About the Course
Lesson 1: Introduction to Ethical Hacking and Penetration Testing (1 hour and 36 minutes)
Understanding Ethical Hacking and Penetration Testing (24 minutes)
Why Do We Need to Do Penetration Testing?
Threat Actors
Â
Exploring Penetration Testing Methodologies (36 minutes)
Why Do We Need to Follow a Methodology for Penetration Testing?
Environmental Considerations
Surveying Different Standards and Methodologies
Â
Building Your Own Lab (36 minutes)
Requirements and Guidelines for Penetration Testing Labs
What Tools Should You Use in Your Lab?
What if You Break Something?
Â
Summary
Case Study
Quiz
Lesson 2: Planning and Scoping a Penetration Testing Assessment (2 hours)
Comparing and Contrasting Governance, Risk, and Compliance Concepts (1 hour)
Regulatory Compliance Considerations
Local Restrictions
Legal Concepts
Contracts
Disclaimers
Â
Explain the Importance of Scoping and Organizational or Customer Requirements (48 minutes)
Rules of Engagement
Target List and In - Scope Assets
Validating the Scope of Engagement
Strategy: Unknown vs. Known Environment Testing
Â
Demonstrating an Ethical Hacking Mindset by Maintaining Professionalism and Integrity (12 minutes)
Summary
Case Study
Quiz
Lesson 3: Design and implement routing (3 hours and 12 minutes)
Performing Passive Reconnaissance (1 hour and 36 minutes)
Active Reconnaissance vs. Passive Reconnaissance
DNS Lookups
Identification of Technical and Administrative Contacts
Cloud vs. Self - Hosted Applications and Related Subdomains
Social Media Scraping
Cryptographic Flaws
Company Reputation and Security Posture
Open - Source Intelligence (OSINT) Gathering
Â
Performing Active Reconnaissance (36 minutes)
Nmap Scan Types
Types of Enumeration
Packet Inspection and Eavesdropping
Â
Understanding the Art of Performing Vulnerability Scans (36 minutes)
How a Typical Automated Vulnerability Scanner Works
Types of Vulnerability Scans
Challenges to Consider When Running a Vulnerability Scan
Â
Understanding How to Analyze Vulnerability Scan Results (24 minutes)
Sources for Further Investigation of Vulnerabilities
How to Deal with a Vulnerability
Â
Summary
Case Study
Quiz
Lesson 4: Social Engineering Attacks (2 hours and 36 minutes)
Pretexting for an approach and Impersonation (12 minutes)
Social Engineering Attacks (48 minutes)
Email Phishing
Short Message Service (SMS) Phishing
Universal Serial Bus (USB) Drop Key
Watering Hole Attacks
Â
Physical Attacks (48 minutes)
Tailgating
Dumpster Diving
Shoulder Surfing
Badge Cloning
Â
Social Engineering Tools (36 minutes)
Social-Engineer Toolkit (SET)
Browser Exploitation Framework (BeEF)
Call Spoofing Tools
Â
Methods of Influence (12 minutes)
Summary
Case Study
Quiz
Lesson 5: Exploiting Wired and Wireless Networks (6 hours)
Exploiting Network-Based Vulnerabilities (3 hours)
Windows Name Resolution and SMB Attacks
SMB Exploits
DNS Cache Poisoning
SNMP Exploits
SMTP Exploits
FTP Exploits
Pass-the-Hash Attacks
Kerberos and LDAP-Based Attacks
Kerberoasting
On-Path Attacks
Route Manipulation Attacks
DoS and DDoS Attacks
Network Access Control (NAC) Bypass
VLAN Hopping
DHCP Starvation Attacks and Rogue DHCP Servers
Â
Exploiting Wireless Vulnerabilities (3 hours)
Rogue Access Points
Evil Twin Attacks
Dissociation (or Deauthentication) Attacks
Preferred Network List Attacks
Wireless Signal Jamming and Interference
War Driving
Initialization Vector (IV) Attacks and Unsecured Wireless Protocols
Karma Attacks
Fragmentation Attacks
Credential Harvesting
Bluejacking and Bluesnarfing
Bluetooth Low Energy (BLE) Attacks
Radio-Frequency Identification (RFID) Attacks
Password Spraying
Exploit Chaining
Â
Summary
Case Study
Quiz
Lesson 6: Exploiting Application-Based Vulnerabilities (6 hours and 12 minutes)
Overview of Web Application-Based Attacks for Security Professionals and the OWASP Top 10 (36 minutes)
The HTTP Protocol
Web Sessions
OWASP Top 10
Â
How to Build Your Own Web Application Labs (12 minutes)
Understanding Business Logic Flaws (12 minutes)
Understanding Injectionp0Based Vulnerabilities (36 minutes)
SQL Injection Vulnerabilities
Command Injection Vulnerabilities
Lightweight Director Access Protocols (LDAP) Injection Vulnerabilities
