More than 25 Hours of Expert Video Instruction
This course is a complete guide to help you get up and running with your cybersecurity career. You will learn the key tenets and fundamentals of networking and security basics; cybersecurity management, monitoring and analysis; network security telemetry; digital forensics and incident response (DFIR); fundamentals of …
More than 25 Hours of Expert Video Instruction
This course is a complete guide to help you get up and running with your cybersecurity career. You will learn the key tenets and fundamentals of networking and security basics; cybersecurity management, monitoring and analysis; network security telemetry; digital forensics and incident response (DFIR); fundamentals of ethical hacking and penetration testing; advanced wireless hacking and pen testing; mobile device security, and IoT Security.
This Complete Video Course provides a complete learning path for building your skills as a cyber security professional. You will start with the fundamental concepts, so you can increase your core knowledge before quickly moving on to actually working through pen testing and ethical hacking projects—so you can start to build your skills. Omar Santos, best-selling Cisco Press and Pearson security author and trainer, has compiled the lessons in this title from other training courses. You will find that the lessons build on each in an easy-to-follow organization, so you can move through the topics at your own pace.
This course provides supplemental material to reinforce some of the critical concepts and techniques that the reader has learned and provides scripts that help you build your own hacking environment, examples of real-life penetration testing reports, and more. This material can be found at theartofhacking.org.
Topics include:
Module 1: Networking and Security Basics
Module 2: Cybersecurity Management, Monitoring, and Analysis
Module 3: Network Security Telemetry
Module 4: Digital Forensics and Incident Response (DFIR)
Module 5: Fundamentals of Ethical Hacking and Penetration Testing
Module 6: Advanced Wireless Hacking and Penetration Testing
Module 7: Mobile Device Security
Module 8: Internet of Things (IoT) Security
About the Instructor
Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. Omar is the author of more than a dozen books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io, and you can follow Omar on Twitter: @santosomar.
Skill Level
Who Should Take This Course
This course serves as comprehensive guide for anyone who would like to start a career in cyber security.
Course Requirements
Requires basic knowledge of Internet and networking technology.
About Pearson Video Training
Pearson’s expert-led video tutorials teach you the technology skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT certification, programming, web and mobile development, networking, security, and more. Learn more about Pearson Video training at http://www.informit.com/video
Module 1: Networking and Security Basics
Lesson 1: Networking Fundamentals
Learning objectives
1.1 Reviewing the OSI Model
1.2 Reviewing the TCP/IP Network Models
1.3 Surveying Common Networking Protocols: DHCP
1.4 Surveying Common Networking Protocols: Routing Protocols
1.5 Surveying Common Networking Protocols: ICMP
1.6 Surveying Common Networking Protocols: DNS
1.7 Identifying Networking Device Types
1.8 Understanding IP Subnets
1.9 Examining VLANs and Data Visibility
Lesson 3: Security Principles
Learning objectives
3.1 Understanding Defense-in-Depth
3.2 Identifying Threats, Vulnerabilities, and Exploits and Their Associated Risk
3.3 Identifying Threat Actors
3.4 Understanding Reverse Engineering
3.5 Understanding Chain of Custody
3.6 Examining Run Books
3.7 Introducing PII and PHI
3.8 Understanding Principle of Least Privilege
3.9 Performing Risk Assessment
Lesson 4: Access Control Models
Learning objectives
4.1 Understanding Confidentiality, Integrity, and Availability
4.2 Understanding Authentication, Authorization, and Accounting
4.3 Examining the Access Control Process: Terminology and Data Classification
4.4 Examining the Access Control Process: Data States and Policy Roles
4.5 Examining the Access Control Process: Security and Access Control Classification
4.6 Understanding Discretionary Access Control
4.7 Understanding Mandatory Access Control
4.8 Understanding Role Based Access Control
4.9 Understanding Attribute Based Access Control
Lesson 6: Fundamentals of Cryptography and PKI
Learning objectives
6.1 Understanding the Basic Components of Cryptography
6.2 Introducing Public Key Infrastructure
6.3 Deciphering Encryption Algorithms
6.4 Understanding Hashing Algorithms
6.5 Examining Secure Socket Layer and Transport Layer Security
6.6 Examining Digital Certificates
Lesson 7: Introduction to Virtual Private Networks (VPNs)
