26 Hours of Detailed, Curated Video Training to Take You from Basic to Guru in Cybersecurity
Overview
The Complete Cybersecurity Bootcamp, 2nd Edition is your comprehensive guide to becoming a cybersecurity professional. The extensive course is compiled from Omar Santo’s best-selling video courses, starting with the basics and leading you through the most important topics in the …
26 Hours of Detailed, Curated Video Training to Take You from Basic to Guru in Cybersecurity
Overview
The Complete Cybersecurity Bootcamp, 2nd Edition is your comprehensive guide to becoming a cybersecurity professional. The extensive course is compiled from Omar Santo’s best-selling video courses, starting with the basics and leading you through the most important topics in the cybersecurity landscape. The videos in this intensive bootcamp are structured to help you start with the fundamental concepts of cybersecurity and then build your core cybersecurity knowledge and move on to real-life pen testing and ethical hacking projects. It also covers cloud security, cybersecurity management, monitoring and analysis, network security telemetry, digital forensics and incident response (DFIR), ethical hacking and pen testing, wireless hacking and pen testing, mobile device security, and IoT security. This course can also be a resource for anyone who is preparing for security certification like CompTIA Security+, Cisco CyberOps Associate, CISSP, CompTIA PenTest+, Certified Ethical Hacker (CEH), GIAC certifications, or others.
Omar Santos, a best-selling Cisco Press and Pearson security author and trainer, has compiled the lessons to provide you with the best knowledge. The Bootcamp is organized in an easy-to-follow manner to give you the freedom to move at your own pace. The course provides supplement materials to strengthen your critical concepts and techniques that help you build your own hacking environment, examples of real-life penetration testing reports, and more. This material can be found at theartofhacking.org.
The contents of The Complete Cybersecurity Bootcamp, 2nd Edition were created using the following titles:
Module 1: Security Concepts
Module 2: Security Operations, Incident Response, and Digital Forensics
Module 3: AAA, Identity Management, Network Visibility, and Segmentation
Module 4: Fundamentals of Ethical Hacking and Penetration Testing
Module 5: Mobile Device Security
Module 6: Internet of Things (IoT) Security
Module 7: Cloud Security Fundamentals
About the Instructor
Omar Santos is an active member of the cybersecurity community, where he leads several industry-wide initiatives. He is the lead of the DEF CON Red Team Village; the chair of the Common Security Advisory Framework (CSAF) technical committee; the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group; and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.
Omar is the author of over twenty books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cybersecurity vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io and you can follow Omar on Twitter @santosomar.
Skill Level
Learn more about Pearson Video training at http://www.informit.com/video .
Introduction
The Complete Cybersecurity Bootcamp: Introduction
Module 1: Security Concepts
Module introduction
Lesson 1: Cybersecurity Fundamentals
Learning objectives
1.1 Describing the CIA Triad
1.2 Comparing Security Deployments: Network, Endpoint, and Application Security Systems
1.3 Comparing Security Deployments: Agentless and Agent-based Protections
1.4 Comparing Security Deployments: Legacy Antivirus and Antimalware
1.5 Comparing Security Deployments: SIEM, SOAR, and Log Management
1.6 Defining Threat Intelligence
1.7 Defining Threat Hunting
1.8 Understanding Malware Analysis
1.9 Interpreting the Output Report of a Malware Analysis Tool
1.10 Understanding the Different Threat Actor Types
1.11 Defining Run Book Automation (RBA)
1.12 Defining Reverse Engineering
