Enterprise Penetration Testing and Continuous Monitoring The Art of Hacking

Video description

More than 3.5 hours of video instruction to help you learn the skills necessary to perform advanced penetration testing in an enterprise networking environment.
Overview
Enterprise Penetration Testing and Continuous Monitoring LiveLessons, part of The Art of Hacking video series, provides step-by-step, real-life complex scenarios of performing security assessments (penetration testing) of enterprise networks using internal/external reconnaissance, social engineering, and network and vulnerability scanning. You also learn how to perform web app testing, internal network testing, privilege escalation, password cracking, and data exfiltration to probe for and mitigate enterprise vulnerabilities. The course concludes with a look at reporting and evaluation methods to ensure that your enterprise environment stays secure from ever-evolving threats and security vulnerabilities.
Get step-by-step guidance so you can learn ethical hacking, penetration testing, and security posture assessment. You also learn the various concepts associated with many different leading-edge offensive security skills in the industry. Full of multimedia tutorials and hands-on demos that users can apply to real-world scenarios, this is a must for anyone interested in pursuing an ethical hacking career or simply keeping abreast of evolving threats to keep your enterprise network secure from vulnerabilities.
Topics include
* Introduction to enterprise penetration testing and continuous monitoring
* External and internal reconnaissance
* Enterprise social engineering
* Network and vulnerability scanning
* Web app testing
* Internal testing
* Privilege escalation
* Enterprise secrets, post exploitation, and data exfiltration
* Cloud services
* Reporting and continuous evaluation
Learn How To
* Plan, build, and run a Red Team to conduct enterprise hacking
* Probe for enterprise vulnerabilities using passive/active reconnaissance, social engineering, and network and vulnerability scanning
* Target hosts and deploy tools to compromise web apps
* Infiltrate the network, scan vulnerable targets and open-source software, and host a “capture-the-flag” event to identify enterprise vulnerabilities
* Escalate network access privilege using proven methods and tools
* Perform password cracking, compromise network and user credentials, exfiltrate sensitive data, and cover your tracks in the process
* Test cloud services for vulnerabilities
* Conduct reports for penetration testing events and set up a continuous monitoring infrastructure to mitigate ongoing threats
Who Should Take This Course?
* Any network and security professional who is starting a career in ethical hacking and penetration testing
* Individuals preparing for the CompTIA PenTest+, the Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and any other ethical hacking certification
* Any cybersecurity professional who wants to learn the skills required to become a professional ethical hacker or who wants to learn more about general security penetration testing methodologies and concepts
Course Requirements
Requires basic knowledge of networking and cybersecurity concepts and technologies.

Lesson descriptions
Lesson 1, "Introduction to Enterprise Penetration Testing and Continuous Monitoring," covers Red Teams and enterprise hacking. This lesson differentiates continuous evaluation of an enterprise security posture using Red Teams from the traditional penetration testing done in a transactional basis. The lesson concludes with a look at how to plan for, fund, and establish the scope and ground rules for Red Team collaboration.
Lesson 2, "External and Internal Reconnaissance," further defines the Red Team environment and then differentiates between passive and active reconnaissance before delving into the techniques and tools for performing reconnaissance, with attention on the legal and moral concerns associated with the continuous monitoring of an enterprise network.
Lesson 3, "Enterprise Social Engineering," reviews different social engineering methodologies, how Red Teams target employees, and the use of open-source social engineering tools.
Lesson 4, "Network and Vulnerability Scanning," reviews different methodologies for performing network and vulnerability scanning, the operational impact of enterprise-wide scanning, and the available open-source and commercial scanning tools. This lesson also covers how enterprises are shifting from transactional penetration testing to deploying Red Teams to perform continuous monitoring.
Lesson 5, "Web App Testing," covers how to target enterprise host and web applications with a focus on several tools to perform web application testing as well as how to perform continuous testing within the enterprise.
Lesson 6, "Internal Testing," reviews techniques to initially get on the network, identify the hosts to target, and establish the scope of the testing.
Lesson 7, "Privilege Escalation," defines privilege escalation and how to achieve it, using several examples facilitated by readily available tools to do so. The lesson concludes with how to understand and perform lateral movement.
Lesson 8, "Enterprise Secrets, Post Exploitation, and Data Exfiltration," focuses on persistent access and post exploitation techniques. The lesson covers how to achieve domain access, compromise user credentials, and implement password cracking and reporting tools, search for sensitive data, and exfiltrate data. Finally, you learn how to cover your tracks to avoid detection, with the end goal of identifying how to respond to these types of attacks so that you can mitigate the vulnerabilities for the enterprise.
Lesson 9, "Cloud Services," reviews the challenges and caveats when performing penetration testing in the enterprise cloud environment, supported by some illustrative case studies.
Lesson 10, "Reporting & Continuous Evaluation," covers the differences between final reports for traditional penetration testing and how enterprise Red Teams report their findings to stakeholders and executives with a focus on continuous monitoring.
About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world- leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of contents

