O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Ethical Hacking

Video Description

Ethical hacking, or security testing, is the art and science of finding the flaws in an organization's network systems or web applications. Identifying those vulnerabilities can give the organization a fighting chance to fix them before the bad guys find them.

This course is a hands-on overview of the open source tools that information security professionals use to conduct professional caliber penetration tests. Prerequisites include a basic understanding of the ways network systems and operating systems work, basic familiarity with Linux, the ability to run virtual machines (VMWare, etc.) so you can set up attack systems and target systems, and a computer that's ready to run Kali Linux and Metasploit software.

  • Explore the concepts of security testing and the knowledge required to perform it
  • Understand reconnaissance and the publicly available tools used to gather information on potential targets
  • Discover the scanning techniques used to identify network systems' open ports
  • Learn to identify network system vulnerabilities and confirm their exploitability
  • Explore techniques for identifying web application vulnerabilities and attacks
  • Learn about client-side attacks and client-side attack tools
  • Gain hands-on experience using Metasploit penetration testing software
Ric Messier (GCIH, GSEC, CEH, CISSP) is the Director for Cyber Academic Programs at Circadence. He has decades of information security experience and is the author of dozens of O'Reilly titles on InfoSec and digital forensics, including "Introduction to Penetration Testing" and "Learning Linux Security". He holds degrees in Information Technology, Digital Forensic Science, and Information Assurance and Security.

Table of Contents

  1. Introduction
    1. Welcome To The Course 00:03:27
    2. About The Author 00:01:12
  2. About Security Testing
    1. Kali Linux 00:03:22
    2. Virtual Machines 00:03:00
    3. Obtaining Vulnerable Operating Systems 00:03:57
    4. Using Windows 00:02:04
    5. A Methodology 00:03:38
    6. Get Out Of Jail Free Cards/Ethics 00:04:11
    7. Basic Tools - Telnet Client 00:03:28
    8. Basic Tools - Netcat 00:02:16
    9. Basic Tools - Ping 00:04:06
    10. Useful Browser Extensions 00:02:45
    11. Useful Web Sites 00:03:30
    12. Information Storage 00:03:22
    13. Google Hacking 00:02:32
    14. Google Hacking Database 00:02:41
  3. Reconnaissance
    1. Using Whois 00:02:58
    2. Using Dig 00:03:20
    3. Using Host/Nslookup 00:02:38
    4. Using Web-Based Tools 00:03:16
    5. Passive Recon 00:03:03
    6. Passive Fingerprinting 00:03:58
    7. Packet Captures 00:03:03
    8. Using Wireshark 00:05:01
    9. Banner Grabbing 00:03:40
    10. Basic Protocol Interaction - HTTP 00:03:43
    11. Basic Protocol Interaction - FTP 00:02:48
    12. Basic Protocol Interaction - SMTP 00:03:49
    13. Using Theharvester 00:03:05
    14. Using Recon-NG 00:04:06
    15. Using Snmpwalk 00:05:29
    16. Using Dnswalk 00:02:31
  4. Scanning
    1. Ports 00:03:09
    2. Using Nmap 00:03:23
    3. Using Nmap For TCP Scanning 00:04:01
    4. Using Nmap For TCP Scan Variations 00:04:03
    5. Using Nmap For UDP Scanning 00:03:58
    6. Using Nmap Scripting 00:03:59
    7. Creating Nmap Scripts For Scanning 00:05:17
    8. Saving Scan Output 00:03:24
    9. High-Speed Scanning 00:02:57
    10. Using Hping3 00:04:13
    11. Using Zenmap 00:03:46
    12. Zenmap Output 00:03:09
  5. Vulnerability Scanning
    1. Vulnerabilities Vs Exploits 00:02:47
    2. Getting Started With Nexpose 00:01:41
    3. Scanning Using Nexpose 00:03:37
    4. Reviewing Reports From Nexpose 00:04:38
    5. Exporting Reports From Nexpose 00:03:23
    6. Getting Started With Nessus 00:01:52
    7. Scanning Using Nessus 00:04:08
    8. Reviewing Reports Using Nessus 00:03:36
    9. Exporting Reports From Nessus 00:03:41
    10. Getting Started With OpenVAS 00:03:41
    11. Scanning Using OpenVAS 00:03:16
    12. Reviewing Reports From OpenVAS 00:03:59
    13. Exporting Reports From OpenVAS 00:04:19
    14. Using Exploit-db 00:02:17
  6. Exploiting Vulnerabilities
    1. Exploit Types 00:03:36
    2. Metasploit 00:02:48
    3. Msfconsole 00:02:57
    4. Msfcli 00:03:03
    5. Importing To Metasploit 00:02:37
    6. Identifying Vulnerabilities And Hosts 00:03:20
    7. Searching Within Metasploit 00:02:36
    8. Scanning With Metasploit 00:03:15
    9. Running An Exploit With Metasploit 00:02:21
    10. Payloads With Metasploit 00:03:15
    11. Using Meterpreter 00:02:38
    12. Acquiring Loot Using Meterpreter 00:02:32
    13. Pivoting 00:04:04
    14. Passing The Hash 00:04:26
    15. Privilege Exploitation 00:05:48
    16. Persistence 00:02:49
    17. Using Armitage 00:03:10
    18. Integrating Nexpose And Metasploit 00:02:53
    19. Using The Metasploit Web Interface 00:02:59
  7. Client Side Attacks
    1. Browser Attacks Using Metasploit 00:03:41
    2. Other Client Attacks Using Metasploit 00:02:35
    3. Using SEToolkit For Phishing 00:02:55
    4. Using SEToolkit For Web Attacks 00:03:17
    5. Client-Side Attacks Using BeEF 00:03:21
    6. File-Based Attacks Using Metasploit 00:03:43
    7. Password Cracking Using John 00:04:26
    8. Rainbow Tables 00:02:22
    9. Using Hydra 00:03:31
    10. Using Patator 00:02:45
  8. Conclusion
    1. Wrap Up And Thank You 00:02:23