Ethical Hacking Basics: From scratch - Udemy

With the skills you gain here, you’re equipped to pursue the Security+ certification from CompTIA. 

The Security+ Certification by CompTIA is an international and vendor-neutral certification that has been endorsed and recognized by industry computing manufacturers and organizations. This course provides foundational knowledge of the principles, techniques, and tools needed to successfully prepare for the SY0-401 exam. With the skills you gain here, you’re equipped to pursue a number of security certifications including the Security+ from CompTIA and the CEH from EC-Council.

The CompTIA Security+ certification is paramount to organizations as cloud computing and mobile devices have changed the way we do business. With the massive amounts of data transmitted and stored on networks throughout the world, it’s essential to have effective security practices in place. Gain the right skills to secure a network and deter hackers and you’re ready for the job.

This course also qualifies as Continuing Education Units (CEUs). If you're up for renewal, you can earn CEUs through this series and additional courses. Please see the CompTIA Security+ Continuing Education Options for a complete rundown of those courses. With this course you will be able to claim 41 CEUs.

The sections listed below are can be taken in any order, as a review of a particular concept or exam domain. However, if you are just becoming familiar with the monitoring the system and how hackers gain access, it is recommended that you view the courses sequentially.

Note: This course covers many of the same concepts taught in our "IT Security and Ethical Hacking" course. Most customers will want to purchase one or the other but likely not both. 

Course Overview:

This course is designed to prepare the student for the Security+ certification. Students will take a look at network security standards and the organizations that create them. We have paired this course with demos that will help give a visual example of the concepts that will be talked about.

In this course, you will learn the network infrastructure services for the CompTIA Security Plus certification exam. The topics that will be covered include: Introduction to Ethical Hacking, Penetration Testing, System Hacking, Spyware & Keyloggers, Trojans and Backdoors, Viruses and Worms, Denial of Service, Hacking Web and App Servers, SQL Injections, Session Hijacking, Buffer Overflows, Cross-Site Scripting, Hacking Wireless Networks, Mobile Hacking Basics, Wireless Types and Vulnerabilities, Advanced Exploitation Techniques and much more. These courses are paired with a variety of demos and quizzes giving a real world look at some of the concepts that will be discussed.

Course Breakdown:

Section 1: In the pre-assessment quiz you'll face questions from all sections of this Security+ Certification training. Test your current knowledge and know your strengths and weaknesses.

Sections 2: Be introduced to various concepts on ethical hacking. We will be talking about vulnerabilities, exploits, defense strategy, penetration testing, pentest types and methodology, vulnerability management, incident management, and security policy development.

Section 3: Be able to identify a risk and the effect that it has on daily operations. You will gain an understanding of Disaster Recovery, be able to define what a disaster is, rank a disaster, and create a plan that will define how to recover from a disaster, as well as, successfully recovering your data.

Section 4: Business continuity plans are important if the organization wishes to continue its normal operations in disasters, whether it is man-made or natural. Business continuity plans study all kinds of threats and estimates the damage resulting from those threats. Delve further into the development process for a business continuity plan, and learn all the necessary steps that are involved in initiating the plan as well.

Section 5: Pentesting is an intentional attack on a system to discover security weaknesses. These can be left either by the security officer or the security controls. At the end of this section we will have reviewed security and vulnerability assessment, and the differences between automatic and manual testing.

Section 6: Watch in-depth demos on several of the vulnerability assessment tools that are available, as well as in-depth discussions on the benefits of these tools. We will be able to create a comprehensive VA program, identify key vulnerabilities, and perform mitigation actions before those vulnerabilities can be exploited

Section 7: Traditional cryptography uses a secret key for encrypting and decrypting a message. This is also known as a symmetric key. In public key cryptography, the CA creates private and public keys using the same algorithm, but it functions asymmetrically Learn the steps to create and manage a public key infrastructure, and the relationship between public key infrastructures and certificate authority, as well as both traditional cryptography and public key cryptography, the implementation of certificates, and managing certificates.

