O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security Penetration Testing The Art of Hacking Series LiveLessons

Video Description

10 Hours of Expert Video Instruction

Overview

This course is a complete guide to help you get up and running with your cybersecurity career. You will learn the key tenets and fundamentals of ethical hacking and security penetration testing techniques. You will also explore professional networking and security topics, including an introduction to the world of white hat hacking, reconnaissance, Kali Linux, exploitation, and post-exploitation techniques. This course provides step-by-step real-life scenarios. You will see firsthand how an ethical hacker performs initial reconnaissance of a victim, how to assess systems, network security controls, and security posture.

With over 10 hours of training that includes live discussions, demos, whiteboard instruction and screencasts, Security Penetration Testing Live Lessons provides expert insights of the methodologies used to assess and compromise a network. It covers the legal aspects of ethical hacking and the associated risks. This course additionally reviews many different tools that can be used to penetrate a wired or wireless network and the systems within that network. Also covered are numerous types of attacks, along with security evasion and post exploitation techniques. You will additionally learn the art of social engineering, with special coverage of tools like the social engineering tool kit (SET), Metasploit, and Maltego. You'll find guidelines on how to write penetration testing reports, and learn how to plan and organize the them.

This course provides supplemental material to reinforce some of the critical concepts and techniques learned, scripts to help you build your own hacking environment, and examples of real-life penetration testing reports. This material can be accessed at theartofhacking.org.

While there are a variety of ethical hacking and cybersecurity certifications out there, this course is meant to introduce people to the concepts behind ethical hacking and penetration testing and is certification agnostic.

Topics include:

Lesson 1: Overview of Ethical Hacking and Penetration Testing

Lesson 2: Kali Linux

Lesson 3: Passive Reconnaissance

Lesson 4: Active Reconnaissance

Lesson 5: Hacking Web Applications

Lesson 6: Hacking User Credentials

Lesson 7; Hacking Databases

Lesson 8: Hacking Networking Devices

Lesson 9: Fundamentals of Wireless Hacking

Lesson 10: Buffer Overflows

Lesson 11: Powershell Attacks

Lesson 12: Evasion and Post Exploitation Techniques

Lesson 13: Social Engineering

Lesson 14: Maintaining Persistence, Pivoting, and Data Exfiltration

Lesson 15: Writing Penetration Testing Reports


Resources:
This is part of The Art of Hacking Series. Other titles in this series are:

Wireless Networks, IoT, and Mobile Devices Hacking (The Art of Hacking Series)

https://www.safaribooksonline.com/library/view/wireless-networks-iot/9780134854632/

About the Instructors

Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. Omar is the author of more than a dozen books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar's current projects can be found at omarsantos.io, and you can follow Omar on Twitter: @santosomar.

Chris McCoy is a technical leader in Cisco's Advanced Security Initiatives Group (ASIG). He has over 20 years of experience in the networking and security industry. He has a passion for computer security, finding flaws in mission-critical systems, and designing mitigations to thwart motivated and resourceful adversaries. He was formerly with Spirent Communications and the U.S. Air Force. He is CCIE certified in the Routing & Switching and Service Provider tracks, which he has held for over 10 years.

Jon Sternstein is the Founder and Principal Consultant of Stern Security, a security company focused on healthcare and credit union industries. Jon has been a lead contributor to securing a wide variety of organizations in healthcare, education, finance, legal, and government industries throughout his 13+ years in the security field. Prior to forming Stern Security, Jon Sternstein was the Security Officer at a large healthcare organization. Jon has created security departments and developed security architectures from the ground up. He has a strong passion for cyber security, educating others, and delivering solutions that allow organizations to operate seamlessly. Jon Sternstein is an active leader in the security industry. He co-chairs the Privacy and Security Workgroup at the North Carolina Healthcare Information and Communications Alliance (NCHICA). Jon was the former President of the BSides Raleigh Security conference.