1.13 Understanding the Sliding Window Anomaly Detection
Lesson 2: Additional Cybersecurity Principles
Learning objectives
2.1 Performing Risk Assessment
2.2 Comparing Threats, Vulnerabilities, and Exploits
2.3 Understanding Authentication, Authorization, and Accounting
2.4 Examining the Access Control Process: Terminology and Data Classification
2.5 Examining the Access Control Process: Data States and Policy Roles
2.6 Examining the Access Control Process: Security and Access Control Classification
2.7 Understanding Discretionary Access Control
2.8 Understanding Mandatory Access Control
2.9 Understanding Role-based Access Control
2.10 Understanding Attribute-based Access Control
2.11 Understanding Rule-based Access Control
2.12 Understanding Time-based Access Control
Lesson 3: Types of Attacks and Vulnerabilities
Learning objectives
3.1 Surveying Types of Vulnerabilities
3.2 Understanding Passive Reconnaissance and Social Engineering
3.3 Understanding Active Reconnaissance Port Scanning and Host Profiling
3.4 Understanding Privilege Escalation and Code Execution Attacks
3.5 Understanding Backdoors and Man-in-the-Middle Attacks
3.6 Understanding Denial of Service Attacks
3.7 Surveying Attack Methods for Data Exfiltration
3.8 Understanding ARP Cache Poisoning and Route Manipulation Attacks
3.9 Understanding Password Attacks
3.10 Understanding Wireless Attacks
3.11 Exploring Security Evasion Techniques
3.12 Identifying the Challenges of Data Visibility in Detection
3.13 Identifying Potential Data Loss from Provided Traffic Profiles
3.14 Comparing Rule-based Detection vs. Behavioral and Statistical Detection
Lesson 4: Fundamentals of Cryptography and PKI
Learning objectives
4.1 Understanding the Basic Components of Cryptography
4.2 Introducing Public Key Infrastructure
4.3 Deciphering Encryption Algorithms
4.4 Understanding Hashing Algorithms
4.5 Examining Secure Socket Layer and Transport Layer Security
4.6 Examining Digital Certificates
Module 2: Security Operations, Incident Response, and Digital Forensics
Module introduction
Lesson 5: Fundamentals of Incident Response
Learning objectives
5.1 Describing Concepts as Documented in NIST.SP800-86
5.2 Mapping the Organization Stakeholders Against the NIST IR Categories
5.3 Scoping the Incident Response Plan and Process
5.4 Understanding Information Sharing and Coordination
5.5 Identifying the Incident Response Team Structure
5.6 Analyzing Computer Incident Response Teams (CSIRTs)
5.7 Analyzing Product Security Incident Response Teams (PSIRTs)
5.8 Surveying Coordination Centers
5.9 Analyzing Managed Security Service Providers Incident Response Teams
5.10 Introducing the Vocabulary for Event Recording and Incident Sharing (VERIS)
5.11 Applying the VERIS Schema to Incident Handling
5.12 Surveying the VERIS Incident Recording Tool and Other Resources
Lesson 6: Fundamentals of Security Monitoring
Learning objectives
6.1 Describing Endpoint-based Attacks
6.2 Understanding Data Normalization
6.3 Deconstructing Universal Data Formats
6.4 Understanding the 5-tuple Correlation
6.5 Performing DNS Analysis
6.6 Performing Web Log Analysis
6.7 Performing Deterministic and Probabilistic Analysis
6.8 Understanding Security Monitoring Fundamentals
6.9 Surveying Security Monitoring Tools
6.10 Grasping Security Monitoring Operational Challenges
Lesson 7: Intrusion Event Categories
Learning objectives
7.1 Identifying and Mitigating Reconnaissance
7.2 Identifying and Mitigating Weaponization
7.3 Identifying and Mitigating Delivery
7.4 Identifying and Mitigating Exploitation
7.5 Identifying and Mitigating Installation
7.6 Identifying and Mitigating Command and Control
7.7 Understanding Action on Objectives
7.8 Understanding the MITRE ATT Framework
Lesson 8: Digital Forensics Fundamentals
Learning objectives
8.1 Examining Types of Evidence
8.2 Understanding Chain of Custody
8.3 Understanding Evidence Collection
8.4 Handling Evidence