Section 8: Cryptography is the science of writing in secret code and is considered an ancient art. Learn weaknesses in cryptography and ways to improve your security. We will also cover the use of symmetric and asymmetric keys and the use of hybrid keys, as well as the use of hashing algorithms and digital signatures.

Section 9: Whenever we login to a computer system, we provide information to identify ourselves. We refer to this as authentication. Authentication has been developed to contain more than just username and password because we want added layers of security. Learn about authentication factors, forms of authentication, and authentication protocols.

Section 10: Social engineering is the art of extorting employees for information. It can take the form of human-based or digital. Learn what social engineering is, who's at risk, and how to protect and educate your employees against social engineering.

Section 11: Network scanning is the scanning of public or private networks to find out which systems are running, their IP addresses, and which services they are running. In Network Scanning, you will learn techniques for private and public network scanning using various tools. Accompanied with in-depth demos and discussions on how to use Angry IP, Nmap, Hping, and Zmap network scanners. Through this, you will learn the steps to network scanning, how to draw a network map, and plan an attack accordingly.

Section 12: When a port is scanned on a server, the port returns a response indicating that the it is open and a service is listening. Gain key port scanning methods and techniques, port scanning tools, and port scanning countermeasures.

Section 13: Ensure that you know everything involved in securing a Windows system against attack. You'll get into Windows passwords — how they’re created, how they’re stored, and different methods used to crack them. You’ll discover different methods used for guessing passwords and breaking the different security methods used within the Windows operating system.

Section 14: You will take a good look at spyware, the activities it performs, different types of spyware, and the countermeasures needed in order to prevent hackers from utilizing these types of techniques against your company. Understand the three different types of keyloggers that we see used in today's environments: hardware, software, and kernel/driver keyloggers.

Section 15: As an ethical hacker, there are times when you need to hide software from the company that you are performing the test against in order to verify that the defensive strategy isn't able to find your software. Trojans and Backdoors is the section where our software is going to be going undercover.Section 16: You will discover what viruses and worms are and how they can infect computers and systems. You’ll study their nature, how they function, and their impact. You will also spend time going through discussions on varieties of each, along with some real life examples. Refine your understanding of viruses and worms to better your system.

Section 17: Cover the basics of packet sniffing, ARP cache poisoning, DNS spoofing, SSL sniffing, VoIP phone calls, and sniffing remote desktop connections. This is coupled with demos on Wireshark, ARP poisoning, and XARP. 

Section 18: There are various ways that attackers have at their disposal to cover any tracks that may lead to their unwanted eviction, or worse yet, to an audit trail that would lead directly back to them. Learn about disabling auditing during or after an event, steps to take once it is disabled, and destroying any evidence. We will be going over various ways to avoid detection on Linux machines, and this will include several in-depth demos on various operations for the Linux machines. Section 19: Become familiar with the following concepts: denial-of-service, distributed denial-of-service, and how the denial-of-service and distributed denial-of-service attacks take place. Gain different countermeasures, so that you can plan, prepare, and establish the relevant countermeasures to protect your organization.

Section 20: Hacking Web and Application Servers, is a section course that will give you a good idea about vulnerabilities and attacks available for web servers and web applications. Understand various ways to collect information from web servers, application server attacks, and finding vulnerabilities in a server.

Section 21: SQL injection is the most used of all attacks. In this section understand SQL injection methodology, attacks, buffer overflow exploit, testing for SQL injection, countermeasures, and detection tools.

Section 22: Have you heard the words session hijacking? Simply put, it is defined as an intruder taking over a genuine session between two computers and using it for sinister purposes. Learn details about session hijacking, well-known techniques employed by aggressors, the steps involved in session hijacking, various types of session hijacking, tools for hijacking sessions, ways you can protect yourselves from session hijacking, and how pentesting can be used to identify vulnerabilities.

Section 23: Buffer overflow occurs when you try to store more data than what the allocated buffer or storage area can hold. In this section you will be introduced to the concepts of buffer overflows, how they happen, and how attackers take advantage of them. You will also learn how to defend against buffer overflow attacks, and what security measures you can take to protect your data.