  1. Introduction
    1. Enterprise Penetration Testing and Continuous Monitoring The Art of Hacking: Introduction
  2. Lesson 1: Introduction to Enterprise Penetration Testing and Continuous Monitoring
    1. Learning objectives
    2. 1.1 Introducing Red Teams and Enterprise Hacking
    3. 1.2 Understanding Enterprise Wide Penetration Testing
    4. 1.3 Understanding the Difference Between Red and Blue Teams
    5. 1.4 Exploring How to Plan and Fund a Red Team
    6. 1.5 Surveying Operational Processes and Policies for the Red Team
    7. 1.6 Understanding How to Create and Hire the Red Team
    8. 1.7 Understanding Red Team Collaboration
  3. Lesson 2: External and Internal Reconnaissance
    1. Learning objectives
    2. 2.1 Understanding the Red Team Environment
    3. 2.2 Understanding Passive Recon
    4. 2.3 Understanding Active Recon
  4. Lesson 3: Enterprise Social Engineering
    1. Learning objectives
    2. 3.1 Surveying Social Engineering Methodologies
    3. 3.2 Understanding How to Target Employees
    4. 3.3 Exploiting Social Engineering Tools
  5. Lesson 4: Network and Vulnerability Scanning
    1. Learning objectives
    2. 4.1 Exploring Network and Vulnerability Scanning Methodologies
    3. 4.2 Understanding the Operational Impact of Enterprise-wide Scanning
    4. 4.3 Understanding Scanning Tools
    5. 4.4 Exploring How to Automate Scans
    6. 4.5 Using Shodan and Its API
    7. 4.6 Exploring Vulnerability Scanners
    8. 4.7 Understanding Binary and Source Code Scanners
    9. 4.8 Understanding How to Perform Continuous Monitoring
  6. Lesson 5: Web App Testing
    1. Learning objectives
    2. 5.1 Exploring How to Target Hosts
    3. 5.2 Exploring Web App Testing Essential Tools
    4. 5.3 Understanding Enterprise Application Continuous Testing
  7. Lesson 6: Internal Testing
    1. Learning objectives
    2. 6.1 Understanding How to Initially Get on the Network
    3. 6.2 Understanding What Hosts to Target and the Scope of the Testing
    4. 6.3 Exploring the Hidden Cost of Open Source Software
    5. 6.4 Learning How to Host Enterprise Capture the Flag Events
  8. Lesson 7: Privilege Escalation
    1. Learning objectives
    2. 7.1 Learning Privilege Escalation Methodologies
    3. 7.2 Understanding Lateral Movement
    4. 7.3 Surveying Privilege Escalation Essential Tools
  9. Lesson 8: Enterprise Secrets, Post Exploitation, and Data Exfiltration
    1. Learning objectives
    2. 8.1 Understanding Persistent Access
    3. 8.2 Learning How to Achieve Domain Admin Access
    4. 8.3 Understanding How to Compromise User Credentials
    5. 8.4 Surveying Password Cracking amp; Reporting
    6. 8.5 Understanding That Domain Admin Is Not the End Goal
    7. 8.6 Searching for Sensitive Data
    8. 8.7 Understanding Data Exfiltration Techniques
    9. 8.8 Understanding How to Cover Your Tracks
  10. Lesson 9 Cloud Services
    1. Learning objectives
    2. 9.1 Understanding the Challenge of Testing Cloud Services
    3. 9.2 Exploring How to Test in the Cloud
  11. Lesson 10 Reporting amp; Continuous Evaluation
    1. Learning objectives
    2. 10.1 Surveying Final Reports for Transactional Penetration Testing Events
    3. 10.2 Surveying Continouos Reporting for Enterprise Continuous Monitoring
  12. Summary
    1. Enterprise Penetration Testing and Continuous Monitoring The Art of Hacking: Summary

Product information

  • Title: Enterprise Penetration Testing and Continuous Monitoring The Art of Hacking
  • Author(s): Omar Santos
  • Release date: May 2018
  • Publisher(s): Cisco Press
  • ISBN: 0134854772