Learning objectives
7.1 Introducing VPNs and Why We Use Them
7.2 Examining Remote Access VPNs
7.3 Examining Site-to-Site VPNs
7.4 Understanding IPsec Concepts, Components, and Operations
7.5 Surveying Cisco VPN Solutions: Traditional IPsec, DMVPN, FlexVPN
7.6 Surveying Cisco VPN Solutions: Clientless SSL and AnyConnect
Lesson 9: Endpoint Security Technologies
Learning objectives
9.1 Examining Host-Based Intrusion Detection
9.2 Exploring Antimalware and Antivirus
9.3 Understanding Host-based Firewalls
9.4 Exploring Application-level Whitelisting/Blacklisting
9.5 Exploring Systems-based Sandboxing
Lesson 12: Types of Attacks and Vulnerabilities
Learning objectives
12.1 Surveying Types of Vulnerabilities
12.2 Understanding Passive Reconnaissance and Social Engineering
12.3 Understanding Active Reconnaissance Port Scanning and Host Profiling
12.4 Understanding Privilege Escalation and Code Execution Attacks
12.5 Understanding Backdoors and Man-in-the Middle Attacks
12.6 Understanding Denial of Service Attacks
12.7 Surveying Attack Methods for Data Exfiltration
12.8 Understanding ARP Cache Poisoning and Route Manipulation Attacks
12.9 Understanding Password Attacks
12.10 Understanding Wireless Attacks
12.11 Exploring Security Evasion Techniques
Lesson 1: Threat Analysis
Learning objectives
1.1 Understanding Risk Analysis
1.2 Understanding the Common Vulnerability Scoring System (CVSS)
1.3 Interpreting Malware Analysis Tool Output
Module 2: Cybersecurity Management, Monitoring, and Analysis
Lesson 5: Introduction to Security Management
Learning objectives
5.1 Surveying Asset Management
5.2 Surveying Configuration Management
5.3 Surveying Mobile Device Management
5.4 Surveying Patch Management
5.5 Surveying Vulnerability Management
5.6 Understanding Network and Host Antivirus
5.7 Understanding SEIM and Log Collection
Lesson 8: Windows, Linux, and MAC OS X Based Analysis
Learning objectives
8.1 Understanding Windows Forensics Basics
8.2 Understanding Linux and MAC OS X Forensics Basics
8.3 Examining Web Server Logs
Lesson 10: Network and Host Telemetry
Learning objectives
10.1 Introducing NetFlow
10.2 Surveying Commercial and Open Source NetFlow Tools
10.3 Understanding Flexible NetFlow
10.4 Examining Firewall Logs
10.5 Understanding Application Visibility and Control
10.6 Examining Web and Email Content Filtering Logs
10.7 Exploring Full Packet Capture
10.8 Surveying IPS Events
10.9 Surveying Host or Endpoint Events
Module 3: Network Security Telemetry
Lesson 1: Introduction to NetFlow and IPFIX
Learning objectives
1.1 Introduction to NetFlow
1.2 The Attack Continuum
1.3 The Network as a Sensor and as an Enforcer
1.4 What Is a Flow?
1.5 NetFlow Versus IP Accounting and Billing
1.6 NetFlow for Network Security
1.7 Traffic Engineering and Network Planning
1.8 Introduction to IP Flow Information Export (IPFIX)
1.9 Cisco Supported Platforms for NetFlow
1.10 NetFlow Versions and History
Lesson 2: NetFlow Deployment Scenarios
Learning objectives
2.1 Introduction to Cisco Cyber Threat Defense
2.2 Deployment Scenario: User Access Layer
2.3 Deployment Scenario: Wireless LAN
2.4 Deployment Scenario: Internet Edge
2.5 Deployment Scenario: Data Center
2.6 Deployment Scenario: NetFlow in Site-to-Site and Remote VPNs
2.7 NetFlow Collection Considerations and Best Practices
2.8 Determining the Flows per Second and Scalability
