Applied Ethical Hacking and Rules of Engagement

Applied Ethical Hacking and Rules of Engagement | Udemy
English | Size: 19.80 GB
Genre: eLearning

What you’ll learn
40h video Bootcamp, deep-diving into Ethical Hacking and Threat Hunting subjects
4 Courses in 1: #A) Ethical Hacking #B) Threat Hunting #C) Python Hacking Scripting #D) Linux Security Distros
+5h Live Hacking Sessions for Hack the Box CTF (Here you become a hacker)
+15 hours hands-on Ethical hacking incl. Reconnaissance, Exploitation, ٫Network Attacks, Social Engineering, and 5h WebAPP Pentesting
+5 hours Red Teaming, incl. Cobalt Strike Ops and Devs Active Directory Attacks and MITREATT&CK
+5 hours Threat Hunting using Elastic-Stack and Wazuh Manager
Cobalt Strike, Metasploit, Empire, Python, Kali Linux +200 other industry-proven cybersecurity tools
Deploy a complete SIEM with Elastic Stack & Wazuh Manager for real production
Master pentest standards and tools, hacking methods with their standards e.g. MITRE ATT&CK, OWASP, PTES
2 crash courses included: Python3 scripting and Kali Linux
How to perform Web App Attacks such as SQLi, XSS, IDOR, Webshell Upload, Code and Command Injection, and much more
Programming Corporate-Level SIEM Use-Cases & Their Common Mistakes
How to develop scripting Projects, geared towards IT Security
Breach secure systems using client-side & social engineering techniques and tools
How corporate-level IT security solutions are planned & developed
Develop and conduct Red Team engagement using open source and commercial frameworks
Create Malware with Python as well as Cobalt Strike Framework
Master OWASP Top 10 best practices and other security standards
Pentest on servers, web apps, appliances, corporate networks and Active Directory Forests
How to customize your malware agent and make it like windows legitimate traffic and binary
Master log aggregation basic concepts with hands-on practices
Perform various attack technics using automated as well as manual tools
Securely send social engineered & phishing emails disguised as any legitimate email address without authentication
How to perform network attacks and sniff sensitive data such as passwords
Elastic Stack: Elasticsearch, Kibana and Filebeat in action
Master intelligence gathering and reconnaissance using the latest techniques
How to map your targets and create network topologies of your targets
Linux command line (Kali Linux and Parrot OS Security)
How to do lateral movement on secure networks, do privilege escalation and become administrator of the environment
How to do attacks on active directory and get domain admin with different techniques
Advanced nmap techniques and NSE scripts
Master Metasploit framework as your arsenal of exploits

Here is an overview of the main content of the course:

Sections 1 to 3 are for introduction and preparation. Here you set up your offensive lab and will learn the basics of Linux to get prepared for the ethical hacking sections. You will also install Kali Linux and Microsoft Visual Studio Code as your main IDE (Integrated development environment). Then you move on to create your vulnerable labs such as dvwa, bwapp, webgoat, and so on. Also, you will do your first capture-the-flag (CTF) and create your HTB (HackTheBox dot com) account if you haven’t before.

You will start your professional white hat hacking training from sections 4 to 10. Here you will learn a broad range of hacking tools, attack vectors, technics, and procedures. They start from Reconnaissance, enumeration, vulnerability scanning to exploitation, post-exploitation, password cracking. You will continue with network attacks (wired and wireless), social engineering attacks, Web applications attacks (OWASP Top 10), and much more.

You’ll take your second crash course in Python in section 11. Here you learn Python geared towards IT Security and Hacking purposes.

Now you have earned all the requirements, a professional hacker needs in the pentesting battlefield. In section 12, you get to know the interesting world of CTFs (Capture the Flags), especially on HackTheBox dot com and will hack 8 machines:
3 Easy machines: BLUE, DEVEL, NETMON
4 Medium: SNIPER, MANGO, BLUNDER, POPCORN
1 Hard: CONTROL
By the end of this section, you are an ethical hacker who feels incredibly confident with penetration testing in different hacking scenarios.

Everything is standardized in modern times. Giving a break to practical hacking, in section 13 you will learn the must-know security standards such as MITRE, OWASP, PTES, OSSTMM and their terminologies as well as methodologies in the IT Security field.

We did everything up to here to be a great Red Teamer, here you learn how to use all that practical ethical hacking techniques along with MITRE ATT&CK Tactics, Techniques, and Procedures to conduct a comprehensive Red Teaming assessment on your customers. In section 14 you will learn how to work based on various MITRE TTPs with a powerful Red Teaming Framework. You will also learn how to customize your C2 to be like what you want and also learn how to do various operations with it.

More than half of today’s APTs (Advanced Persistent Threats) are experts on active directory attacks and you as an ethical hacker or Red Teamer should also know how to do that and report vulnerabilities to your customers. In section 15 you will learn how to configure AD, create a vulnerable AD lab and perform some of the most important attacks in this category. Having this category of attacks in a separated section is because of the importance and amount of common attacks by APTs on this module in the victim’s environment.

In section 16 we tried to cover every tactic, its corresponding technique, and also the procedures behind it standardized by MITRE ATT&CK all in one. We will study most of the operations done by threat actors and APTs. Their TTPs are covered line by line and in near future, with some updates, we are going to practice every technique after its explanations. Also, most of these TTPs are covered during the course without knowing what category of TTPs it is. It is really important to stick to MITRE ATT&CK and that’s why we put a small section on it.

Up to section 17, you finished your pythonic offensive security with all possible aspects. Now you are a professional and ethical hacker. From this section on, you start your defensive security journey, where the focus is mainly on defense against offensive technics and tactics you’ve learned up until here. In this section, you learn terminologies and methodologies such as “Defense in Depth” on the defensive side, where the SIEM tool is in the center of attention.

In section 18 you start building up your fully customized Linux-based and 100% open source SIEM tool using Elastic-Stack and Wazuh Manager (The Open Source Security Platform). In this section, you set up Wazuh Manager Server, Open Distro for Elasticsearch, Filebeat, and Kibana.

Then in section 19, you move on to endpoints such as Windows and Linux Servers, Windows 10, and Fortigate firewall appliance, to integrate these different log sources into your ELK-Stack SIEM server. Also, you will learn how you can roll out authenticated Wazuh agents on a network of Windows machines using Domain GPOs in an automated form.

Section 20 covers index management in Elasticsearch where the life cycle of the indexes will be managed. In this lecture, you will learn how to manage your accumulated alerts in your Elastic Stack to improve your server disks and storage.

In section 21 you will extend your configured SIEM with its capabilities such as File Integrity Monitoring (FIM), Linux Syscalls monitoring, Enterprise continuous vulnerability monitoring, CIS Hardening Benchmarks (SCA), Windows Defender, and Sysinternals Sysmon Eventchannel.

How one can create new alerts out of ingested logs in Wazuh Manager is the topic of section 22. In this section, you will learn how decoders and rules are constructed behind the scenes and how you can create your own custom decoders and rules for your own requirements.

And finally, you will finish this course with hunting IoCs (threat hunting) in your fully customized SIEM. In section 23, you will run some of the attacks you have learned during the course such as Mimikatz, HTA, Brute Force, etc. from your Cobalt Strike on your Parrot OS against your endpoints (Wazuh agents) and you will examine generated alerts for these specific security events.

Who this course is for:
Anyone who wants to start from scratch and seeks a great job offer in the future!
Pentesters who want to deepen their prior knowledge in IT Security
SecOps who want to write their own security tools in Python
IT security guys who want to apply for SOC jobs!
Passionate with hacking and want to do it ethically with a lot of fun

If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9

Leave a Comment Cancel reply