Ethical Hacking

 

Cybersecurity Demo

Ethical Hacking

StormWind’s Ethical Hacking online training course will immerse students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. Students will gain an understanding of how to leverage a multitude of tools at the disposal of today’s hackers. Ethical hackers use many of the same tools as malicious hackers including, footprinting, sniffing, trojans, and more! When a student completes this online training course they will have knowledge and experience working as penetration testers on their organization’s Red Team. Students completing all activities in this training will have the knowledge to pass the CEH exam (312-50).

Instructor:

Will Panek, CHFI, 5-time Microsoft MVP

Course Information

Skills Learned

The Ethical Hacking online training course covers:

  • Key issues plaguing the information security world, information security controls, penetration testing, and information security laws and standards
  • Different types of footprinting, footprinting tools, and countermeasures
  • Network scanning techniques and scanning countermeasures
  • Enumeration techniques and enumeration countermeasures
  • Different types of vulnerability assessment and vulnerability assessment tools
  • System hacking methodology
  • Different types of malware, malware analysis procedure, and malware countermeasures
  • Various packet sniffing techniques and sniffing countermeasures
  • Social engineering techniques, insider threats, identity theft, and countermeasures
  • DoS/DDoS attack techniques, botnets, DDoS attack tools, and DoS/DDoS countermeasures
  • Session hijacking techniques and countermeasures
  • Firewall, IDS, and honeypot evasion techniques, evasion tools, and countermeasures
  • Different types of web server and web application attacks, hacking methodology, and countermeasures
  • SQL injection attacks, evasion techniques, and SQL injection countermeasure
  • Different types of wireless encryption, wireless threats, wireless hacking methodology, wireless hacking tools, Wi-Fi security tools, and countermeasures
  • Mobile platform attack vector, andriod and iOS hacking, mobile device management, mobile security guidelines, and security tools
  • Different IoT attacks, IoT hacking methodology, IoT hacking tools, and countermeasures
  • Various cloud computing threats, attacks, and security techniques and tools
  • Different types of encryption algorithms, cryptography tools, Public Key Infrastructure (PKI), email encryption, disk encryption, cryptography attacks, and cryptanalysis tools

Who Should Attend This Course

Ethical Hacking will significantly benefit security officers, auditors, security professionals, site administrators, anyone who is concerned about the integrity of their network infrastructure, and those looking to become CEH (312-50) certified will be prepared by this class.

Prerequisites

A working knowledge of TCP/IP, a background in either security or information systems as well as at least a year of experience working with networking technologies is strongly recommended.

Course Outline

  • Introduction
    • Terms
    • Types of hackers
    • What is ethical hacking
  • Organization Infrastructure
    • Networks
    • DNS
    • DHCP
    • IDP
    • IPS
    • Traffic flow
    • Firewalls
    • Wireless
    • Operating Systems
    • Active Directory
    • Single Sign On
    • Radius
    • Tacacs+
  • Physical Security
    • Perimeter
  • Protocols
    • NTP
    • Secure shell
    • HTTP
  • Policies
    • Defense in Depth
    • CIA triad
    • AAA
    • Non-repudiation
  • Encryption
    • IPSEC
    • Keys
    • Steganography
    • Obfuscation
  • Risk management
    • Response
    • Assessment
    • Business impact analysis
    • Quantitative risk
  • Software development
    • N-tier application architecture
  • Attacking Step by step
    • Reconnaissance
    • Information gathering
    • Scanning and enumeration
    • Access
    • Escalation
    • Maintaining access
    • Covering your tracks
  • Threats
    • Getting by the IDS
    • Wireless attacks
    • Malware
    • Spam
    • Exploitable bugs
    • Encryption Attacks
    • Password cracking
    • Botnets and Zombies
    • OS vulnerabilities
    • Virtual vulnerabilities
    • Physical security exploits
    • Attacking organizational infrastructure
    • Exploiting web applications
    • Cross-site forgery
    • Insecure direct object reference
    • Code injection
    • Exploiting sql
    • Jailbreak exploits
    • Attacking software
  • Scanning
    • Port scanning
    • Logs
    • Ping scanning
    • TCP scanning
    • Banner grabbing
    • DNS cache snooping
    • Firewalking
  • Social Engineering
    • Overview
    • Phishing
    • Watering hole
  • Monitoring
    • Network monitoring
  • Protocol analyzers
  • Tools
    • Commands
    • NMAP
    • Metasploit
    • MSFencode
    • Meterpreter
    • Metagoofil
    • Nessus
    • Maltego
    • Cain & Abel
    • John the Ripper
    • Hashcat
    • Nikto
    • Google
    • Wifi Tools
    • Pentesting
    • Software testing
    • Detection Methods
    • Incident response

