[FORGOTTEN] CISCO DIVD Academy Ethical Hacker
Learn the art of offensive security to uncover cyber threats and vulnerabilities before the cybercriminals do.
SCHEDULE
Aug 27, 2023 - Aug 30, 2024
Languages
English
Instructor
Victor Gevers
https://skillsforall.com/launch?id=80c156bc-84a4-47c9-a233-5eafe7bdde82&tab=curriculum&view=a2f2eff1-791f-5595-8680-4a3b27778d2e
- overview
- Welcome to the Ethical Hacker Course
- 1.0.1-1.0.2 Why Should I Take This Module and what will i learn?
- 1.1.1 Overview
- 1.1.3 Lab - Researching PenTesting Careers
- 1.1.4 Threat Actors
overview
i started ripping this course on August 30th of 2023
Instructor
-
Victor Gevers
The digital landscape is evolving at an unprecedented rate and cyber threats lurk around every corner. Cybersecurity resilience in the modern world cannot be just an add on - it's a necessity. Offensive security professionals like ethical hackers and penetration testers can help proactively discover unknown threats and address them before the cybercriminals do.
This course is designed to prepare you with an Ethical Hacker skillset and give you a solid understanding of offensive security. You will become proficient in the art of scoping, executing, and reporting on vulnerability assessments, while recommending mitigation strategies. Follow an engaging gamified narrative throughout the course and get lots of practice with hands-on labs inspired by real-world scenarios.
After completing this course, continue your cybersecurity career in offensive security as an ethical hacker or penetration tester. Or use this course to strengthen your defensive security knowledge. By understanding the mindset of threat actors, you will be able to more effectively implement security controls and monitor, analyze, and respond to current security threats.
Prerequisites:
Junior Cybersecurity Analyst Career Path, or equivalent entry-level cybersecurity knowledge
Basic programming knowledge











Resources
Welcome to the Ethical Hacker Course
i started ripping this course on August 30th of 2023
Throughout the content of the course, you follow an engaging gamified narrative and get lots of practice with hands-on labs inspired by real-world scenarios. On this journey, you will be guided by your virtual mentor “Alex” at our fictional offensive security company, Protego Security Solutions. Within your role as a junior penetration tester at Protego, you will learn all the penetration testing phases of a client engagement. Pixel Paradise, a video game company, is the fictional company that will serve as your client during the course.
Below are informational flyers for each fictional company.
The digital landscape is evolving at an unprecedented rate and cyber threats lurk around every corner. Cybersecurity resilience in the modern world cannot be just an add on - it's a necessity.
Offensive security professionals like ethical hackers and penetration testers can help proactively discover unknown threats and address them before the cybercriminals do.
This course is designed to prepare you with an Ethical Hacker skillset and give you a solid understanding of offensive security. You will become proficient in the art of scoping, executing, and reporting on vulnerability assessments, while recommending mitigation strategies.
After completing this course, continue your cybersecurity career in offensive security (red team) as an ethical hacker or penetration tester. Or use this course to strengthen your defensive security (blue team) knowledge. By understanding the mindset of threat actors, you will be able to more effectively implement security controls and monitor, analyze, and respond to current security threats.
