Updated August 2017 with FULL CLOSED CAPTIONING and the EternalBlue & WannaCry Ransomware Exploit Labs against Windows 7/Server 2008 victims!
** Dissect the Threat! Understand the Importance of Cyber Security **
Your networks are facing a constant barrage of attacks by malicious actors: hackers, hacktivists, script kiddies, advanced persistent threats, and even nation states are all searching for footholds into networks around the globe. System administrators have always been the first line of defense in system security, and in this global cyber war your role has become increasingly important to the security our networks. As the lynchpin to network defense, it is imperative that system administrators understand the vulnerabilities and methodology employed by malicious cyber actors in order to assist in stopping cyber attacks.
In “The Anatomy of a Cyber Attack”, you will learn to dissect the techniques used by hackers in their exploitation of a network. From open-source research and reconnaissance to the exploitation and covering of their tracks, you will learn hands-on techniques to probe your network for vulnerabilities and understand how they are exploited. Taught by an expert in cybersecurity, you will learn to think like a hacker in order to thwart their future attacks on your networks.
A truly eye-opening experience into the world of cybersecurity, “The Anatomy of a Cyber Attack” is essential to understanding the landscape of today’s cyber threats.
What You Will Receive In The Course:
What This Course Is NOT:
What Students Are Saying About This Course:
NOTE: This course is designed for all IT personnel and provides a great overview of the need for cyber security through hands-on examples of network and system exploitation. Beginners will be able to understand the concepts and enjoy the course, but may have some difficult in conducting the attacks themselves. A basic understanding of computers and computer networks is required to understand this course.
In this video, you will be introduced to your instructor, Jason Dion. We will discuss a quick overview of the course and the importance of cybersecurity in today's malicious cyber environment.
In this video, you will learn how to download and install VirtualBox in order to create a penetration testing lab. Also, you will understand why it is important to create our penetration testing lab in a safe, secluded virtual environment to ensure we don't run into trouble with the law.
This video shows students how to install Kali Linux in a virtual machine for use in our attack lab.
An important message from Jason on the course!
This video shows students how to install Windows in a virtual machine for use as a victim in our attack lab.
This video shows students how to install Metasploitable in a virtual machine for use as another
victim in our attack lab.
An assignment for you to take the time to build your Penetration Testing lab.
A discussion of the importance of Confidentiality, Integrity, and Availability in cyber security, and the tradeoff between operations and security, allowing a hacker to breach your networks and systems.
A look into the various types of hackers, crackers, and attackers in the hacking world, as well as the various tools and techniques that they utilize to accomplish their specific goals.
This quiz covers concepts from the CIA Triad and the Hackers, Crackers, and Attackers lessons.
A discussion of the Six Step Hacker's Methodology that will form the basis for our attacks throughout this course: (1) Performing Reconnaissance (2) Scanning and Enumeration (3) Gaining Access (4) Escalation of Privilege (5) Maintaining Access (6) Covering Tracks and Placing Backdoors.
This lecture provides a discussion of Ethical Hackers and how they have modified the Hacker's Methodology for their use in penetration testing. The discussion also provides the details of what to include in your "get out of jail free" letter as an ethical hacker.
Quiz covering the topics from The Hacker's Methodology and Ethical Hackers lectures.
This is a lengthy discussion of the Reconnaissance Phase, including the tool that are utilized during this phase of the cyber attack. This includes Creepy, Discover, Maltego, Central Ops, and more!
In this hands-on lab video, students will learn the how to use Creepy, an open-source, cross-platform Geolocation tool to create a "pattern of life" on a victim location or person. During this lab, students will be provided with a sample Twitter user (TitanCipher) to work against in their reconnaissance.
In this hands-on lab video, students will learn the how to perform OSINT (Open-Source Intelligence) using CentralOps, a web-based service that allows us to collect lots of information on our victim organization and networks. During this lab, students will explore the information found through this tool and how it relates to performing reconnaissance to aid in a future cyber attack.
In this lecture, you will learn various tools, techniques, and theory to consider when performing the scanning and enumeration phase of the hacker's methodology. Next, we will put this theory into practice in our lab environment.