8.5 Examining Asset and Threat Actor Attribution
Lesson 9: Endpoint Security Technologies and Host-based Forensics Fundamentals
Learning objectives
9.1 Examining Host-based Intrusion Detection
9.2 Exploring Antimalware and Antivirus
9.3 Understanding Host-based Firewalls
9.4 Exploring Application-level AllowLists/BlockLists
9.5 Exploring Systems-based Sandboxing
9.6 Understanding Windows Forensics Basics
9.7 Surveying Windows Forensics: Application Processes
9.8 Surveying Windows Forensics: Memory
9.9 Surveying Windows Forensics: The Windows Registry
9.10 Surveying Windows Forensics: Hard Drives, FAT, and NTFS
9.11 Understanding Linux and MAC OS X Forensics Basics
9.12 Examining Web Server Logs
Lesson 10: Network Intrusion Analysis
Learning objectives
10.1 Introducing Intrusion Analysis Fundamentals
10.2 Examining Packet Captures
10.3 Examining Protocol Headers
10.4 Analyzing Security Device Data
10.5 Differentiating False Positives, False Negatives, True Positives, and True Negatives
10.6 Comparing Inline Traffic Interrogation and Taps or Traffic Monitoring
10.7 Extracting Files from a TCP Stream when Given a PCAP File and Wireshark
10.8 Interpreting Common Artifact Elements from an Event to Identify an Alert
Module 3: Security Operations, Incident Response, and Digital Forensics
Module introduction
Lesson 11: Introducing AAA and Identity Management
Learning objectives
11.1 Understanding Authentication
11.2 Exploring the RADIUS Protocol
11.3 Surveying the TACACS+ Protocol
11.4 Understanding Authorization
11.5 Surveying Authorization Models
11.6 Defining Accounting
11.7 Exploring Multifactor Authentication and Single Sign-On
11.8 Exploring Examples of Multifactor and Single Sign-On
Lesson 12: Network Visibility and Segmentation
Learning objectives
12.1 Defining Network Visibility and Segmentation
12.2 Introducing NetFlow and IPFIX
12.3 Describing Flexible NetFlow Records
12.4 Understanding NetFlow Deployment
12.5 Introducing Network Segmentation
12.6 Exploring Application-based Segmentation
12.7 Describing Network Access with CoA
Lesson 13: Network Infrastructure Security
Learning objectives
13.1 Configuring and Verifying Network Segmentation Using VLANs and VRF-lite
13.2 Configuring and Verifying Port Security
13.3 Configuring and Verifying DHCP Snooping
13.4 Configuring and Verifying Dynamic ARP Inspection
13.5 Exploring and Mitigating Common Layer 2 Threats
13.6 Understanding and Configuring BPDU Guard and Root Guard
13.7 Understanding and Configuring CDP/LLDP
13.8 Understanding the Control Plane, Data Plane, and Management Plane
13.9 Exploring How to Secure the Management Plane
13.10 Exploring How to Secure the Control Plane
13.11 Exploring How to Secure the Data Plane
Lesson 14: Software-Defined Networking Security and Programmability
Learning objectives
14.1 Introducing SDN
14.2 Explaining North Bound and South Bound APIs in the SDN Architecture
14.3 Introducing Cisco ACI
14.4 Introducing Cisco DNA and Cisco DNA Center
14.5 Understanding VXLAN and Network Overlays
14.6 Understanding Microsegmentation
14.7 Surveying Open Source SDN Solutions
14.8 Understanding the Threats Against SDN Solutions
14.9 Understanding the Security Benefits in SDN Solutions
14.10 Introducing Network Programmability
14.11 Exploring DevNet and DevNet Resources for Security Automation
14.12 Introducing APIs, NETCONF, RESTCONF, and YANG
14.13 A Brief Introduction to Git
14.14 Exploring pxGrid
14.15 Integrating and Automating Security Operations with Cisco Products
Module 4: Fundamentals of Ethical Hacking and Penetration Testing
Module introduction
Lesson 15: Overview of Ethical Hacking and Penetration Testing
Learning objectives
15.1 Introducing Ethical Hacking and Pen Testing
15.2 Exploring Penetration Testing Methodologies
15.3 Explaining the Importance of the Planning and Preparation Phase
15.4 Understanding the Legal Concepts of Penetration Testing
15.5 Learning How to Scope a Penetration Testing Engagement Properly
