Welcome to the Internet’s most comprehensive IT Security and Ethical Hacking course.
Excellent Course, Highly Recommended – If you are interested in learning the principles of IT Security and Hacking, this course is for you. Very detailed, in-depth, and well-presented. With over 25 hours of video, and references to several outside resources. This course builds and excellent foundation for the beginner and provides a good review for the more experienced IT professional — Michael Chesbro
Great for all levels – the Idea about this course is to get thinking about Security. And you will learn something . Something is new something is old. But everyone need a refresh now and then and see the whole picture. I recommend this course — Alf-Olav NIlsen
Ethical hacking helps – The production of your teaching is awesome. Thanks to your teaching I have gotten rid of some hacker which have been bothering me for quite some time. I didn’t know much about Security or ethical hacking until until I took this course. It has opened up a new world for me — John Ackerman
These lectures teach the principles, techniques, and tools needed to successfully prepare for and pass the “Ethical Hacking and Countermeasures” exam.
These sections can be taken in any order, as a review of a concept or knowledge area. However, if you are just becoming familiar with it security and ethical hacking it is recommended that you view the sections sequentially.
Ethical hacking is testing the IT resources for a good cause and for the betterment of technology. This training will establish your understanding of all the fundamental concepts, processes, and procedures.. You will spend time concentrating on each knowledge area, and studying the tools and techniques, inputs, and outputs associated with each knowledge area.
Introduction to Ethical Hacking
Ethical hacking is testing the resources for a good cause and for the betterment of technology. In our course Introduction to Ethical Hacking, you will be introduced to various concepts on ethical hacking. We will be talking about vulnerabilities, exploits, defense strategy, penetration testing, pentest types and methodology, vulnerability management, incident management, and security policy development, and at the end of this course we hope you will have a basic understanding of the various concepts involved in ethical hacking.
Disaster Recovery and Risk Management
Since you are a part of IT operations in your enterprise, you could be involved in planning and applying policies related to risk management and/or disaster recovery. In our course disaster recovery and risk management, you will receive an introduction to the basics of risk management and disaster recovery. When you have completed the course, you will be able to identify a risk and the effect that it has on daily operations. You will gain an understanding of security measures and how they are implemented, as well as, the importance and the process of managing risk in your environment. We will partner this with a detailed demo on the process of risk assessment. You will gain an understanding of disaster recovery, be able to define what a disaster is, rank a disaster, and create a plan that will define how to recover from a disaster, as well as, successfully recovering your data.
Pentesting is an intentional attack on a system to discover security weaknesses. These can be left either by the security of officer or the security controls. Penetration Testing is our course that covers security, vulnerabilities, different types of tests, and when to test as a pen tester. We have paired this with an in-depth demo on vulnerability assessment using the tool Nexpose. At the end of this course we will have reviewed security and vulnerability assessment, and the differences between automatic and manual testing.
Our course Vulnerability Assessment you will introduced to the concepts of: Vulnerability Assessment, Vulnerability Assessment Tools, and Patch Management. It will offer demos on several of the vulnerability assessment tools that are available, as well as in-depth discussions on the benefits of these tools. We will discuss the process of analyzing the scan results that the vulnerability assessment tools provide. Finally, we will discuss patch management and some tools that are available for this process, and at the end of this course you will be able to create a comprehensive VA program, identify key vulnerabilities, and perform mitigation actions before those vulnerabilities can be exploited.
What kind of security measures do you take to protect your facilities, equipment, resources, personnel, and property from damage caused by unauthorized access? In this course, Physical Security, these are questions that we will be answering. You will be learning how to recognize the potential risks of unauthorized access to your business and personnel, and how to counteract these risks by learning the steps to creating a security policy for you and your personnel to implement. We have included demos that will help you better understand the concepts that will be discussed in this course.
Footprinting is the gathering of information related to a particular computer and its users and systems. In this course you will learn the various tools and techniques used in footprinting as well as prevention and countermeasures that you can take to protect yourself and your systems. We will pair this with in-depth demos on some of the tools and their uses.
Reconnaissance is an exploration that is conducted to gain information. In this course, you will be learning the tools and steps for assessing computers, computer systems, networks, and applications. We will include in-depth demos that go into further detail on the uses of many of these tools.
Network scanning is the scanning of public or private networks to find out which systems are running, their IP addresses, and which services they are running. In our course Network Scanning, you will learn techniques for private and public network scanning using various tools. Accompanied with in-depth demos and discussions on how to use Angry IP, Nmap, Hping, and Zmap network scanners. Through this, you will learn the steps to network scanning, how to draw a network map, and plan an attack accordingly.
