This training provides the foundational knowledge needed to ethically and effectively discover and exploit vulnerabilities in systems by assuming both the mindset and toolset of an attacker. Through learning how systems are attacked you will gain an understanding of how best to protect systems and improve your organization’s security.
This training can be used to prepare for the EC-Council® CEH® (Certified Ethical Hacker) examination. Obtaining the CEH certification is the first step towards the Certified Network Defense Architect (CNDA™) certification.
This course is for you, if you want to become:
✓ Security Officer
✓ Security Auditor
✓ Security Professional
✓ Website Administrator or Webmaster
✓ Network Infrastructure Administrator
- Lectures 148
- Quizzes 0
- Duration 60 hours
- Skill level Beginner
- Language English
- Students 0
- Assessments Yes
Ethical Hacking: Understanding Ethical Hacking
This chapter will start you down the path of becoming an Ethical Hacker, or in other words; become a "Security Profiler." You will learn to understand the motivation of an attacker. It is the duty of all System Admins and Security Professionals to protect their infrastructure from not only outside attackers but also attackers within your company.
- The Truth About Living in a Technology Based World
- Overview of the CEH Certification Program
- How to Build a Lab to Hack Safely
- Installing and Configuring Your Windows Server VMs
- Installing and Configuring Your Desktop VMs
- Information Security Overview
- Security Threats and Attack Vectors
- Hacking Concepts
- Hacking Phases
- Attack Types
- Information Security Controls
- How to Prepare for the Certified Ethical Hacker Exam
Ethical Hacking: Reconnaissance/Footprinting
As an Ethical Hacker, you've been asked to do a "Blackbox" attack on a customer's infrastructure. Your first step is finding out as much as you can about the "target." You accomplish this via reconnaissance/footprinting.
After reconnaissance, we need to scan for basics, kind of like knocking on all the doors to see who is home and what they look like. Then, when you find a machine that's "live", we need to get to know it really well, asking some rather personal questions.
Enumeration is the first official attack at your target. Enumeration is the process of gathering information that might include user names, computer names, network shares, services running, and other possible points of entry.
Networks aren’t what they use to be. They’re more complex than ever. Systems today are so interconnected, and buried within those systems are thousands of undetected security vulnerabilities waiting to be used against you. Attackers perform vulnerability analysis to identify loopholes in your organization's infrastructure.
This is what it all comes down to. After we've done our research, we've found our target, and identified its services, shares, users and resources, it’s time to take total and complete control of this box.
The easiest way to get into a system or network is to get someone to let us in. Do you pirate software, movies, music, or heaven forbid - an operating system? I'm about 99.999% sure you've already been pwned. Malware is specifically designed to gain access or damage systems without the knowledge of the victim.
There's so much an attacker can learn from simply "listening" or sniffing your network. Passwords? Check. Emails? check, and the list goes on and on. This chapter on Sniffing (part of the Ethical Hacking series) will clarify the central ideas of sniffing and their utilization in hacking exercises.
Denial of Service
Denial of service attacks typically seek to render a service unavailable by flooding it with malicious traffic so that it becomes unresponsive to legitimate requests. In this chapter, Denial of Service, you'll look at the purposes of these attacks, ranging from disrupting gaming adversaries, to hacktivism, and to law enforcement by government agencies. You'll also explore various ways attacks are constructed and the weaknesses they exploit in order to be successful.
Session persistence is a fundamental concept in information systems. On the web, for example, which is dependent on the stateless HTTP protocol, session persistence is a key component of features ranging from shopping carts to the ability to logon.
Evading IDS, Firewalls, and Honeypots
Most modern networks are protected by a combination of intrusion detection systems and firewalls. Increasingly, they may also include honeypots as a means of early detection of malicious activity. Attackers are constantly looking for ways of evading these defenses in order to render them ineffective.
Hacking Web Servers
Vulnerabilities in web server implementations are frequently the vector by which online attackers compromise systems. The impact can range from short periods of outage, to the total disclosure of sensitive internal information.
Hacking Web Applications
The security profile of web applications is enormously important when it comes to protecting sensitive customer data, financial records, and reputation. Yet, web applications are frequently the target of malicious actors who seek to destroy these things by exploiting vulnerabilities in the software.
Ever since we started connecting websites to databases, SQL injection has been a serious security risk with dire ramifications. The ability for attackers to run arbitrary queries against vulnerable systems can result in data exposure, modification, and in some cases, entire system compromise.
Hacking Wireless Networks
Hacking Mobile Platforms
Okay, who here DOESN'T have a mobile device? Hands anyone? Didn't think so. Mobile devices have, at an alarming rate, become extremely popular with users and businesses. So next question, what are you doing about it's security? Anyone? Most folks have approached mobile devices with the attitude of "if it works, syncs, and plays games, I'm good".
Hacking the Internet of Things (IoT)
In this chapter, Hacking the Internet of Things (IoT), you’ll see how these devices are designed to work and how to protect your infrastructure with these devices coming online. First, you'll learn about the different communication models IoT devices use, as well as the most common architectures and protocols.
"The Cloud" is revolutionizing how we run software and services by providing low cost, flexible, and innovative alternatives to traditional hosting models. However, with the shift to cloud comes new security considerations.
Today the Internet is a part of our everyday life’s. From work to home, we are using the Internet for sending data back and forth across this public network. Some information is just a request for a webpage, while other requests are extremely confidential; like passwords, medical data, or financial data.
What's penetration testing? Well it's simple, as security professionals our job is to make it extremely difficult to get inside our systems. Remember, you can't stop attackers, your job is to slow them down.
- Understanding Penetration Testing
- Reconning and/or Footprinting the Target
- Scanning the Target
- Enumerating the Target
- Hacking the Target
- Sniffing the Target
- Social Engineering the Target
- DoS/DDoS the Target
- Session Hijacking the Target
- Targeting Web Servers
- Hitting Web Apps
- Looking at the Wi-Fi
- Focusing on the Mobile Devices
- Target the Firewall and/or IDS
- Going After the Cloud
- How to Bring It All Together