Module Title |
Module Objective |
---|---|
Introduction to Ethical Hacking and Penetration Testing |
Explain the importance of methodological ethical hacking and penetration testing. |
Planning and Scoping a Penetration Testing Assessment |
Create penetration testing preliminary documents. |
Information Gathering and Vulnerability Scanning |
Perform information gathering and vulnerability scanning activities. |
Social Engineering Attacks |
Explain how social engineering attacks succeed. |
Exploiting Wired and Wireless Networks |
Explain how to exploit wired and wireless network vulnerabilities. |
Exploiting Application-Based Vulnerabilities |
Explain how to exploit application-based vulnerabilities. |
Cloud, Mobile, and IoT Security |
Explain how to exploit cloud, mobile, and IoT security vulnerabilities. |
Performing Post-Exploitation Techniques |
Explain how to perform post-exploitation activities. |
Reporting and Communication |
Create a penetration testing report. |
Tools and Code Analysis |
Classify pentesting tools by use case. |
In this course, you will explore and apply various tools and techniques within a controlled, "sandboxed" Ethical Hacker Kali Linux virtual machine environment to simulate cyber-attacks and discover, assess, and exploit built-in vulnerabilities. It is crucial to acknowledge that the hands-on labs are meant solely for educational purposes, aiming to equip you with the skills to identify and safeguard against real-world threats. The vulnerabilities and weaknesses demonstrated here must be used responsibly and ethically, exclusively within this designated "sandboxed" environment.
Engaging with these tools, techniques, or resources beyond the provided "sandboxed" virtual environment or outside your authorized scope may lead to violations of local laws and regulations. We strongly emphasize the importance of seeking clarification from your administrator or instructor before attempting any experimentation.
It is imperative to comprehend that unauthorized access to data, computer systems, and networks is illegal in numerous jurisdictions, regardless of intentions or motivations. We emphasize the significance of using your newfound knowledge responsibly and ensuring compliance with all applicable laws and regulations.
By accepting this "Ethical Hacker Statement," you acknowledge the critical importance of utilizing the skills acquired in this course for ethical and lawful purposes only, and you commit to upholding the principles of responsible cybersecurity practices. Remember, with great power comes great responsibility.
Your Acknowledgment
Do you acknowledge and accept your responsibility, as the user of this course, to be cognizant of and compliant with local laws, regulations, and ethical use?
1.0.1-1.0.2 Why Should I Take This Module and what will i learn?
1.0.1 Why Should I Take This Module?
Protego Security Solutions Task
Welcome to Protego! My name is Alex. I will be your mentor for your first 90 days here. Our recruiter was very impressed with your enthusiasm and desire to enter the cybersecurity profession.
We’ll be working together to get you ready for your role as an entry-level penetration tester. We’ll be talking about ways that you can prepare for participating in our customer engagements and I have a number of activities for you to complete that will quickly enhance your skills.
We will talk about some important big ideas in penetration testing and then get your practice lab environment up and running.
I know you will enjoy working at Protego, and I look forward to working with you as you grow in your career with us.
Before we jump into how to perform penetration testing, you first need to understand some core concepts about the “art of hacking” that will help you understand the other concepts discussed throughout this course. For example, you need to understand the difference between ethical hacking and unethical hacking. The tools and techniques used in this field change rapidly, so understanding the most current threats and attacker motivations is also important. Some consider penetration testing an art; however, this art needs to start out with a methodology if it is to be effective. Furthermore, you need to spend some time understanding the different types of testing and the industry methods used. Finally, this is a hands-on concept, and you need to know how to get your hands dirty by properly building a lab environment for testing.
1.0.2 What Will I Learn in This Module?
Module Title: Introduction to Ethical Hacking and Penetration Testing
Module Objective: Explain the importance of methodological ethical hacking and penetration testing.
1.1.1 Overview
Protego Security Solutions
Alex here! We will be meeting periodically over the next few weeks so you can get oriented to working at Protego and also build your skills and knowledge as we increase your involvement in our customer engagements.
At the very heart of what we do is our purpose. You need to understand why we do what we do and who our enemies are. Once you have a strong foundation here, we can move on to understanding how we accomplish our purpose.
As a refresher, the term ethical hacker describes a person who acts as an attacker and evaluates the security posture of a computer network for the purpose of minimizing risk. The NIST Computer Security Resource Center (CSRC) defines a hacker as an “unauthorized user who attempts to or gains access to an information system.” Now, we all know that the term hacker has been used in many different ways and has many different definitions. Most people in a computer technology field would consider themselves hackers based on the simple fact that they like to tinker. This is obviously not a malicious thing. So, the key factor here in defining ethical versus nonethical hacking is that the latter involves malicious intent. The permission to attack or permission to test is crucial and what will keep you out of trouble! This permission to attack is often referred to as “the scope” of the test (what you are allowed and not allowed to test). More on this later in this module.
