Security Penetration Testing The Art of Hacking Series LiveLessons

Security Penetration Testing The Art of Hacking Series LiveLessons

by Omar Santos, Jon Sternstein, Ron Taylor, Chris McCoy
Released October 2017
Publisher(s): Cisco Press
ISBN: 0134833988

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

10 Hours of Expert Video Instruction

Overview

This course is a complete guide to help you get up and running with your cybersecurity career. You will learn the key tenets and fundamentals of ethical hacking and security penetration testing techniques. You will also explore professional networking and security topics, including an introduction to the world of white hat hacking, reconnaissance, Kali Linux, exploitation, and post-exploitation techniques. This course provides step-by-step real-life scenarios. You will see firsthand how an ethical hacker performs initial reconnaissance of a victim, how to assess systems, network security controls, and security posture.

With over 10 hours of training that includes live discussions, demos, whiteboard instruction and screencasts, Security Penetration Testing Live Lessons provides expert insights of the methodologies used to assess and compromise a network. It covers the legal aspects of ethical hacking and the associated risks. This course additionally reviews many different tools that can be used to penetrate a wired or wireless network and the systems within that network. Also covered are numerous types of attacks, along with security evasion and post exploitation techniques. You will additionally learn the art of social engineering, with special coverage of tools like the social engineering tool kit (SET), Metasploit, and Maltego. You'll find guidelines on how to write penetration testing reports, and learn how to plan and organize the them.

This course provides supplemental material to reinforce some of the critical concepts and techniques learned, scripts to help you build your own hacking environment, and examples of real-life penetration testing reports. This material can be accessed at theartofhacking.org.

While there are a variety of ethical hacking and cybersecurity certifications out there, this course is meant to introduce people to the concepts behind ethical hacking and penetration testing and is certification agnostic.

Topics include:

Lesson 1: Overview of Ethical Hacking and Penetration Testing

Lesson 2: Kali Linux

Lesson 3: Passive Reconnaissance

Lesson 4: Active Reconnaissance

Lesson 5: Hacking Web Applications

Lesson 6: Hacking User Credentials

Lesson 7; Hacking Databases

Lesson 8: Hacking Networking Devices

Lesson 9: Fundamentals of Wireless Hacking

Lesson 10: Buffer Overflows

Lesson 11: Powershell Attacks

Lesson 12: Evasion and Post Exploitation Techniques

Lesson 13: Social Engineering

Lesson 14: Maintaining Persistence, Pivoting, and Data Exfiltration

Lesson 15: Writing Penetration Testing Reports


Resources:
This is part of The Art of Hacking Series. Other titles in this series are:

Wireless Networks, IoT, and Mobile Devices Hacking (The Art of Hacking Series)

https://www.safaribooksonline.com/library/view/wireless-networks-iot/9780134854632/

About the Instructors

Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. Omar is the author of more than a dozen books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar's current projects can be found at omarsantos.io, and you can follow Omar on Twitter: @santosomar.

Chris McCoy is a technical leader in Cisco's Advanced Security Initiatives Group (ASIG). He has over 20 years of experience in the networking and security industry. He has a passion for computer security, finding flaws in mission-critical systems, and designing mitigations to thwart motivated and resourceful adversaries. He was formerly with Spirent Communications and the U.S. Air Force. He is CCIE certified in the Routing & Switching and Service Provider tracks, which he has held for over 10 years.

Jon Sternstein is the Founder and Principal Consultant of Stern Security, a security company focused on healthcare and credit union industries. Jon has been a lead contributor to securing a wide variety of organizations in healthcare, education, finance, legal, and government industries throughout his 13+ years in the security field. Prior to forming Stern Security, Jon Sternstein was the Security Officer at a large healthcare organization. Jon has created security departments and developed security architectures from the ground up. He has a strong passion for cyber security, educating others, and delivering solutions that allow organizations to operate seamlessly. Jon Sternstein is an active leader in the security industry. He co-chairs the Privacy and Security Workgroup at the North Carolina Healthcare Information and Communications Alliance (NCHICA). Jon was the former President of the BSides Raleigh Security conference.

Jon Sternstein actively works on both the offensive and defensive sides of the security industry. He graduated with a B.A. in Computer Science, minor in Business Studies, and holds the following security certifications: GIAC Penetration Tester (GPEN), Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), Certified Ethical Hacker (CEH), and more. In addition to the certifications, Jon has won Ethical Hacking Competition awards. He has presented at many conferences including: DerbyCon, BSides Raleigh, Healthcare Information and Management Systems Society (HIMSS), North Carolina Association of Certified Public Accountants (NCACPA), NCHICA Annual, and the Academic Medical Center (AMC) conferences. Jon has been a featured Cyber Security Expert on ABC News, WRAL News, and Business North Carolina Magazine. Stern Security's website: https:// www.sternsecurity.com

Ron Taylor has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting where he gained experience in many areas. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group (PSIRT) where his focus was mostly on penetration testing of Cisco products and services. Ron was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. In his current role, he is a Consulting Systems Engineer specializing in Cisco's security product line. Certifications include GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, Co-Founder and President of the Raleigh BSides Security Conference, and member of the Packet Hacking Village team at Defcon.