When a port is scanned on a server, the port returns a response indicating that the port is open and a service is listening. In our course Port Scanning, you will learn how ports can be scanned, how a hacker can break into your network through the ports, and the countermeasures you can take to protect your device or network. Our course will offer in-depth discussions on port scanning methods and techniques, port scanning tools, and port scanning countermeasures. We will partner this with detailed demos on Ping, Ping tester, and Netstat.
Banner grabbing is a technique used to grab information about computer systems on a network and the services running its open ports. In the course, Banner Grabbing, you will be learning the tools and techniques used in the process of banner grabbing. You will learn how to take inventory of the systems and services on your networks. You will be able to identify potential risks of banner grabbing and learn steps to take to protect your networks and systems from the potential threat of an intruder using banner grabbing. We will pair this course with demos on the tools you will be discussing.
Every system has its own services running on the network, in many cases those services can reveal sensitive information about network topology, users and groups, etc. Services like LDAP or NTP can be enumerated to reveal such information. In this course you will be introduced to enumeration and the many different uses it has in computer systems. This course will include demos on the different tools and uses of enumeration.
Linux was developed as a free operating system for Intel x86 based personal computers. It is a leading operating system on servers. Linux runs on embedded systems. The most widely used operating system for mobile technology (tablets and smartphones) is built on top of the Linux kernel. In this course you will be learning the fundamentals of Linux. We will be pairing this course with demos with a more in-depth look into some of the fundamentals and tools of Linux.
Confguring Linux for Pentesting
Servers are primary targets for attackers. Pentesting is an attack on a system in hopes of finding security weaknesses. In the course Configuring Linux for Pentesting, you will be learning the steps to configure Linux for pentesting and tools used for pentesting on a Linux system. This course will be combined with demos that will delve deeper and give you real world examples of the tools and programs that Linux uses to accomplish pentesting.
Whenever we login to a computer system, we provide information to identify ourselves. We refer to this as authentication. Authentication has been developed to contain more than just username and password because we are looking for added layers of security. In this course we will be covering authentication factors, forms of authentication, and authentication protocols. We will also be going over RADIUS, LDAP, and SSO. We will pair this with several demos depicting practical uses of the many tools that we will discuss in this course.
Ensure that you know everything involved in securing a Windows system against attack. During this course you’ll get into Windows passwords — how they’re created, how they’re stored, and different methods used to crack them. You’ll discover different methods used for guessing passwords and breaking the different security methods used within the Windows operating system. You’ll find discussions on responding to privilege escalation. You’ll also spend some time going through a couple of scenarios demonstrating how to use key defense tools. Overall, the topics explored here will teach you how to increase security on your Windows machines, as well as show the required procedures and tools to prepare for different certification exams from EC-Council, CompTIA, Linux, and CISSP.
Spyware & Keyloggers
You will take a good look at spyware, the activities it performs, different types of spyware, and the countermeasures needed in order to prevent hackers from utilizing these types of techniques against your company. You will also spend time studying different types of keyloggers. There are three different types of keyloggers that we see used in today’s environments: hardware, software, and kernel/driver keyloggers. A good pen tester or ethical hacker cannot perform his or her job properly without understanding the countermeasures for all of the hacking techniques used against today’s computer systems. Overall, these topics will help prepare you for certification exams from vendors, such as Linux, CompTIA, and EC-Council.
This course will be going over various ways that attackers have at their disposal to cover any tracks that may lead to their unwanted eviction or worse yet to an audit trail that would lead directly back to them. In this course we will be discussing disabling auditing during or after an event, steps to take once it is disabled, and destroying any evidence. We will be going over various ways to avoid detection on Linux machines, and this will include several in-depth demos on various operations for the Linux machines.
Trojans and Backdoors
As an ethical hacker, there are times when you need to hide software from the company that you are performing the test against in order to verify that the defensive strategy is able to find your software. Trojans and Backdoors is the course where our software is going to be going undercover. In this course we are going to define malware and take a look at how a payload is delivered. We will overview the various Trojan tools, and tools used to generate Trojan programs, as well as, learning about Netcat. We will spend time going over countermeasures and various anti-Trojan software and hardware, and preventive methods that can be used to prevent attacks. We will also be incorporating several demos on the many tools that we will be discussing in this course.