This video lecture introduces students to the importance of the Scanning and Enumeration Phase, as well as the tool Zenmap that we use to perform our scans. Also, this video shows students how to configure their virtual network properly in order to conduct the rest of the labs during this course.
In this lab, we are going to use Zenmap and Nmap to scan the lab environment and find the open ports to conduct our enumeration on. Various scanning and enumeration techniques will be covered throughout this lesson.
In this lecture, you will learn the various methods used during the gaining access phase, including a brief discussion of shellcode, buffer overflows, and unpatched software vulnerabilities.
A brief introduction to the concept of Buffer Overflows, as well as a code review of a short program that we will create a buffer overflow in during our lab.
In this lab, we will create a buffer overflow to gain a Linux command shell by overflowing the buffer of a simple 20-line program. written in C.
An introduction to Bind and Reverser Shellcode, and its usage in gaining our foothold during the attack!
A breakdown of the MS08-067 Vulnerability and how we are going to exploit it in the lab environment using a reverse shell payload.
In this video lecture, students are shown just how easy it is to break into a Windows machine when you have done your Reconnaissance and Scanning/Enumeration Phases properly. Using the MS08-067 vulnerability, we will exploit a Windows workstation, gain system level rights, and prove that the attack was successful by leaving evidence of our successful penetration to a different user's desktop!
An overview of the Meterpreter payload that is provided in the Metasploit Framework, its functions, and usage. This lesson provides the basics upon which we will expound in our lab environment.
In this video lecture, students are introduced to Meterpreter and the powerful shell environment it provides us when we attack a system. Our target system for this exploitation will again be our Windows workstation, showing students the difference between the previous attack using the Reverse Shell and the new Meterpreter Shell inside Metasploit.
This lesson discusses the various tools used by attackers to crack passwords, gather SAM database hashes, and methods of circumventing password lockout security precautions.
In this lab, you will learn to do basic password cracking, migration between system processes and user process, and conduct keylogging of a victim machine in order to elevate your privileges on a given system.
In this lecture, you will learn more about the methods used to maintain access once you have gotten onto a victim system, including creating additional user accounts, stealing passwords, sniffing network traffic, installing keylogging, and more.
In this lab, you will learn how to maintain access on a victim machine by adding user accounts to the system, elevating them into the Administrators group, and manipulating the firewall to ensure you have continuous access to the victim in the future.
In this lecture, you will learn more about the methods used to cover your tracks maintain access once you have gotten onto a victim system. This includes modifying and deleting log entries, hiding files and folders, installing backdoors, opening firewall ports, setting up callbacks from the victim machine, and more.
In this lab, you will learn how to begin covering your tracks through the use of Alternate Data Streams on NTFS file systems (Windows targets) and installing backdoors through the scheduling features of Windows (the AT program).
A quick summary of our time together, what we learned during the course.
In this bonus lecture, you will learn the 3 keys to success in cyber security and hacking. Also, I will provide you information of more resources to further your hacking career and a DEEP DISCOUNT on my other courses!
A message of congratulations on completing the course, and where to go from here!
In this video, you receive a very broad overview of the course in a fun, visually appealing promotional "course teaser" video. This is the same video students watched prior to enrolling in the course. If you enjoyed the course, please download the video and share with your friends!
Jason Dion, CISSP No. 349867, is a Adjunct Instructor at Liberty University’s College of Engineering and Computational Science and Anne Arundel Community College’s Department of Computing Technologies with multiple information technology professional certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Network Defense Architect (CNDA), Digital Forensic Examiner (DFE), Digital Media Collector (DMC), Security+, Network+, A+, and Information Technology Infrastructure Library v3. With networking experience dating back to 1992, Jason has been a network engineer for the United States Navy Southern Command, served as the Deputy Director of the Theater Network Operations Center Middle East, and the Information Systems Officer for Navy Information Operations Command Maryland. He holds a Master’s of Science degree in Information Technology with a specialization in Information Assurance from University of Maryland University College, a Master’s of Arts and Religion in Pastoral Counseling, and a Bachelor’s of Science in Human Resources Management from New School University. He lives in the greater Washington D.C./Baltimore, Maryland area with his wife and two children.