Skill Level

  • All levels

Learn How To

  • This course will provide step-by-step guidance about ethical hacking, penetration testing, and security posture assessment.
  • Provides an easy to use and cost effective means to learn the various concepts associated with many different leading-edge offensive security skills in the industry.
  • Provides multimedia tutorials that users can apply to real world scenarios.

Who Should Take This Course

This course serves as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

Course Requirements

Requires basic knowledge of Internet and networking technology.


About Pearson Video Training

Pearson's expert-led video tutorials teach you the technology skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT certification, programming, web and mobile development, networking, security, and more. Learn more about Pearson Video training at http://www.informit.com/ video

Table of contents

  1. Introduction
    1. Security Penetration Testing The Art of Hacking Series LiveLessons: Introduction
  2. Lesson 1: Overview of Ethical Hacking and Penetration Testing
    1. 1.0 Learning objectives
    2. 1.1 Introducing Ethical Hacking and Pen Testing
    3. 1.2 Getting Started with Ethical Hacking and Pen Testing
    4. 1.3 Understanding the Legal Aspects of Penetration Testing
    5. 1.4 Exploring Penetration Testing Methodologies
    6. 1.5 Exploring Penetration Testing and other Cyber Security Certifications
    7. 1.6 Building Your Own Lab: Overview
    8. 1.7 Building Your Own Lab: VIRL and Operating System Software
    9. 1.8 Understanding Vulnerabilities, Threats, and Exploits
    10. 1.9 Understanding the Current Threat Landscape
  3. Lesson 2: Kali Linux
    1. 2.0 Learning objectives
    2. 2.1 Installing Kali
    3. 2.2 Examining Kali Modules and Architecture
    4. 2.3 Managing Kali Services
  4. Lesson 3: Passive Reconnaissance
    1. 3.0 Learning objectives
    2. 3.1 Understanding Passive Reconnaissance
    3. 3.2 Exploring Passive Reconnaissance Methodologies: Discovering Host and Port Information
    4. 3.3 Exploring Passive Reconnaissance Methodologies: Searching for Files
    5. 3.4 Exploring Passive Reconnaissance Methodologies: Searching for Names, Passwords, and Sensitive Information
    6. 3.5 Surveying Essential Tools for Passive Reconnaissance: SpiderFoot, theHarvester, and Discover
    7. 3.6 Surveying Essential Tools for Passive Reconnaissance: Recon-ng
  5. Lesson 4: Active Reconnaissance
    1. 4.0 Learning objectives
    2. 4.1 Understanding Active Reconnaissance
    3. 4.2 Exploring Active Reconnaissance Methodologies from an Ethical Hacker Perspective
    4. 4.3 Surveying Essential Tools for Active Reconnaissance: Port Scanning and Web Service Review
    5. 4.4 Surveying Essential Tools for Active Reconnaissance: Network and Web Vulnerability Scanners
  6. Lesson 5: Hacking Web Applications
    1. 5.0 Learning objectives
    2. 5.1 Understanding Web Applications
    3. 5.2 Understanding Web Architectures
    4. 5.3 Uncovering Web Vulnerabilities
    5. 5.4 Testing Web Applications: Methodology
    6. 5.5 Testing Web Applications: Reconnaissance
    7. 5.6 Testing Web Applications: Mapping
    8. 5.7 Testing Web Applications: Vulnerability Discovery
    9. 5.8 Understanding the Exploitation of Web Applications
    10. 5.9 Surveying Defenses to Mitigate Web Application Hacking
  7. Lesson 6: Hacking User Credentials
    1. 6.0 Learning objectives
    2. 6.1 Understanding Authentication and Authorization Mechanisms
    3. 6.2 Understanding Authentication and Authorization Attacks
    4. 6.3 Exploring Password Storage Mechanisms
    5. 6.4 Understanding Password Storage Vulnerability
    6. 6.5 Cracking Passwords with John the Ripper
    7. 6.6 Cracking Passwords with hashcat
    8. 6.7 Improving Password Security
  8. Lesson 7: Hacking Databases
    1. 7.0 Learning objectives
    2. 7.1 Reviewing Database Fundamentals
    3. 7.2 Attacking a Database: Discovery, Validation, and Exploitation
    4. 7.3 Attacking a Database: Automated Scanners