Viruses and Worms
You will discover what viruses and worms are and how they can infect computers and systems. You’ll study their nature, how they function, and their impact. You will also spend time going through discussions on varieties of each, along with some real life examples. Refine your understanding of viruses and worms to better your system. The knowledge you gain here will prepare you to be a more effective network administrator. Furthermore, the topics covered here will help with preparing you for security certification exams offered by EC-Council, CompTIA, and Linux.
Sniffers is our course where we take a look at Network Sniffing. We will be covering the basics of packet sniffing, ARP cache poisoning, DNS spoofing, SSL sniffing, VoIP phone calls and sniffing remote desktop connections. This will be coupled with demos on Wireshark, ARP poisoning, and XARP.
Social engineering is the art of extorting employees for information. It can take the form of human-based or digital. In our course Social Engineering, you will learn what social engineering is, who’s at risk, and how to protect and educate your employees against social engineering. You will learn the importance of creating a security policy, and how to deal with the threat of human-based attacks from both outside and inside the company. You will learn what kind of risks computer-based attacks and social media present. We will couple this with in-depth demos on phishing email, SET-webTemplate, SET-spear phishing, SET-trojan, and SET SMS Spoofing.
Denial of Service
Become familiar with the following concepts: denial-of- service, distributed denial-of-service, and how the denial- of-service and distributed denial-of-service attacks take place. You will also see what botnets are and how they are used to attack your system or network. You will find explanations on the tools that are used to attack, and how you can detect such attacks. You will be introduced to different countermeasures, so that you can plan, prepare, and establish the relevant countermeasures to protect your organization. You will also learn how DoS and DDoS can be used in penetration testing. You will go through discussions on how to protect your organization from the distributed denial-of-service attacks and denial-of- service penetration testing. Altogether, these topics focus on deepening your understanding of security concepts and practices, so that you’re a more efficient network administrator. With the skills you gain here, you’re equipped to pursue a number of security certifications from CompTIA, EC-Council, and CEH.
Have you heard the words “session hijacking”? Simply put, it is defined as an intruder taking over a genuine session between two computers and using if for sinister purposes. In the course Session Hijacking, you will learn details about session hijacking, well-known techniques employed by aggressors, the steps involved in session hijacking, various types of session hijacking, tools for hijacking sessions, ways you can protect yourselves from session hijacking, and how pentesting can be used to identify vulnerabilities.
Hacking Web and App Servers
Hacking Web and Application Servers course, is a course that will give us a good idea about vulnerabilities and attacks available for web servers and web applications. This course includes in-depth demos on several of the tools used for hacking web servers and application servers. These tools include Apache2, Netcraft, Website Mirroring, W3AF, and WMAP. By the end of this course we will have discussed various ways to collect information from web servers, application server attacks, and finding vulnerabilities in a server.
Advanced Exploitation Techniques
Exploit is a common term in the computer security community that refers to a piece of software that takes advantage of a bug or glitch. In our course Advanced Exploitation Techniques, you will learn what advanced exploitation techniques are and how you can use them in your penetration testing. You will also learn how to use Metasploit to exploit vulnerabilities. This will be coupled with in-depth demos on using Metasploit, and other Metasploit tools, such as, Meterpreter, Armitage, and Armitage-mimkatz.
SQL injection is the most used of all attacks. In this course, SQL Injections, you will be learning how SQL injections can be initiated, cause damage or loss, prevention against such attacks, and discussing detection tools. This course includes demos demonstrating BSQL tool as well as SQL Injection Username and Password. By the end of this course you will have covered SQL injection methodology, attacks, buffer over ow exploit, testing for SQL injection, countermeasures and detection tools.
Wireless Types and Vulnerabilities
Wireless types, such as WLAN, are also known as Wi- Fi networks and they are susceptible to security lapses that wired networks are exempt from. In this course you will learn about different wireless types and their vulnerabilities. You will learn about several different tools that will help you take countermeasures against these vulnerabilities. We will complete this course with demos on different tools that we will be discussing.
Hacking Wireless Networks
Wireless attacks have become easy; even unskilled people with little computer literacy can accomplish them. This is because of the many automated tools available to perform this hack. In our course Hacking Wireless Networks, we will not be focusing on weaknesses of your wireless networks or how to protect them, instead, we will focus on showing you how to gain access to a wireless network.
Mobile Hacking Basics
Mobile hacking can be anything from searching for unlocked Wi-Fi networks, to the hacking of Android OS or IOS systems. In our course Mobile Hacking Basics, we will give you a basic introduction of the tools and concepts behind mobile hacking with demos giving you a look at some of these tools in action.