Â
Exploiting Authentication-Based Vulnerabilities (48 minutes)
Session Hijacking
Redirect Attacks
Default Credentials
Kerberos Vulnerabilities
Â
Exploiting Authorization-Based Vulnerabilities (24 minutes)
Parameter Pollution
Insecure Direct Object Reference Vulnerabilities
Â
Understanding Cross-Site Scription (XSS) Vulnerabilities (48 minutes)
Reflected XSS Attacks
Stored XSS Attacks
XSS Evasion Techniques
XSS Mitigations
Â
Understanding Cross-Site Request Forgery (CSRF/XSR) and Server-Side Request (12 minutes)
Forgery Attacks
Â
Understanding Clickjacking (12 minutes)
Exploiting Security Misconfigurations (24 minutes)
Exploiting Directory Traversal Vulnerabilities
Cookie Manipulation Attacks
Â
Exploiting File Inclusion Vulnerabilities (24 minutes)
Local File Inclusion Vulnerabilities
Remote Insecure Vulnerabilities
Â
Exploiting Insecure Code Practices (1 hour and 24 minutes)
Comments in Source Code
Lack of Error Handling and Overly Verbose Error Handling
Hard-Coded Credentials
Race Conditions
Unprotected APIs
Hidden Elements
Additional Web Application Hacking Tools
Lesson 7: Cloud, Mobile, and IoT Security (3 hours and 36 minutes)
Researching Attack Vectors and Performing Attacks on Cloud Technologies (1 hour and 48 minutes)
Credential Harvesting
Privilege Escalation
Account Takeover
Metadata Service Attacks
Attacks Against Misconfigured Cloud Assets
Resource Exhaustion and DoS Attacks
Cloud Malware Injection Attacks
Side - Channel Attacks
Tools and Software Development Kits (SDKs)
Â
Explaining Common Attacks and Vulnerabilities Against Specialized Systems (1 hour and 48 minutes)
Attacking Mobile Devices
Attacking Internet of Things (IoT) Devices
Analyzing IoT Protocols
IoT Security Special Considerations
Common IoT Vulnerabilities
Data Storage System Vulnerabilities
Management Interface Vulnerabilities
Exploiting Virtual Machines
Vulnerabilities Related to Containerized Workloads
Lesson 8: Performing Post-Exploitation Techniques (1 hour and 36 minutes)
Creating a Foothold and Maintaining Persistence After Compromising a System (48 minutes)
Reverse and Bind Shells
Command and Control (C2) Utilities
Scheduled Jobs and Tasks
Custom Daemons, Processes, and Additional Backdoors
New Users
Â
Understanding How to Perform Lateral Movement, Detection Avoidance, and Enumeration (48 minutes)
Post-Exploitation Scanning
Legitimate Utilities and Living Off the Land
Post-Exploitation Privilege Escalation
How to Cover Your Tracks
Lesson 9: Reporting and Communication (2 hours and 36 minutes)
Comparing and Contrasting Important Components of Written Reports (48 minutes)
Report Contents
Storage Time for Report and Secure Distribution
Note Taking
Common Themes/Root Causes
Â
Analyzing the Findings and Recommending the Appropriate Remediation Within a Report (48 minutes)
Technical Controls
Administrative Controls
Operational Controls
Physical Controls
Â
Explaining the Importance of Communication During the Penetration Testing Process (36 minutes)
Communication Triggers
Reasons for Communication
Goal Reprioritization and Presentation of Findings
Â
Explaining Post - Report Delivery Activities (24 minutes)
Post-Engagement Cleanup
Additional Post-Report Delivery Activities
Lesson 10 Tools and Code Analysis (5 hours)
Understanding the Basic Concepts of Scripting and Software Development (2 hours and 36 minutes)
Logic Constructs
Data Structures
Libraries
Procedures
Functions
Classes
Analysis of Scripts and Code Samples for Use in Penetration Testing
The Bash Shell
Resources to Learn Python
Resources to Learn Ruby
Resources to Learn PowerShell
Resources to Learn Perl
Resources to Learn JavaScript
Â
Understanding the Different Use Cases of Penetration Testing Tools and Analyzing Exploit Code (2 hours and 24 minutes)
Penetration Testing-Focused Linux Distributions
Common Tools for Reconnaissance and Enumerations
Common Tools for Vulnerability Scanning
Common Tools for Credential TTACKS
Common Tools for Persistence
Common Tools for Evasion
Exploitation Frameworks
Common Decompilation, Disassembly, and Debugging Tools
Common Tools for Forensics
Common Tools for Software Assurance
Steganography Tools
Cloud Tools