15.6 Learning the Key Aspects of Compliance-based Assessments
Lesson 16: Information Gathering and Passive Reconnaissance
Learning objectives
16.1 Introducing Footprinting Concepts and Methodologies
16.2 Performing Footprinting through Search Engines
16.3 Performing Footprinting through Web Services
16.4 Performing Footprinting through Social Networking Sites
16.5 Understanding Website Footprinting
16.6 Understanding Email Footprinting
16.7 Understanding Whois Footprinting
16.8 Understanding DNS Footprinting
16.9 Understanding Network Footprinting
16.10 Performing Footprinting through Social Engineering
16.11 Surveying Footprinting Tools
Lesson 17 Active Reconnaissance, Scanning, and Enumeration
Learning objectives
17.1 Surveying Network Scanning Concepts
17.2 Exploiting Scanning Tools
17.3 Understanding Host Discovery
17.4 Understanding Port and Service Discovery
17.5 Performing OS Discovery (Banner Grabbing/OS Fingerprinting)
17.6 Scanning Beyond IDS and Firewall
17.7 Creating Network Diagrams
17.8 Introducing Enumeration Techniques
17.9 Performing NetBIOS Enumeration
17.1 Performing SNMP Enumeration
17.11 Performing LDAP Enumeration
17.12 Performing NTP and NFS Enumeration
17.13 Performing SMTP and DNS Enumeration
17.14 Conducting Additional Enumeration Techniques
Lesson 18 Hacking Web Servers
Learning objectives
18.1 Introducing Web Server Concepts
18.2 Exploring Web Server Attacks and Methodologies
18.3 Surveying Web Server Attack Tools
18.4 Understanding Patch Management
18.5 Surveying Web Server Security Tools
Lesson 19 Hacking Web Applications
Learning objectives
19.1 Introducing Web Application Concepts
19.2 Understanding Web App Threats and Hacking Methodologies
19.3 Footprinting Web Infrastructures
19.4 Analyzing Web Applications
19.5 Introducing the OWASP Top 10
19.6 Attacking Authentication, Authorization, and Access Controls - Part 1
19.7 Attacking Authentication, Authorization, and Access Controls - Part 2
19.8 Performing Command Injection Attacks
19.9 Exploiting Directory/Path Traversal Vulnerabilities
19.1 Input Validation and Sanitation
19.11 Exploiting Cross-site Scripting (XSS) Vulnerabilities
19.12 Exploiting XML External Entities
19.13 Attacking Web Services, APIs, and Understanding Webhooks
Lesson 20: SQL Injection
Learning objectives
20.1 Introducing SQL Injection Concepts
20.2 Understanding the Types of SQL Injection
20.3 Exploring the SQL Injection Methodologies
20.4 Exploring SQL Injection Tools
20.5 Exploring Evasion Techniques
20.6 Understanding SQL Injection Countermeasures
Lesson 21: Fundamentals of Wireless Hacking
Learning objectives
21.1 Introducing Wireless Concepts
21.2 Understanding Wireless Encryption
21.3 Exploring Wireless Threats
21.4 Understanding Wireless Hacking Methodologies
21.5 Surveying Wireless Hacking Tools
21.6 Hacking Bluetooth
21.7 Introducing Wireless Countermeasures
Lesson 22 Wireless Client Attacks
Learning objectives
22.1 Understanding Wireless Client Attacks and Their Motives
22.2 Learning Packet Injection Attacks
22.3 Eavesdropping and Manipulating Unencrypted Wi-Fi Communications
22.4 Attacking Publicly Secure Packet Forwarding (PSPF)
22.5 Attacking the Preferred Network List (PNL)
Lesson 23: Building Your Lab and Attack Hardware
Learning objectives
23.1 Understanding Wireless Antennas
23.2 Surveying Wi-Fi Devices Like the Pinneaple
23.3 Building Your Own Lab
Lesson 24: Aircrack-ng
Learning objectives
24.1 Introducing the Aircrack-ng Suite
24.2 Introducing Airmon-ng
24.3 Understanding Airodump-ng
24.4 Introducing Aireplay-ng
24.5 Introducing Airdecap-ng
24.6 Introducing Airserv-ng
24.7 Introducing Airtun-ng
Lesson 25 Buffer Overflows
Learning objectives
25.1 Understanding Buffer Overflows
25.2 Exploiting Buffer Overflows
25.3 Overcoming Defenses for Buffer Overflow Vulnerabilities
25.4 Understanding Fuzzing
25.5 Creating a Fuzzing Strategy
25.6 Exploring Mutation-based, Generation-based, and Evolutionary Fuzzers