Lesson 4: NetFlow Commercial and Open Source Monitoring and Analysis Software Packages
Learning objectives
4.1 Commercial NetFlow Monitoring and Analysis Software Packages
4.2 NFdump
4.3 NfSen
4.4 SiLK
4.5 Elasticsearch, Logstash, and Kibana Stack (ELK): Overview and Architecture
4.6 ELK: Installation and Configuration Files
Module 4: Digital Forensics and Incident Response (DFIR)
Lesson 2: Forensics
Learning objectives
2.1 Examining Types of Evidence
2.2 Surveying Windows Forensics: Application Processes, Threads, and Vulnerabilities
2.3 Surveying Windows Forensics: Memory
2.4 Surveying Windows Forensics: The Windows Registry
2.5 Surveying Windows Forensics: Hard Drives, FAT, and NTFS
2.6 Surveying Linux Forensics
2.7 Understanding Evidence Collection
2.8 Handling Evidence
2.9 Examining Asset and Threat Actor Attribution
Lesson 3: Intrusion Analysis
Learning objectives
3.1 Introducing Intrusion Analysis Fundamentals
3.2 Examining Packet Captures
3.3 Examining Protocol Headers
3.4 Analyzing Security Device Data
3.5 Differentiating False Positives, False Negatives, True Positives, and True Negatives
Lesson 5: Introduction to Incident Response
Learning objectives
5.1 Scoping the Incident Response Plan and Process
5.2 Understanding Information Sharing and Coordination
5.3 Identifying the Incident Response Team Structure
Lesson 6: Incident Response Teams
Learning objectives
6.1 Analyzing Computer Incident Response Teams (CSIRTs)
6.2 Analyzing Product Security Incident Response Teams (PSIRTs)
6.3 Surveying Coordination Centers
6.4 Analyzing Managed Security Service Providers Incident Response Teams
Lesson 8: Network and Host Profiling
Learning objectives
8.1 Understanding Network Profiling
8.2 Understanding Host Profiling
Lesson 9: Data and Event Analysis
Learning objectives
9.1 Understanding Data Normalization
9.2 Deconstructing Universal Data Formats
9.3 Understanding the 5-tuple Correlation
9.4 Performing DNS Analysis
9.5 Performing Web Log Analysis
9.6 Performing Deterministic and Probabilistic Analysis
Lesson 10: Intrusion Event Categories
Learning objectives
10.1 Identifying and Mitigating Reconnaissance
10.2 Identifying and Mitigating Weaponization
10.3 Identifying and Mitigating Delivery
10.4 Identifying and Mitigating Exploitation
10.5 Identifying and Mitigating Installation
10.6 Identifying and Mitigating Command and Control
10.7 Understanding Action on Objectives
Lesson 11: The Incident Handling Process
Learning objectives
11.1 Introducing the Vocabulary for Event Recording and Incident Sharing (VERIS)
11.2 Applying the VERIS Schema to Incident Handling
11.3 Surveying the VERIS Incident Recording Tool and Other VERIS Resources
Module 5: Fundamentals of Ethical Hacking and Penetration Testing
Lesson 1: Overview of Ethical Hacking and Penetration Testing
Learning objectives
1.1 Introducing Ethical Hacking and Pen Testing
1.2 Getting Started with Ethical Hacking and Pen Testing
1.3 Understanding the Legal Aspects of Penetration Testing
1.4 Exploring Penetration Testing Methodologies
1.5 Exploring Penetration Testing and other Cyber Security Certifications
1.6 Building Your Own Lab: Overview
1.7 Building Your Own Lab: VIRL and Operating System Software
1.8 Understanding Vulnerabilities, Threats, and Exploits
1.9 Understanding the Current Threat Landscape