A security researcher looking for vulnerabilities in products, applications, or web services is considered an ethical hacker if he or she responsibly discloses those vulnerabilities to the vendors or owners of the targeted research. However, the same type of “research” performed by someone who then uses the same vulnerability to gain unauthorized access to a target network/system would be considered a nonethical hacker. We could even go so far as to say that someone who finds a vulnerability and discloses it publicly without working with a vendor is considered a nonethical hacker – because this could lead to the compromise of networks/systems by others who use this information in a malicious way.
The truth is that as an ethical hacker, you use the same tools to find vulnerabilities and exploit targets as do nonethical hackers. However, as an ethical hacker, you would typically report your findings to the vendor or customer you are helping to make the network more secure. You would also try to avoid performing any tests or exploits that might be destructive in nature.
An ethical hacker’s goal is to analyze the security posture of a network’s or system’s infrastructure in an effort to identify and possibly exploit any security weaknesses found and then determine if a compromise is possible. This process is called security penetration testing or ethical hacking.
TIP Hacking is NOT a Crime ( hackingisnotacrime.org ) is a nonprofit organization that attempts to raise awareness about the pejorative use of the term hacker. Historically, hackers have been portrayed as evil or illegal. Luckily, a lot of people already know that hackers are curious individuals who want to understand how things work and how to make them more secure.
So, why do we need penetration testing? Well, first of all, as someone who is responsible for securing and defending a network/system, you want to find any possible paths of compromise before the bad guys do. For years we have developed and implemented many different defensive techniques (for instance, antivirus, firewalls, intrusion prevention systems [IPSs], anti-malware). We have deployed defense-in-depth as a method to secure and defend our networks. But how do we know if those defenses really work and whether they are enough to keep out the bad guys? How valuable is the data that we are protecting, and are we protecting the right things? These are some of the questions that should be answered by a penetration test. If you build a fence around your yard with the intent of keeping your dog from getting out, maybe it only needs to be 4 feet tall. However, if your concern is not the dog getting out but an intruder getting in, then you need a different fence – one that would need to be much taller than 4 feet. Depending on what you are protecting, you might also want razor wire on the top of the fence to deter the bad guys even more. When it comes to information security, we need to do the same type of assessments on our networks and systems. We need to determine what it is we are protecting and whether our defenses can hold up to the threats that are imposed on them. This is where penetration testing comes in. Simply implementing a firewall, an IPS, anti-malware, a VPN, a web application firewall (WAF), and other modern security defenses isn’t enough. You also need to test their validity. And you need to do this on a regular basis. As you know, networks and systems change constantly. This means the attack surface can change as well, and when it does, you need to consider reevaluating the security posture by way of a penetration test.
1.1.3 Lab - Researching PenTesting Careers
Protego Security Solutions
I think it is important for you to understand the employment landscape and the different roles and responsibilities that cybersecurity professions include. A good general reference to explore for descriptions of different job roles is The National Initiative for Cybersecurity Careers and Studies (NICCS) Cyber Career Pathways Tool. It offers a visual way to discover and compare different job roles in our profession.
In this activity, you discover and compare ethical hacking jobs that are listed on various job boards. Don’t worry, we are not trying to get rid of you! We just want you to understand where you fit in to the big picture in our profession. I think that you will find that we are treating you very well, and rest assured that you have a lot of room to grow with us.
In this lab, you will complete the following objectives:
the following three internet job boards allow filtering job postings by seniority or experience level.
1.1.4 Threat Actors
Before you can understand how an ethical hacker or penetration tester can mimic a threat actor (or malicious attacker), you need to understand the different types of threat actors. The following are the most common types of malicious attackers we see today. Select each for more information.