Hands-On Labs

Primary Labs

  • Performing a Check for Live Systems
  • Performing a Check for Open Ports
  • Implementing Scanning Techniques
  • OS Fingerprinting
  • Banner Grabbing
  • Performing Malware Attacks
  • Implementing Application-level Session Hijacking
  • Hacking Web Applications
  • Mapping Networks
  • Planting a Backdoor
  • Working with IPSec
  • Using Enumeration Tools
  • Implementing Application-level Session Hijacking
  • Performing Offline Attacks
  • Conduct Social Engineering Attack
  • Trojan Protection
  • Social Engineering Reconnaissance
  • Packet Sniffing
  • Vulnerability Scanner MBSA
  • Encryption and Hashing
  • Analyzing Captured Traffic
  • Configuring IDS and Honeypots
  • Resetting Windows Passwords
  • Cracking Kerberos

Supplemental Labs

  • Additional Scanning Options
  • Analyze SQL Injection Attack
  • Applying Filters to TCPDump and Wireshark
  • Auditing Service Accounts and Creation of Service Accounts To Run Specific Services
  • BitLocker Setup
  • Block Incoming Traffic on Known Port
  • Conduct Log Analysis and Cross Examination for False Positives
  • Identify and Remove Trojan Using Various Tools
  • Identifying System Vulnerabilities with OpenVAS
  • Installing Patches and Testing Software
  • Introduction To OWASP Top Ten: A1 – Injection
  • Introduction To OWASP Top Ten: A10 – Insufficient Logging and Monitoring
  • Introduction To OWASP Top Ten: A2 – Broken Authentication
  • Introduction To OWASP Top Ten: A3 – Sensitive Data Exposure
  • Introduction To OWASP Top Ten: A4 – XML External Entities
  • Introduction To OWASP Top Ten: A5 – Broken Access Control
  • Introduction To OWASP Top Ten: A6 – Security Misconfiguration
  • Introduction To OWASP Top Ten: A7 – Cross Site Scripting
  • Introduction To OWASP Top Ten: A8 – Insecure Deserialization
  • Introduction To OWASP Top Ten: A9 – Using Components With Known Vulnerabilities
  • Linux Users and Groups
  • Log Correlation
  • Log Correlation and Analysis
  • Log Event Reports
  • Microsoft Baseline Security Analyzer
  • Network Discovery
  • Network Topology Generation
  • Open Source Password Cracking
  • Phishing
  • Preliminary Scanning
  • Scanning and Mapping Networks
  • Scanning From Windows
  • Securing Linux for System Administrators
  • TCPDump
  • Vulnerability Scan Analysis
  • Vulnerability Scanner Set-up and Configuration
  • Vulnerability Scanner Set-up and Configuration, Pt. 2
  • Wireshark

CLASS START DATES


March 23, 2020
12:00 pm – 3:00 pm ET


June 29, 2020
12:00 pm – 3:00 pm ET

Are you a student and need support?

Don’t see the class you’re looking for?

Get a demo or pricing!

Call (800) 850-9932 or submit this form to get pricing for you or your team.

We absolutely love being able to tailor the StormWind training experience to you and your goals. Simply provide us with a little bit of upfront info and we’ll get to work on customizing learning packages for you—at a price you just can’t resist.