Jon Sternstein actively works on both the offensive and defensive sides of the security industry. He graduated with a B.A. in Computer Science, minor in Business Studies, and holds the following security certifications: GIAC Penetration Tester (GPEN), Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), Certified Ethical Hacker (CEH), and more. In addition to the certifications, Jon has won Ethical Hacking Competition awards. He has presented at many conferences including: DerbyCon, BSides Raleigh, Healthcare Information and Management Systems Society (HIMSS), North Carolina Association of Certified Public Accountants (NCACPA), NCHICA Annual, and the Academic Medical Center (AMC) conferences. Jon has been a featured Cyber Security Expert on ABC News, WRAL News, and Business North Carolina Magazine. Stern Security's website: https:// www.sternsecurity.com

Ron Taylor has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting where he gained experience in many areas. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations group (PSIRT) where his focus was mostly on penetration testing of Cisco products and services. Ron was also involved in developing and presenting security training to internal development and test teams globally. Additionally, he provided consulting support to many product teams as an SME on product security testing. In his current role, he is a Consulting Systems Engineer specializing in Cisco's security product line. Certifications include GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP and MCSE. Ron is also a Cisco Security Blackbelt, SANS mentor, Co-Founder and President of the Raleigh BSides Security Conference, and member of the Packet Hacking Village team at Defcon.

Skill Level

  • All levels

Learn How To

  • This course will provide step-by-step guidance about ethical hacking, penetration testing, and security posture assessment.
  • Provides an easy to use and cost effective means to learn the various concepts associated with many different leading-edge offensive security skills in the industry.
  • Provides multimedia tutorials that users can apply to real world scenarios.

Who Should Take This Course

This course serves as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

Course Requirements

Requires basic knowledge of Internet and networking technology.


About Pearson Video Training

Pearson's expert-led video tutorials teach you the technology skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT certification, programming, web and mobile development, networking, security, and more. Learn more about Pearson Video training at http://www.informit.com/ video