    5. 7.4 Surveying Defenses to Mitigate Database Hacking
  9. Lesson 8: Hacking Networking Devices
    1. 8.0 Learning objectives
    2. 8.1 Understanding the Reasons for and the Steps to Hacking a Network
    3. 8.2 Reviewing Networking Technology Fundamentals: OSI and DoD Internet Models
    4. 8.3 Reviewing Networking Technology Fundamentals: Forwarding Device Architecture and Communication
    5. 8.4 Building an Internetwork Topology Using VIRL
    6. 8.5 Hacking Switches: Reviewing Ethernet Fundamentals
    7. 8.6 Hacking Switches: Demo
    8. 8.7 Hacking Switches: ARP Vulnerabilities and ARP Cache Poisoning
    9. 8.8 Reviewing Router Fundamentals
    10. 8.9 Examining ICMP, First Hop Redundancy and Routing Protocol Attacks
    11. 8.10 Hacking the Management Plane
    12. 8.11 Understanding Firewall Fundamentals and Levels of Inspection
    13. 8.12 Performing Firewall Reconnaissance and Tunneling
    14. 8.13 Surveying Essential Tools for Hacking Network Devices: Packet Capture
    15. 8.14 Surveying Essential Tools for Hacking Network Devices: Switch and Router Hacking Tools
    16. 8.15 Surveying Essential Tools for Hacking Network Devices: ARP Spoofing Tools
    17. 8.16 Surveying Essential Tools for Hacking Network Devices: MiTM Tools
    18. 8.17 Surveying Essential Tools for Hacking Network Devices: Linux Tools
    19. 8.18 Using Network Device Hacking Tools to Perform a MiTM Attack
  10. Lesson 9: Fundamentals of Wireless Hacking
    1. 9.0 Learning objectives
    2. 9.1 Reviewing Wireless Technology Fundamentals
    3. 9.2 Surveying Wireless Hacking Tools: Wireless Adapters
    4. 9.3 Surveying Wireless Hacking Tools: Software
    5. 9.4 Hacking WEP, WPA, and Other Protocols
    6. 9.5 Understanding Hacking Wireless Clients
  11. Lesson 10: Buffer Overflows
    1. 10.0 Learning objectives
    2. 10.1 Understanding Buffer Overflows
    3. 10.2 Exploiting Buffer Overflows
    4. 10.3 Overcoming Defenses for Buffer Overflow Vulnerabilities
    5. 10.4 Understanding Fuzzing
    6. 10.5 Creating a Fuzzing Strategy
    7. 10.6 Exploring Mutation-based, Generation-based, and Evolutionary Fuzzers
    8. 10.7 Surveying Tools to Find and Exploit Buffer Overflows
  12. Lesson 11: Powershell Attacks
    1. 11.0 Learning objectives
    2. 11.1 Understanding Powershell
    3. 11.2 Pwning Windows Using PowerShell: Empire Components, Setup, and Basic Exploits
    4. 11.3 Pwning Windows Using PowerShell: Empire Modules and Advanced Exploits
    5. 11.4 Gathering Network Information Using PowerShell
  13. Lesson 12: Evasion and Post Exploitation Techniques
    1. 12.0 Learning objectives
    2. 12.1 Understanding Security Evasion Techniques
    3. 12.2 Exploring Post Exploitation Techniques
    4. 12.3 Covering Your Tracks
  14. Lesson 13: Social Engineering
    1. 13.0 Learning objectives
    2. 13.1 Understanding Social Engineering
    3. 13.2 Exploring the Social Engineering Toolkit (SET)
    4. 13.3 Exploring Maltego
    5. 13.4 Surveying Social Engineering Case Studies
  15. Lesson 14: Maintaining Persistence, Pivoting, and Data Exfiltration
    1. 14.0 Learning objectives
    2. 14.1 Understanding Persistence
    3. 14.2 Gaining Network Access
    4. 14.3 Gaining Network Access with SMB Relay Attacks, NetBIOS Name Service and LLMNR Poisoning
    5. 14.4 Maintaining Persistence
    6. 14.5 Understanding Pivoting and Lateral Movement
    7. 14.6 Defending Against the Advanced Persistent Threat
  16. Lesson 15: Writing Penetration Testing Reports
    1. 15.0 Learning objectives
    2. 15.1 Understanding Pen Test Reports and How They Are Used
    3. 15.2 Planning and Organizing Your Report
    4. 15.3 Understanding the Pen Test Report Format
    5. 15.4 Exploring Risk Ratings
    6. 15.5 Distributing Pen Test Reports
  17. Summary
    1. Security Penetration Testing The Art of Hacking Series LiveLessons: Summary

Product information

  • Title: Security Penetration Testing The Art of Hacking Series LiveLessons
  • Author(s): Omar Santos, Jon Sternstein, Ron Taylor, Chris McCoy
  • Release date: October 2017
  • Publisher(s): Cisco Press
  • ISBN: 0134833988