25.7 Surveying Tools to Find and Exploit Buffer Overflows
Lesson 26 Post-Exploitation Techniques
Learning objectives
26.1 Maintaining Persistence After Compromising a System
26.2 Understanding How to Perform Lateral Movement and Pivoting
26.3 Understanding How to Cover Your Tracks and Clean up Systems After a Penetration Testing Engagement
Lesson 27: Hacking User Credentials
Learning objectives
27.1 Understanding Authentication and Authorization Mechanisms
27.2 Understanding Authentication and Authorization Attacks
27.3 Exploring Password Storage Mechanisms
27.4 Understanding Password Storage Vulnerability
27.5 Cracking Passwords with John the Ripper
27.6 Cracking Passwords with hashcat
27.7 Improving Password Security
Lesson 28 Reporting and Communication
Learning objectives
28.1 Surveying Report Writing and Handling Best Practices
28.2 Recommending Mitigation Strategies for the Discovered Vulnerabilities
28.3 Explaining the Importance of Appropriate Communication
Module 5: Mobile Device Security
Module introduction
Lesson 29: Hacking Mobile Platforms
Learning objectives
29.1 Understanding Mobile Platform Attack Vectors
29.2 Hacking iOS
29.3 Hacking Android OS
29.4 Understanding Mobile Device Management
29.5 Surveying Mobile Security Guidelines and Tools
Lesson 30: Mobile Device Security
Learning objectives
30.1 Understanding OWASP Mobile Device Vulnerabilities
30.2 Wrestling with the BYOD Dilemma
30.3 Understanding Mobile Device Management (MDM)
30.4 Understanding Mobile Device Security Policies
Lesson 31: Fundamentals of Android Security
Learning objectives
31.1 Hacking Android Devices
31.2 Exploring Android Emulators and SDK
31.3 Understanding Android Hacking Tools and Methodologies
Lesson 32 Hacking iOS Devices
Learning objectives
32.1 Introducing iOS Security
32.2 Exploring Jailbraking iOS
32.3 Surveying Tools for Disassembling iOS Applications
Module 6: Internet of Things (IoT) Security
Module introduction
Lesson 33: Fundamentals of IoT Security
Learning objectives
33.1 Introducing IoT Concepts
33.2 Understanding IoT Attacks
33.3 Understanding IoT Hacking Methodologies
33.4 Surveying IoT Hacking Tools
33.5 Understanding IoT Countermeasures
33.6 Introducing OT Concepts
33.7 Performing OT Attacks
33.8 Understanding OT Hacking Methodologies
33.9 Surveying OT Hacking Tools
33.10 Understanding OT Countermeasures
Lesson 34 Hacking IoT Devices
Learning objectives
34.1 Surveying Tools for Dissasembling iOS Applications
34.2 Exploring ZigBee and IEEE 802.15.4
34.3 Exploring INSTEON
34.4 Exploring ZWave
34.5 Exploring LoRA
Lesson 35: Attacking Bluetooth
Learning objectives
35.1 Attacking Bluetooth
35.2 Surveying Tools for Bluetooth Monitoring
Lesson 36: Attacking NFC
Learning ojectives
36.1 Understanding NFC Vulnerabilities
36.2 Exploring NFC Attacks and Case Studies
Module 7: Cloud Security Fundamentals
Module introduction
Lesson 37: Understanding Cloud Security
Learning objectives
37.1 Introducing Cloud Computing Concepts
37.2 Exploring Container Technology
37.3 Understanding Serverless Computing
37.4 Surveying Cloud Computing Threats
37.5 Understanding Cloud Hacking and Cloud Security Implementations
37.6 Introducing the Different Cloud Deployment and Service Models
37.7 Surveying Patch Management in the Cloud
37.8 Performing Security Assessments in Cloud Environments
37.9 Introducing Agile, DevOps, and CI/CD Pipelines
37.10 Understanding Container Orchestration and an Introduction to Kubernetes
37.11 Exploring the Concepts of DevSecOps
Module 8: Social Engineering Fundamentals
Module introduction
Lesson 38 Understanding Social Engineering Countermeasures
Learning objectives
38.1 Introducing Social Engineering Concepts
38.2 Exploring Social Engineering Techniques
38.3 Understanding the Insider Threat
38.4 Impersonation on Social Networking Sites
38.5 Understanding Identity Theft
38.6 Understanding Social Engineering Countermeasures
Summary
The Complete Cybersecurity Bootcamp: Summary