Using Kismet 00:04:00
    3. 7.2 Using Wireshark 00:01:57
    4. 7.3 Learning How to Hack Default Configurations 00:03:04
  39. Lesson 8: Evil Twins and Rogue Access Points
    1. Learning objectives 00:00:29
    2. 8.1 Defining Evil Twin Attacks 00:01:20
    3. 8.2 Performing Evil Twin Attacks 00:08:37
    4. 8.3 Using Karmetasploit 00:03:17
    5. 8.4 Exploring the WiFi Pineapple 00:14:08
  40. Lesson 9: Attacking Bluetooth
    1. Learning objectives 00:00:27
    2. 9.1 Understanding Bluetooth Vulnerabilities 00:02:09
    3. 9.2 Surveying Tools for Bluetooth Monitoring 00:04:43
  41. Lesson 10: Attacking NFC
    1. Learning objectives 00:00:37
    2. 10.1 Understanding NFC Vulnerabilities 00:03:14
    3. 10.2 Exploring NFC Attacks and Case Studies 00:06:35
  42. Lesson 11: Wireless Defenses
    1. Learning objectives 00:00:28
    2. 11.1 Understanding the Evolution of Wireless Defenses 00:05:57
    3. 11.2 Surveying Fast and Secure Roaming 00:14:52
    4. 11.3 Understanding Wireless Intrusion Monitoring and Prevention 00:02:34
    5. 11.4 Understanding Wireless Security Policies 00:04:02
  43. Lesson 12: Hacking IoT Devices
    1. Learning objectives 00:00:27
    2. 12.1 Understanding IoT Fundamentals 00:04:41
    3. 12.2 Exploring ZigBee and IEEE 802.15.4 00:05:27
    4. 12.3 Exploring INSTEON 00:05:00
    5. 12.4 Exploring ZWave 00:12:04
    6. 12.5 Exploring LoRA 00:06:53
  44. Lesson 13: Mobile Device Security
    1. Learning objectives 00:00:40
    2. 13.1 Understanding OWASP Mobile Device Vulnerabilities 00:04:33
    3. 13.2 Wrestling with the BYOD Dilemma 00:02:11
    4. 13.3 Understanding Mobile Device Management (MDM) 00:02:20
    5. 13.4 Understanding Mobile Device Security Policies 00:01:49
  45. Lesson 14: Hacking Android Devices
    1. Learning objectives 00:00:33
    2. 14.1 Exploring The Android Security Model 00:16:47
    3. 14.2 Exploring Android Emulators and SDK 00:03:42
    4. 14.3 Understanding Android Hacking Tools and Methodologies 00:16:11
  46. Lesson 15: Hacking iOS Devices
    1. Learning objectives 00:00:26
    2. 15.1 Introducing iOS Security 00:02:24
    3. 15.2 Exploring Jailbraking iOS 00:02:53
    4. 15.3 Surveying Tools for Dissasembling iOS Applications 00:01:28
  47. Summary
    1. Wireless Networks, IoT, and Mobile Devices Hacking: Summary 00:01:27
  48. Enterprise Penetration Testing and Continuous Monitoring (The Art of Hacking Series) by Omar Santos
    1. Introduction 00:02:25
  49. Lesson 1: Introduction to Enterprise Penetration Testing and Continuous Monitoring
    1. Learning objectives 00:01:14
    2. 1.1 Introducing Red Teams and Enterprise Hacking 00:05:43
    3. 1.2 Understanding Enterprise Wide Penetration Testing 00:08:14
    4. 1.3 Understanding the Difference Between Red and Blue Teams 00:02:54
    5. 1.4 Exploring How to Plan and Fund a Red Team 00:03:23
    6. 1.5 Surveying Operational Processes and Policies for the Red Team 00:03:52
    7. 1.6 Understanding How to Create and Hire the Red Team 00:02:29
    8. 1.7 Understanding Red Team Collaboration 00:02:45
  50. Lesson 2: External and Internal Reconnaissance
    1. Learning objectives 00:00:33
    2. 2.1 Understanding the Red Team Environment 00:05:42
    3. 2.2 Understanding Passive Recon 00:15:13
    4. 2.3 Understanding Active Recon 00:02:39
  51. Lesson 3: Enterprise Social Engineering
    1. Learning objectives 00:00:25
    2. 3.1 Surveying Social Engineering Methodologies 00:04:13
    3. 3.2 Understanding How to Target Employees 00:02:51
    4. 3.3 Exploiting Social Engineering Tools 00:08:02
  52. Lesson 4: Network and Vulnerability Scanning
    1. Learning objectives 00:00:43
    2. 4.1 Exploring Network and Vulnerability Scanning Methodologies 00:03:51
    3. 4.2 Understanding the Operational Impact of Enterprise-wide Scanning 00:09:40
    4. 4.3 Understanding Scanning Tools 00:04:34
    5. 4.4 Exploring How to Automate Scans 00:07:40
    6. 4.5 Using Shodan and Its API 00:03:30
    7. 4.6 Exploring Vulnerability Scanners 00:10:22
    8. 4.7 Understanding Binary and Source Code Scanners 00:02:45
    9. 4.8 Understanding How to Perform Continuous Monitoring 00:03:33
  53. Lesson 5: Web App Testing
    1. Learning objectives 00:00:31
    2. 5.1 Exploring How to Target Hosts 00:05:36
    3. 5.2 Exploring Web App Testing Essential Tools 00:07:37
    4. 5.3 Understanding Enterprise Application Continuous Testing 00:03:37
  54. Lesson 6: Internal Testing
    1. Learning objectives 00:00:22
    2. 6.1 Understanding How to Initially Get on the Network 00:02:52
    3. 6.2 Understanding What Hosts to Target and the Scope of the Testing 00:06:37
    4. 6.3 Exploring the Hidden Cost of Open Source Software 00:04:04
    5. 6.4 Learning How to Host Enterprise Capture the Flag Events 00:03:01
  55. Lesson 7: Privilege Escalation
    1. Learning objectives 00:00:34
    2. 7.1 Learning Privilege Escalation Methodologies 00:06:51
    3. 7.2 Understanding Lateral Movement 00:04:09
    4. 7.3 Surveying Privilege Escalation Essential Tools 00:02:31
  56. Lesson 8: Enterprise Secrets, Post Exploitation, and Data Exfiltration
    1. Learning objectives 00:01:00
    2. 8.1 Understanding Persistent Access 00:02:03
    3. 8.2 Learning How to Achieve Domain Admin Access 00:02:54
    4. 8.3 Understanding How to Compromise User Credentials 00:05:25
    5. 8.4 Surveying Password Cracking & Reporting 00:02:58
    6. 8.5 Understanding That Domain Admin Is Not the End Goal 00:01:08
    7. 8.6 Searching for Sensitive Data 00:04:37
    8. 8.7 Understanding Data Exfiltration Techniques 00:07:44
    9. 8.8 Understanding How to Cover Your Tracks 00:04:01
  57. Lesson 9 Cloud Services
    1. Learning objectives 00:00:27
    2. 9.1 Understanding the Challenge of Testing Cloud Services 00:03:50
    3. 9.2 Exploring How to Test in the Cloud 00:03:33
  58. Lesson 10 Reporting & Continuous Evaluation
    1. Learning objectives 00:00:28
    2. 10.1 Surveying Final Reports for Transactional Penetration Testing Events 00:04:25
    3. 10.2 Surveying Continouos Reporting for Enterprise Continuous Monitoring 00:01:50
  59. Summary
    1. Enterprise Penetration Testing and Continuous Monitoring: Summary 00:01:48