Lesson 3: Passive Reconnaissance
Learning objectives
3.1 Understanding Passive Reconnaissance
3.2 Exploring Passive Reconnaissance Methodologies: Discovering Host and Port Information
3.3 Exploring Passive Reconnaissance Methodologies: Searching for Files
3.4 Exploring Passive Reconnaissance Methodologies: Searching for Names, Passwords, and Sensitive Information
3.5 Surveying Essential Tools for Passive Reconnaissance: SpiderFoot, theHarvester, and Discover
3.6 Surveying Essential Tools for Passive Reconnaissance: Recon-ng
Lesson 4: Active Reconnaissance
Learning objectives
4.1 Understanding Active Reconnaissance
4.2 Exploring Active Reconnaissance Methodologies from an Ethical Hacker Perspective
4.3 Surveying Essential Tools for Active Reconnaissance: Port Scanning and Web Service Review
4.4 Surveying Essential Tools for Active Reconnaissance: Network and Web Vulnerability Scanners
Lesson 5: Hacking Web Applications
Learning objectives
5.1 Understanding Web Applications
5.2 Understanding Web Architectures
5.3 Uncovering Web Vulnerabilities
5.4 Testing Web Applications: Methodology
5.5 Testing Web Applications: Reconnaissance
5.6 Testing Web Applications: Mapping
5.7 Testing Web Applications: Vulnerability Discovery
5.8 Understanding the Exploitation of Web Applications
5.9 Surveying Defenses to Mitigate Web Application Hacking
Lesson 8: Hacking Networking Devices
Learning objectives
8.1 Understanding the Reasons for and the Steps to Hacking a Network
8.2 Reviewing Networking Technology Fundamentals: OSI and DoD Internet Models
8.3 Reviewing Networking Technology Fundamentals: Forwarding Device Architecture and Communication
8.4 Building an Internetwork Topology Using VIRL
8.5 Hacking Switches: Reviewing Ethernet Fundamentals
8.6 Hacking Switches: Demo
8.7 Hacking Switches: ARP Vulnerabilities and ARP Cache Poisoning
8.8 Reviewing Router Fundamentals
8.9 Examining ICMP, First Hop Redundancy and Routing Protocol Attacks
8.10 Hacking the Management Plane
8.11 Understanding Firewall Fundamentals and Levels of Inspection
8.12 Performing Firewall Reconnaissance and Tunneling
8.13 Surveying Essential Tools for Hacking Network Devices: Packet Capture
8.14 Surveying Essential Tools for Hacking Network Devices: Switch and Router Hacking Tools
8.15 Surveying Essential Tools for Hacking Network Devices: ARP Spoofing Tools
8.16 Surveying Essential Tools for Hacking Network Devices: MiTM Tools
8.17 Surveying Essential Tools for Hacking Network Devices: Linux Tools
8.18 Using Network Device Hacking Tools to Perform a MiTM Attack
Lesson 9: Fundamentals of Wireless Hacking
Learning objectives
9.1 Reviewing Wireless Technology Fundamentals
9.2 Surveying Wireless Hacking Tools: Wireless Adapters
9.3 Surveying Wireless Hacking Tools: Software
9.4 Hacking WEP, WPA, and Other Protocols
9.5 Understanding Hacking Wireless Clients
Lesson 10: Buffer Overflows
Learning objectives
10.1 Understanding Buffer Overflows
10.2 Exploiting Buffer Overflows
10.3 Overcoming Defenses for Buffer Overflow Vulnerabilities
10.4 Understanding Fuzzing
10.5 Creating a Fuzzing Strategy
10.6 Exploring Mutation-based, Generation-based, and Evolutionary Fuzzers
10.7 Surveying Tools to Find and Exploit Buffer Overflows
Lesson 6: Hacking User Credentials
Learning objectives
6.1 Understanding Authentication and Authorization Mechanisms