Section 24: As a security tester or security analyst, it is important that you are aware of cross-site scripting vulnerabilities and how they may be exploited by attackers. We gain a comprehensive understanding of cross-site scripting, you will learn how to prevent it, and how you can test to identify cross-site scripting vulnerabilities. You will also learn what cross-site scripting is and what the different types of cross-site scripting you may come across. 

Section 25: Wireless attacks have become so easy even unskilled people with little computer literacy can accomplish them. This is because of the many automated tools available to perform this hack. In the section Hacking Wireless Networks, we will not be focusing on weaknesses of your wireless networks or how to protect them; instead, we will focus on how to gain access to a wireless network.

Section 26: Mobile security is a challenge. Not many of us realize the extent of the threat nor do we realize the ease in which we are hacked. At the end of this section, we want you to walk away today with that understanding. Learn the areas of IT that need to be considered when looking at security for your mobile devices.

Section 27: Wireless networks enable people to communicate and access applications and information without wires. This provides freedom of movement and the ability to extend applications to different parts of a building, city, or nearly anywhere in the world. In this section you will learn about wireless types and vulnerabilities. We will discuss different standards, systems, and attacks. This will be paired with demos on InSSIDer, Jammer, Fake AP, and Capsa. 

Section 28: What kind of security measures do you take to protect your facilities, equipment, resources, personnel, and property from damage caused by unauthorized access? Security is very important to any organization and physical security is no exception. Learn the physical security planning process, how to protect assets, internal support systems, and perimeter security.

Section 29: Discuss what firewalls and honeypots, and also how attackers get around these preventive programs. You will learn about the different types of firewalls and how they may be evaded.

Section 30: Intrusion Detection System (IDS) is a device or software that monitors network activities and system activities. While monitoring, it looks for suspicious activities and security policy violations. In this section review the vulnerabilities in an IS, types of IDS, types of evasion, techniques used to evade IDS, IDS tools, and how to carry out penetration testing so you can put a prevention plan in place. 

Section 31: Exploit is a common term in the computer security community that refers to a piece of software that takes advantage of a bug or glitch. Learn what advanced exploitation techniques are and how you can use them in your penetration testing.

Section 32: Handling incidents often needs preparation. There are plans and procedures to be taken, and drills to prepare the team. A successful handling team can prevent loss of money for an organization in the case of incident. It is an investment rather than a cost if it is done correctly. Be able to recognize what an incident is and where they potentially come from along with the steps to handling incidents and implementing those steps into your everyday policies and procedures.

Section 33: Today’s threats and cyber intelligence have made it mandatory for us to use devices for protection. Threats can come from inside our network and the internet. This makes it so that a firewall alone is not sufficient. We need to design a secure network. Learn of the many security devices that you have at your disposal, with an in-depth discussion on firewalls and their uses. Included in this course will be detailed demos on Firewall and Proxy, NAT, DMZ, and IDS-IPS.

The content in this course comes from CompTIA Security+ (SY0-401) exam certification topics.

Recommendations:

Learn from others! Here are some reviews from participants (Click on reviews to see full list of reviews)

• Great Material - This course is a great reference and way to refresh your skills for the new Net+ exam! I needed a good refresh before taking the exam and this course is clearly laid out and copiously covers the material for the exam. Great course, well worth the money! -- M.B.
• Perfect Course - Not only do you get great lectures that are pretty much PowerPoints with an instructor teaching you the concepts, there are also Demo lectures that show you how each of the concepts works in real life. This is such valuable information to have when taking the test. I feel very confident that this course is the best Network+ course on Udemy. -- D.R. Jr.
• A Complete Jumpstart - What has impressed me the most is the depth of the content to this coarse. Each HD video is crystal clear in both the visual and audio, even including quality closed captioning (great for reading along with the lectures). I wasn't interested in the flashcards or the crossword puzzles when I started the program, but I've found them to be very useful in staying engaged in the class when away from home. This is everything you need to get started and have a classroom quality experience from home. Dive in and stay focused! -- P.C.