Table of Contents

  1. Introduction
    1. Security Penetration Testing The Art of Hacking Series LiveLessons: Introduction 00:04:29
  2. Lesson 1: Overview of Ethical Hacking and Penetration Testing
    1. 1.0 Learning objectives 00:01:03
    2. 1.1 Introducing Ethical Hacking and Pen Testing 00:03:56
    3. 1.2 Getting Started with Ethical Hacking and Pen Testing 00:06:26
    4. 1.3 Understanding the Legal Aspects of Penetration Testing 00:07:34
    5. 1.4 Exploring Penetration Testing Methodologies 00:03:39
    6. 1.5 Exploring Penetration Testing and other Cyber Security Certifications 00:08:19
    7. 1.6 Building Your Own Lab: Overview 00:07:54
    8. 1.7 Building Your Own Lab: VIRL and Operating System Software 00:09:21
    9. 1.8 Understanding Vulnerabilities, Threats, and Exploits 00:02:54
    10. 1.9 Understanding the Current Threat Landscape 00:07:07
  3. Lesson 2: Kali Linux
    1. 2.0 Learning objectives 00:00:32
    2. 2.1 Installing Kali 00:06:17
    3. 2.2 Examining Kali Modules and Architecture 00:07:34
    4. 2.3 Managing Kali Services 00:06:39
  4. Lesson 3: Passive Reconnaissance
    1. 3.0 Learning objectives 00:00:31
    2. 3.1 Understanding Passive Reconnaissance 00:04:56
    3. 3.2 Exploring Passive Reconnaissance Methodologies: Discovering Host and Port Information 00:12:26
    4. 3.3 Exploring Passive Reconnaissance Methodologies: Searching for Files 00:07:21
    5. 3.4 Exploring Passive Reconnaissance Methodologies: Searching for Names, Passwords, and Sensitive Information 00:05:53
    6. 3.5 Surveying Essential Tools for Passive Reconnaissance: SpiderFoot, theHarvester, and Discover 00:09:08
    7. 3.6 Surveying Essential Tools for Passive Reconnaissance: Recon-ng 00:20:33
  5. Lesson 4: Active Reconnaissance
    1. 4.0 Learning objectives 00:00:32
    2. 4.1 Understanding Active Reconnaissance 00:02:26
    3. 4.2 Exploring Active Reconnaissance Methodologies from an Ethical Hacker Perspective 00:01:59
    4. 4.3 Surveying Essential Tools for Active Reconnaissance: Port Scanning and Web Service Review 00:12:42
    5. 4.4 Surveying Essential Tools for Active Reconnaissance: Network and Web Vulnerability Scanners 00:06:02
  6. Lesson 5: Hacking Web Applications
    1. 5.0 Learning objectives 00:00:40
    2. 5.1 Understanding Web Applications 00:05:24
    3. 5.2 Understanding Web Architectures 00:01:54
    4. 5.3 Uncovering Web Vulnerabilities 00:08:25
    5. 5.4 Testing Web Applications: Methodology 00:01:55
    6. 5.5 Testing Web Applications: Reconnaissance 00:05:12
    7. 5.6 Testing Web Applications: Mapping 00:05:45
    8. 5.7 Testing Web Applications: Vulnerability Discovery 00:11:54
    9. 5.8 Understanding the Exploitation of Web Applications 00:10:13
    10. 5.9 Surveying Defenses to Mitigate Web Application Hacking 00:03:14
  7. Lesson 6: Hacking User Credentials
    1. 6.0 Learning objectives 00:00:28
    2. 6.1 Understanding Authentication and Authorization Mechanisms 00:02:57
    3. 6.2 Understanding Authentication and Authorization Attacks 00:05:43
    4. 6.3 Exploring Password Storage Mechanisms 00:02:56
    5. 6.4 Understanding Password Storage Vulnerability 00:03:41
    6. 6.5 Cracking Passwords with John the Ripper 00:12:52
    7. 6.6 Cracking Passwords with hashcat 00:09:20
    8. 6.7 Improving Password Security 00:02:13
  8. Lesson 7: Hacking Databases
    1. 7.0 Learning objectives 00:00:31
    2. 7.1 Reviewing Database Fundamentals 00:07:43
    3. 7.2 Attacking a Database: Discovery, Validation, and Exploitation 00:14:43
    4. 7.3 Attacking a Database: Automated Scanners 00:03:28
    5. 7.4 Surveying Defenses to Mitigate Database Hacking 00:06:36
  9. Lesson 8: Hacking Networking Devices
    1. 8.0 Learning objectives 00:01:06
    2. 8.1 Understanding the Reasons for and the Steps to Hacking a Network 00:05:57
    3. 8.2 Reviewing Networking Technology Fundamentals: OSI and DoD Internet Models 00:05:02
    4. 8.3 Reviewing Networking Technology Fundamentals: Forwarding Device Architecture and Communication 00:06:19