6.2 Understanding Authentication and Authorization Attacks
6.3 Exploring Password Storage Mechanisms
6.4 Understanding Password Storage Vulnerability
6.5 Cracking Passwords with John the Ripper
6.6 Cracking Passwords with hashcat
6.7 Improving Password Security
Lesson 13: Social Engineering
Learning objectives
13.1 Understanding Social Engineering
13.2 Exploring the Social Engineering Toolkit (SET)
13.3 Exploring Maltego
13.4 Surveying Social Engineering Case Studies
Lesson 15: Writing Penetration Testing Reports
Learning objectives
15.1 Understanding Pen Test Reports and How They Are Used
15.2 Planning and Organizing Your Report
15.3 Understanding the Pen Test Report Format
15.4 Exploring Risk Ratings
15.5 Distributing Pen Test Reports
Module 6: Advanced Wireless Hacking and Penetration Testing
Lesson 2: Wireless Client Attacks
Learning objectives
2.1 Understanding Wireless Client Attacks and Their Motives
2.2 Learning Packet Injection Attacks
2.3 Eavesdropping and Manipulating Unencrypted Wi-Fi Communications
2.4 Attacking Publicly Secure Packet Forwarding (PSPF)
2.5 Attacking the Preferred Network List (PNL)
Lesson 3: Building Your Lab and Attack Hardware
Learning objectives
3.1 Understanding Wireless Antennas
3.2 Surveying Wi-Fi Devices Like the Pinneaple
3.3 Building Your Own Lab
Lesson 4: Aircrack-ng
Learning objectives
4.1 Introducing the Aircrack-ng Suite
4.2 Introducing Airmon-ng
4.3 Understanding Airodump-ng
4.4 Introducing Aireplay-ng
4.5 Introducing Airdecap-ng
4.6 Introducing Airserv-ng
4.7 Introducing Airtun-ng
Lesson 5: Cracking WEP
Learning objectives
5.1 Understanding WEP Fundamentals
5.2 Learning How to Crack WEP
Lesson 6: Hacking WPA
Learning objectives
6.1 Understanding WPA Fundamentals
6.2 Surveying Attacks Against WPA2-PSK Networks
6.3 Using coWPAtty
6.4 Using Pyrit
6.5 Exploring WPA Enterprise Hacking
Lesson 7: Performing Wireless Reconnaissance
Learning objectives
7.1 Using Kismet
7.2 Using Wireshark
7.3 Learning How to Hack Default Configurations
Lesson 8: Evil Twins and Rogue Access Points
Learning objectives
8.1 Defining Evil Twin Attacks
8.2 Performing Evil Twin Attacks
8.3 Using Karmetasploit
8.4 Exploring the WiFi Pineapple
Module 7: Mobile Device Security
Lesson 13: Mobile Device Security
Learning objectives
13.1 Understanding OWASP Mobile Device Vulnerabilities
13.2 Wrestling with the BYOD Dilemma
13.3 Understanding Mobile Device Management (MDM)
13.4 Understanding Mobile Device Security Policies
Lesson 14: Hacking Android Devices
Learning objectives
14.1 Exploring The Android Security Model
14.2 Exploring Android Emulators and SDK
14.3 Understanding Android Hacking Tools and Methodologies
Lesson 15: Hacking iOS Devices
Learning objectives
15.1 Introducing iOS Security
15.2 Exploring Jailbraking iOS
15.3 Surveying Tools for Dissasembling iOS Applications
Module 8: Internet of Things (IoT) Security
Lesson 12: Hacking IoT Devices
Learning objectives
12.1 Understanding IoT Fundamentals
12.2 Exploring ZigBee and IEEE 802.15.4
12.3 Exploring INSTEON
12.4 Exploring ZWave
12.5 Exploring LoRA
Lesson 9: Attacking Bluetooth
Learning objectives
9.1 Understanding Bluetooth Vulnerabilities
9.2 Surveying Tools for Bluetooth Monitoring
Lesson 10: Attacking NFC
Learning objectives
10.1 Understanding NFC Vulnerabilities
10.2 Exploring NFC Attacks and Case Studies