Evading Firewalls and Honeypots
Evading Firewalls and Honeypots, is the course where we will not only discuss what firewalls and honeypots are, but how attackers get around these preventive programs. You will learn about the different types of firewalls and how they may be evaded. You will also learn what honeypots are and how they are set-up to divert any would be attackers attention. You will be learning how attackers anticipate honeypots and how penetration testing can help you in dealing with these attackers. We have paired this course with several demos that will cover more in-depth the topics that we will be discussing and help you gain a broader understanding of those topics.
Intrusion Detection System (IDS) is a device or software that monitors network activities and system activities. While monitoring, it looks for suspicious activities and security policy violations. In this course Evading IDS we will be discussing the vulnerabilities in an IS, types of IDS, types of evasion, techniques used to evade IDS, IDS tools, and how to carry out penetration testing so you can put a prevention plan in place. We will combine this with an in-depth demo on how to avoid an IDS.
Buffer over ow occurs when you try to store more data than what the allocated buffer or storage area can hold. In this course you will be introduced to the concepts of buffer overflows, how they happen, and how attackers take advantage of them. You will also learn how to defend against buffer over ow attacks, and what security measures you can take to protect your data. We will accompany this with several demos that will delve deeper and help you understand some of the specific topics that will be discussed.
Traditional cryptography uses a secret key for encrypting and decrypting a message. This is also known as symmetric keys. Public key cryptography, the CA creates private and public keys using the same algorithm, it functions asymmetrically. In the course Cryptography, you will discuss Public Key Infrastructures, Certificate Authorities, and Certificate management. We will combine that with in-depth demos on PKI Installation, Con g-complete, CRL, Enroll Certificate, and CA Management. We will discuss the steps to create and manage a public key infrastructure, and the relationship between public key infrastructures and certificate authority, as well as, both traditional cryptography and public key cryptography, the implementation of certificates, and managing certificates.
Cryptography is the science of writing in secret code and is considered an ancient art. The first documented use of cryptography dates back to circa 1900 B.C. In our course Cryptography Weaknesses, we will discuss weaknesses in cryptography and ways to improve your security. We will also cover the use of symmetric and asymmetric keys and the use of hybrid keys, as well as, the use of hashing algorithms and digital signatures. We will pair this with several demos to show you how each of these works in practical situations.
As a security tester or security analyst, it is important that you are aware of cross-site scripting vulnerabilities and how they may be exploited by attackers. In our course Cross-site Scripting, you will gain a comprehensive understanding of cross-site scripting, you will learn how to prevent it, and how you can test to identify cross-site scripting vulnerabilities. You will also learn what cross- site scripting is and what the different types of cross-site scripting you may come across. This course will also be paired with several demos that give you a real world view of what we have and will cover in this course.
Handling incidents often needs preparation. There are plans and procedures to be taken, and drills to prepare the team. A successful handling team can prevent loss of money for an organization in case of incident. It is an investment rather than a cost if it is done correctly. In the course Incident Handling, you will learn how to recognize what an incident is and where they potentially come from. You will then learn the steps to handling incidents and implementing those steps into your everyday policies and procedures.
Business continuity plans are important if the organization wishes to continue its normal operations in disasters, whether they are man-made or natural. Business continuity plans study all kinds of threats and estimates the damage resulting from those threats. In the course Business Continuity, you will learn the different categories that the events that threaten your business are classified under. You will also learn the steps in creating a business continuity plan. You will also delve further into the development process for a business continuity plan, and learn all the necessary steps that are involved in initiating the plan as well.
Today’s threats and cyber intelligence have made it mandatory for us to use devices for protection. Threats can come from inside our network and the Internet. This makes it so that a firewall alone is not sufficient. We need to design a secure network. In Network Design and Security Controls, you will learn the steps and the tools to designing a secure network. You will also learn of the many security devices that you have at your disposal, with an in-depth discussion on firewalls and their uses. Included in this course will be detailed demos on Firewall and proxy-nat, DMZ, and IDS-IPS.
Cloud Computing Concepts
Even though a cloud provider has more capital to implement enterprise security controls, this does not mean it is a 100% secure environment. Securing cloud services depends on the provider and client as well.
Cloud Computing Attacks
Attacks can vary – They can be the client side or the cloud provider side. Both are dangerous and can result in severe damage if no backup plan is in place. This lecture will discuss several examples of the cloud computing hacks that can be happen: