[FORGOTTEN] CISCO DIVD Academy Ethical Hacker

Learn the art of offensive security to uncover cyber threats and vulnerabilities before the cybercriminals do.
SCHEDULE
Aug 27, 2023 - Aug 30, 2024
Languages
English
Instructor
Victor Gevers
https://skillsforall.com/launch?id=80c156bc-84a4-47c9-a233-5eafe7bdde82&tab=curriculum&view=a2f2eff1-791f-5595-8680-4a3b27778d2e

overview


i started ripping this course on August 30th of 2023 
so some things may be a bit different if you take the course
https://skillsforall.com/course/ethical-hacker?courseLang=en-US

arn the art of offensive security to uncover cyber threats and vulnerabilities before the cybercriminals do.
SCHEDULEL: Aug 27, 2023 - Aug 30, 2024
Language: English
Instructor: Victor Gevers
Estimated ammount of time required to complete: 70 Hours
difficulty: Intermediate
Number of labs: 34
pacing: Self-Paced


Instructor

  • Victor Gevers
    Victor Gevers

The digital landscape is evolving at an unprecedented rate and cyber threats lurk around every corner. Cybersecurity resilience in the modern world cannot be just an add on - it's a necessity. Offensive security professionals like ethical hackers and penetration testers can help proactively discover unknown threats and address them before the cybercriminals do.

This course is designed to prepare you with an Ethical Hacker skillset and give you a solid understanding of offensive security. You will become proficient in the art of scoping, executing, and reporting on vulnerability assessments, while recommending mitigation strategies. Follow an engaging gamified narrative throughout the course and get lots of practice with hands-on labs inspired by real-world scenarios.

After completing this course, continue your cybersecurity career in offensive security as an ethical hacker or penetration tester. Or use this course to strengthen your defensive security knowledge. By understanding the mindset of threat actors, you will be able to more effectively implement security controls and monitor, analyze, and respond to current security threats.

Prerequisites:
Junior Cybersecurity Analyst Career Path, or equivalent entry-level cybersecurity knowledge
Basic programming knowledge

what you will learn.
badge
Module 3: Information Gathering and Vulnerability Scanning
expand
badge
Module 5: Exploiting Wired and Wireless Networks
expand
badge
Module 6: Exploiting Application-Based Vulnerabilities
expand
expand
6.2. How to Build Your Own Web Application Lab
expand
6.3. Understanding Business Logic Flaws
expand
6.8. Understanding Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery Attacks
expand
6.9. Understanding Clickjacking
badge
Module 7: Cloud, Mobile, and IoT Security
expand
badge
Module 10: Tools and Code Analysis
expand
badge
Final Capstone Activity
expand
expand
Final Capstone Activity
badge
Ethical Hacker: Course Final Exam
expand
start
Course Final Exam
start
End of Course Survey

Resources


No data found
No Resources Found.

Welcome to the Ethical Hacker Course


i started ripping this course on August 30th of 2023 
so some things may be a bit different if you take the course
https://skillsforall.com/course/ethical-hacker?courseLang=en-US

Throughout the content of the course, you follow an engaging gamified narrative and get lots of practice with hands-on labs inspired by real-world scenarios. On this journey, you will be guided by your virtual mentor “Alex” at our fictional offensive security company, Protego Security Solutions. Within your role as a junior penetration tester at Protego, you will learn all the penetration testing phases of a client engagement. Pixel Paradise, a video game company, is the fictional company that will serve as your client during the course. 

Below are informational flyers for each fictional company.


Complete Your Employer: Protego Security Solutions

image.png

The digital landscape is evolving at an unprecedented rate and cyber threats lurk around every corner. Cybersecurity resilience in the modern world cannot be just an add on - it's a necessity.

Offensive security professionals like ethical hackers and penetration testers can help proactively discover unknown threats and address them before the cybercriminals do.

This course is designed to prepare you with an Ethical Hacker skillset and give you a solid understanding of offensive security. You will become proficient in the art of scoping, executing, and reporting on vulnerability assessments, while recommending mitigation strategies.

After completing this course, continue your cybersecurity career in offensive security (red team) as an ethical hacker or penetration tester. Or use this course to strengthen your defensive security (blue team) knowledge. By understanding the mindset of threat actors, you will be able to more effectively implement security controls and monitor, analyze, and respond to current security threats.

Module Title

Module Objective

Introduction to Ethical Hacking and Penetration Testing

Explain the importance of methodological ethical hacking and penetration testing.

Planning and Scoping a Penetration Testing Assessment   

Create penetration testing preliminary documents.

Information Gathering and Vulnerability Scanning

Perform information gathering and vulnerability scanning activities.

Social Engineering Attacks

Explain how social engineering attacks succeed.

Exploiting Wired and Wireless Networks   

Explain how to exploit wired and wireless network vulnerabilities.

Exploiting Application-Based Vulnerabilities

Explain how to exploit application-based vulnerabilities.

Cloud, Mobile, and IoT Security

Explain how to exploit cloud, mobile, and IoT security vulnerabilities.

Performing Post-Exploitation Techniques

Explain how to perform post-exploitation activities.

Reporting and Communication

Create a penetration testing report.

Tools and Code Analysis   

Classify pentesting tools by use case.

This is a multiple choice question. Once you have selected an option, select the submit button below

In this course, you will explore and apply various tools and techniques within a controlled, "sandboxed" Ethical Hacker Kali Linux virtual machine environment to simulate cyber-attacks and discover, assess, and exploit built-in vulnerabilities. It is crucial to acknowledge that the hands-on labs are meant solely for educational purposes, aiming to equip you with the skills to identify and safeguard against real-world threats. The vulnerabilities and weaknesses demonstrated here must be used responsibly and ethically, exclusively within this designated "sandboxed" environment.

Engaging with these tools, techniques, or resources beyond the provided "sandboxed" virtual environment or outside your authorized scope may lead to violations of local laws and regulations. We strongly emphasize the importance of seeking clarification from your administrator or instructor before attempting any experimentation.

It is imperative to comprehend that unauthorized access to data, computer systems, and networks is illegal in numerous jurisdictions, regardless of intentions or motivations. We emphasize the significance of using your newfound knowledge responsibly and ensuring compliance with all applicable laws and regulations.

By accepting this "Ethical Hacker Statement," you acknowledge the critical importance of utilizing the skills acquired in this course for ethical and lawful purposes only, and you commit to upholding the principles of responsible cybersecurity practices. Remember, with great power comes great responsibility.

Your Acknowledgment

Do you acknowledge and accept your responsibility, as the user of this course, to be cognizant of and compliant with local laws, regulations, and ethical use?


Yes, I accept my responsibility as specified in the Ethical Hacking Statement.

No, I do not accept my responsibility as specified in the Ethical Hacking Statement.

1.0.1-1.0.2 Why Should I Take This Module and what will i learn?


Protego Security Solutions Task

Welcome to Protego! My name is Alex. I will be your mentor for your first 90 days here. Our recruiter was very impressed with your enthusiasm and desire to enter the cybersecurity profession. 

We’ll be working together to get you ready for your role as an entry-level penetration tester. We’ll be talking about ways that you can prepare for participating in our customer engagements and I have a number of activities for you to complete that will quickly enhance your skills.

We will talk about some important big ideas in penetration testing and then get your practice lab environment up and running. 

I know you will enjoy working at Protego, and I look forward to working with you as you grow in your career with us.

Before we jump into how to perform penetration testing, you first need to understand some core concepts about the “art of hacking” that will help you understand the other concepts discussed throughout this course. For example, you need to understand the difference between ethical hacking and unethical hacking. The tools and techniques used in this field change rapidly, so understanding the most current threats and attacker motivations is also important. Some consider penetration testing an art; however, this art needs to start out with a methodology if it is to be effective. Furthermore, you need to spend some time understanding the different types of testing and the industry methods used. Finally, this is a hands-on concept, and you need to know how to get your hands dirty by properly building a lab environment for testing.




Module Title: Introduction to Ethical Hacking and Penetration Testing

Module Objective: Explain the importance of methodological ethical hacking and penetration testing.


Topic Title Topic Objective
Understanding Ethical Hacking and Penetration Testing Explain the importance of ethical hacking and penetration testing.
Exploring Penetration Testing Methodologies Explain different types of penetration testing methodologies and frameworks.
Building Your Own Lab Configure a virtual machine for your penetration testing learning experience.

1.1.1 Overview



Protego Security Solutions

Alex here! We will be meeting periodically over the next few weeks so you can get oriented to working at Protego and also build your skills and knowledge as we increase your involvement in our customer engagements. 

At the very heart of what we do is our purpose. You need to understand why we do what we do and who our enemies are. Once you have a strong foundation here, we can move on to understanding how we accomplish our purpose. 

As a refresher, the term ethical hacker describes a person who acts as an attacker and evaluates the security posture of a computer network for the purpose of minimizing risk. The NIST Computer Security Resource Center (CSRC) defines a hacker as an “unauthorized user who attempts to or gains access to an information system.” Now, we all know that the term hacker has been used in many different ways and has many different definitions. Most people in a computer technology field would consider themselves hackers based on the simple fact that they like to tinker. This is obviously not a malicious thing. So, the key factor here in defining ethical versus nonethical hacking is that the latter involves malicious intent. The permission to attack or permission to test is crucial and what will keep you out of trouble! This permission to attack is often referred to as “the scope” of the test (what you are allowed and not allowed to test). More on this later in this module.

A security researcher looking for vulnerabilities in products, applications, or web services is considered an ethical hacker if he or she responsibly discloses those vulnerabilities to the vendors or owners of the targeted research. However, the same type of “research” performed by someone who then uses the same vulnerability to gain unauthorized access to a target network/system would be considered a nonethical hacker. We could even go so far as to say that someone who finds a vulnerability and discloses it publicly without working with a vendor is considered a nonethical hacker – because this could lead to the compromise of networks/systems by others who use this information in a malicious way.

