Ethical Hacking Bootcamp with Hands-on Labs
Published by Pearson
This is a comprehensive Ethical Hacking (security penetration testing) hands-on boot camp! In this 3-day course you will get the training and experience you need to successfully launch your ethical hacking career. You will participate in live discussions, demos, whiteboard instruction and lab exercises. No prior experience is needed. Omar Santos, best-selling security author, speaker and Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations will walk you through numerous exercises and ethical hacking concepts. If you are starting your cyber career, seeking your Certified Ethical Hacking, CompTIA PenTest+, or Offensive Security Certified Professional (OSCP) Certification, or are just interested in learning more about cyber security, this three-day training session is for you!
This course provides step-by-step real-life scenarios. It starts by going over passive and active recon, then dives deep into scanning, target exploitation, password attacks, web application testing, buffer overflows, wired and wireless network hacking, and post-exploitation techniques. You will use dozens of different tools that can be used to penetrate a wired and wireless network and the systems within that network. In this training we will go over several tools like the social engineering tool kit (SET), Metasploit, Maltego, and many more. After that you’ll different best practices on how to write a penetration testing report.
What you’ll learn and how you can apply it
- Penetration testing Linux distributions such as Kali Linux, Parrot, Black Arch and others
- Performing Passive and Active Reconnaissance
- Performing Vulnerability Scanning
- Hacking Web Applications
- Hacking User Credentials
- Hacking Databases
- Hacking Networking Devices
- Wireless Hacking
- Buffer Overflows
- Social Engineering
- Evasion and Post Exploitation Techniques
- How to Maintain Persistence, Pivoting, and Data Exfiltration
This live event is for you because...
- You have an understanding of cybersecurity fundamentals.
- You are preparing for the Certified Ethical Hacker (CEH), CEH Practical, CompTIA PenTest+, or Offensive Security Certified Professional (OSCP) certifications.
- You are interested in cybersecurity and penetration testing (ethical hacking).
- You want to learn different methodologies and best practices to perform security penetration testing assessments.
Prerequisites
- Course participants should have a basic understanding of cybersecurity and networking concepts.
- The following Learning Path provides a great overview of cybersecurity fundamentals and ethical hacking concepts that are prerequisites for this course
Course Set-up
- The course setup instructions are documented at Ethical Hacking Bootcamp
Recommended Follow-up
- Explore From Zero to Ethical Hacker- 10 Weeks to Becoming an Ethical Hacker and Bug Hunter (Learning Path)
- Watch The Art of Hacking (Video Collection)
- Watch Security Penetration Testing The Art of Hacking Series LiveLessons
- Watch Wireless Networks, IoT, and Mobile Devices Hacking - The Art of Hacking (Video)
- Watch Enterprise Penetration Testing and Continuous Monitoring - The Art of Hacking (Video)
- Explore Ethical Hacking Interactive Scenarios
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1
Section 1: Introduction to Ethical Hacking, Building Your Own Lab, and Setup (50 minutes)
- An introduction to ethical hacking and penetration testing methodologies.
- Instructions to build your own lab and training logistics.
- Lab setup
- Break 10 minutes
Section 2: Passive Reconnaissance (50 minutes)
- Introducing passive reconnaissance
- Using Recon-NG
- Using The Harvester
- Using SpiderFoot
- Using Maltego
- Break 10 minutes
Section 3: Active Reconnaissance (60 minutes)
- Introducing passive reconnaissance
- Using Nmap for port scanning
- Using the Nmap Scripting Engine (NSE)
- Using Enum4linux
- Using smbmap
- Using nbtscan
- SSL/TLS analysis
- Break 10 minutes
Section 4: Social Engineering (50 minutes)
- Introducing social engineering
- Reviewing social engineering tools and methodologies
- Using the Social Engineering Toolkit (SET) to perform social engineering attacks
DAY 2
Section 5: Buffer Overflows (20 minutes)
- Introducing buffer overflows
- Using debuggers and disassemblers
- Understanding what shellcode is and how to create your own payloads
Section 6: Introduction to Web Application Hacking (30 minutes)
- Introducing Web Application Protocols
- How web applications have evolved
- Penetration testing of modern applications
- Introduction to APIs for penetration testers and ethical hackers
- Introduction to Docker for penetration testers and ethical hackers
- Introduction to Kubernetes for penetration testers and ethical hackers
- Break 10 minutes
Section 7: Bypassing Authentication and Authorization, XSS, CSRF, and SQL Injection (50 minutes)
- Introduction to Authentication and Authorization in modern applications.
- Introduction to Session Management
- Performing Session Hijacking
- Bypassing Authentication and Authorization
- Cross-site scripting attacks
- Exploiting Cross-site request forgery and server-side request forgery vulnerabilities
- Exploiting SQL injection
- Break 10 minutes
Section 8: Advanced Exploitation and System Manipulation (50 minutes)
- Credential based attacks.
- Creating payloads
- Advanced system manipulation
- Break 10 minutes
Section 9: Post-Exploitation (60 minutes)
- Command and control (C2)
- Introducing post-exploitation methodologies
- Lateral movement and pivoting
- Exfiltration
- Privilege escalation
- Evading firewalls, IPS, and other security controls
- Covering your tracks
Your Instructor
Omar Santos
Omar Santos is a Distinguished Engineer at Cisco focusing on advanced AI security research, cybersecurity, incident response, and vulnerability disclosure. He is the co-chair of the Coalition for Secure AI (CoSAI) alongside leading AI companies such as OpenAI, Google, Anthropic, and NVIDIA. Omar has served in the board of the OASIS Open standards organization and is also the chair of the OpenEoX and the Common Security Advisory Framework (CSAF) technical committee. His work led the creation of the CSAF ISO standard. Omar's collaborative efforts extend to numerous organizations, including OWASP, FIRST, and he was the lead of the DEF CON Red Team Village for several years. Omar is the author of over 25 books, 21 video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. Omar's work in cybersecurity is also recognized through multiple granted patents. Prior to Cisco, Omar served in the United States Marines focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer, and Intelligence (C4I) systems.