    5. 8.4 Building an Internetwork Topology Using VIRL 00:05:43
    6. 8.5 Hacking Switches: Reviewing Ethernet Fundamentals 00:15:10
    7. 8.6 Hacking Switches: Demo 00:06:24
    8. 8.7 Hacking Switches: ARP Vulnerabilities and ARP Cache Poisoning 00:06:47
    9. 8.8 Reviewing Router Fundamentals 00:16:18
    10. 8.9 Examining ICMP, First Hop Redundancy and Routing Protocol Attacks 00:11:58
    11. 8.10 Hacking the Management Plane 00:19:57
    12. 8.11 Understanding Firewall Fundamentals and Levels of Inspection 00:10:46
    13. 8.12 Performing Firewall Reconnaissance and Tunneling 00:05:50
    14. 8.13 Surveying Essential Tools for Hacking Network Devices: Packet Capture 00:09:36
    15. 8.14 Surveying Essential Tools for Hacking Network Devices: Switch and Router Hacking Tools 00:05:04
    16. 8.15 Surveying Essential Tools for Hacking Network Devices: ARP Spoofing Tools 00:09:35
    17. 8.16 Surveying Essential Tools for Hacking Network Devices: MiTM Tools 00:02:52
    18. 8.17 Surveying Essential Tools for Hacking Network Devices: Linux Tools 00:03:52
    19. 8.18 Using Network Device Hacking Tools to Perform a MiTM Attack 00:03:53
  10. Lesson 9: Fundamentals of Wireless Hacking
    1. 9.0 Learning objectives 00:00:34
    2. 9.1 Reviewing Wireless Technology Fundamentals 00:09:04
    3. 9.2 Surveying Wireless Hacking Tools: Wireless Adapters 00:07:52
    4. 9.3 Surveying Wireless Hacking Tools: Software 00:05:50
    5. 9.4 Hacking WEP, WPA, and Other Protocols 00:13:04
    6. 9.5 Understanding Hacking Wireless Clients 00:15:22
  11. Lesson 10: Buffer Overflows
    1. 10.0 Learning objectives 00:00:34
    2. 10.1 Understanding Buffer Overflows 00:08:22
    3. 10.2 Exploiting Buffer Overflows 00:06:31
    4. 10.3 Overcoming Defenses for Buffer Overflow Vulnerabilities 00:02:42
    5. 10.4 Understanding Fuzzing 00:03:26
    6. 10.5 Creating a Fuzzing Strategy 00:07:48
    7. 10.6 Exploring Mutation-based, Generation-based, and Evolutionary Fuzzers 00:05:21
    8. 10.7 Surveying Tools to Find and Exploit Buffer Overflows 00:09:29
  12. Lesson 11: Powershell Attacks
    1. 11.0 Learning objectives 00:00:22
    2. 11.1 Understanding Powershell 00:06:56
    3. 11.2 Pwning Windows Using PowerShell: Empire Components, Setup, and Basic Exploits 00:15:54
    4. 11.3 Pwning Windows Using PowerShell: Empire Modules and Advanced Exploits 00:09:21
    5. 11.4 Gathering Network Information Using PowerShell 00:04:19
  13. Lesson 12: Evasion and Post Exploitation Techniques
    1. 12.0 Learning objectives 00:00:29
    2. 12.1 Understanding Security Evasion Techniques 00:11:01
    3. 12.2 Exploring Post Exploitation Techniques 00:02:39
    4. 12.3 Covering Your Tracks 00:02:59
  14. Lesson 13: Social Engineering
    1. 13.0 Learning objectives 00:00:34
    2. 13.1 Understanding Social Engineering 00:15:24
    3. 13.2 Exploring the Social Engineering Toolkit (SET) 00:08:38
    4. 13.3 Exploring Maltego 00:07:51
    5. 13.4 Surveying Social Engineering Case Studies 00:15:55
  15. Lesson 14: Maintaining Persistence, Pivoting, and Data Exfiltration
    1. 14.0 Learning objectives 00:00:35
    2. 14.1 Understanding Persistence 00:04:12
    3. 14.2 Gaining Network Access 00:12:11
    4. 14.3 Gaining Network Access with SMB Relay Attacks, NetBIOS Name Service and LLMNR Poisoning 00:07:30
    5. 14.4 Maintaining Persistence 00:02:04
    6. 14.5 Understanding Pivoting and Lateral Movement 00:09:05
    7. 14.6 Defending Against the Advanced Persistent Threat 00:03:29
  16. Lesson 15: Writing Penetration Testing Reports
    1. 15.0 Learning objectives 00:00:40
    2. 15.1 Understanding Pen Test Reports and How They Are Used 00:01:43
    3. 15.2 Planning and Organizing Your Report 00:06:57
    4. 15.3 Understanding the Pen Test Report Format 00:03:11
    5. 15.4 Exploring Risk Ratings 00:03:38
    6. 15.5 Distributing Pen Test Reports 00:02:57
  17. Summary
    1. Security Penetration Testing The Art of Hacking Series LiveLessons: Summary 00:01:02