The truth is that as an ethical hacker, you use the same tools to find vulnerabilities and exploit targets as do nonethical hackers. However, as an ethical hacker, you would typically report your findings to the vendor or customer you are helping to make the network more secure. You would also try to avoid performing any tests or exploits that might be destructive in nature.

An ethical hacker’s goal is to analyze the security posture of a network’s or system’s infrastructure in an effort to identify and possibly exploit any security weaknesses found and then determine if a compromise is possible. This process is called security penetration testing or ethical hacking.



TIP Hacking is NOT a Crime ( hackingisnotacrime.org ) is a nonprofit organization that attempts to raise awareness about the pejorative use of the term hacker. Historically, hackers have been portrayed as evil or illegal. Luckily, a lot of people already know that hackers are curious individuals who want to understand how things work and how to make them more secure.


So, why do we need penetration testing? Well, first of all, as someone who is responsible for securing and defending a network/system, you want to find any possible paths of compromise before the bad guys do. For years we have developed and implemented many different defensive techniques (for instance, antivirus, firewalls, intrusion prevention systems [IPSs], anti-malware). We have deployed defense-in-depth as a method to secure and defend our networks. But how do we know if those defenses really work and whether they are enough to keep out the bad guys? How valuable is the data that we are protecting, and are we protecting the right things? These are some of the questions that should be answered by a penetration test. If you build a fence around your yard with the intent of keeping your dog from getting out, maybe it only needs to be 4 feet tall. However, if your concern is not the dog getting out but an intruder getting in, then you need a different fence – one that would need to be much taller than 4 feet. Depending on what you are protecting, you might also want razor wire on the top of the fence to deter the bad guys even more. When it comes to information security, we need to do the same type of assessments on our networks and systems. We need to determine what it is we are protecting and whether our defenses can hold up to the threats that are imposed on them. This is where penetration testing comes in. Simply implementing a firewall, an IPS, anti-malware, a VPN, a web application firewall (WAF), and other modern security defenses isn’t enough. You also need to test their validity. And you need to do this on a regular basis. As you know, networks and systems change constantly. This means the attack surface can change as well, and when it does, you need to consider reevaluating the security posture by way of a penetration test.

1.1.3 Lab - Researching PenTesting Careers


Protego Security Solutions

I think it is important for you to understand the employment landscape and the different roles and responsibilities that cybersecurity professions include. A good general reference to explore for descriptions of different job roles is The National Initiative for Cybersecurity Careers and Studies (NICCS) Cyber Career Pathways Tool. It offers a visual way to discover and compare different job roles in our profession.

In this activity, you discover and compare ethical hacking jobs that are listed on various job boards. Don’t worry, we are not trying to get rid of you! We just want you to understand where you fit in to the big picture in our profession. I think that you will find that we are treating you very well, and rest assured that you have a lot of room to grow with us.

In this lab, you will complete the following objectives:

  • Conduct a Penetration Tester Job Search
  • Analyze Penetration Tester Job Requirements
  • Discover Resources to Further Your Career


 email naruzkurai@gmail.com to link the html hosting sheet
This is a multiple choice question. Once you have selected an option, select the submit button below

the following three internet job boards allow filtering job postings by seniority or experience level.


glassdoor.com
indeed.com
linkedin.com jobs

At the time of this writing, monster.com did not have a filter for level of expertise or seniority in its job search results. but allows searching of weather or not you want to be at home part time etc.

Screenshot_20230830-145457_Chrome.jpg


1.1.4 Threat Actors

Before you can understand how an ethical hacker or penetration tester can mimic a threat actor (or malicious attacker), you need to understand the different types of threat actors. The following are the most common types of malicious attackers we see today. Select each for more information.


Organized Crime
Several years ago, the cybercrime industry took over the number-one spot, previously held by the drug trade, for the most profitable illegal industry. As you can imagine, it has attracted a new type of cybercriminal. Just as it did back in the days of Prohibition, organized crime goes where the money is. Organized crime consists of very well-funded and motivated groups that will typically use any and all of the latest attack techniques. Whether that is ransomware or data theft, if it can be monetized, organized crime will use it.

Hacktivists
This type of threat actor is not motivated by money. Hacktivists are looking to make a point or to further their beliefs, using cybercrime as their method of attack. These types of attacks are often carried out by stealing sensitive data and then revealing it to the public for the purpose of embarrassing or financially affecting a target.

State-Sponsored Attackers
Cyber war and cyber espionage are two terms that fit into this category. Many governments around the world today use cyber attacks to steal information from their opponents and cause disruption. Many believe that the next Pearl Harbor will occur in cyberspace. That’s one of the reasons the United States declared cyberspace to be one of the operational domains that U.S. forces would be trained to defend.

Insider Threats
An insider threat is a threat that comes from inside an organization. The motivations of these types of actors are normally different from those of many of the other common threat actors. Insider threats are often normal employees who are tricked into divulging sensitive information or mistakenly clicking on links that allow attackers to gain access to their computers. However, they could also be malicious insiders who are possibly motivated by revenge or money.