Getting Certified as an Ethical Hacker

Introduction to the module

Learning the security triad - confidentiality, integrity, availability.

This lecture covers the common network topologies you will find - star, bus, ring, and hybrid.

Overview of the OSI 7-layer model and the 4-layer TCP/IP architecture.

Understanding the different communications models and how the protocols work together is an important foundational concept to understand.

An overview of the Internet Protocol and the headers that make it work

An explanation about IP subnetting -- what it's for and how to use it.

IP addresses and subnets can be difficult to grasp so let's try to explain them in a different way.

When we eventually get around to actually using IPv6, this will be useful.

IPv6 is among us, though it's being used without most people being aware. It may be helpful to understand why IPv6 was created and how the changes affect anyone.

User Datagram Protocol, the unreliable protocol.

Transmission Control Protocol, a protocol you can rely on.

Different ways to design networks using some of the topologies we've discussed previously.

Because everyone has to connect to the network at some point, so why not Ethernet.

You're probably apt to use wireless at some point what with mobile devices being all the rage, so here's a little more detail on wireless networking.

It's not strictly a networking protocol, but it is a communications protocol so it's helpful to know something about how Bluetooth works.

In this video, we'll talk about different services commonly offered by cloud computing providers.

In most cases, you will have the same capabilities in a cloud environment as you have on-premise, but this is an overview of what you may expect.

An overview of the module and what will be covered.

A brief overview of cryptography, including some basic, non-technological forms of encryption.

Using a single key for both encryption and decryption is symmetric cryptography, so how does that work? 

The key is about the most important element in cryptography. Diffie-Hellman helps both parties to derive the same key without giving out any information that could be used by a third party to derive the key.

Asymmetric cryptography uses a public and a private key and can be used for more than just encryption and decryption of information.

Using a mix of both symmetric and asymmetric encryption techniques is most common. This video explains how that works and why we use both.

While certificate authorities usually generate certificates, you can self-sign your own. This is how and what having a certificate authority signing your certificate means.

Cryptographic hashes are used in encrypted communication for verification that no content was tampered with. They also have other uses. This video will cover some of those.

PGP also uses certificates, so why would you use PGP over a certificate authority? It's all about who you trust.

Introduction to the module

Having a testing methodology is important so tests are repeatable and results can be verified.

Using DNS and whois to gather intelligence about targets.

Open source recon with web sites.

Maltego is a program that can automatically gather intelligence from open sources and graph the information it obtains.

Using nmap to identify open ports and services.

Using nmap for service enumeration.

Nmap comes with a scripting engine and a lot of scripts that can be used for gathering information about services.

Using John the RIpper to crack passwords.

Using rainbow tables for password cracking, including the use of Ophcrack.

OpenVAS is a vulnerability scanner that is open source and freely available.

Nessus is a very popular vulnerability scanner that OpenVAS is based on. There is a free Essentials edition that can be used.

Once you have identified vulnerabilities, you should try to exploit them to validate that they aren't false positives. You will need to find exploit code available to do that.

Google Hacking is using keywords to narrow searches down.

Metasploit is an exploit framework that can be used to validate vulnerability findings.

Meterpreter is an OS-agnostic interface that can be used post-exploitation.

This covers what social engineering is and what makes it social engineering.

Social engineering attacks can be automated using a tool like SEToolkit

Introduction to this module

An explanation of a common web application architecture so you'll be able to understand what elements different attacks go after.

An explanation of SQL injection and how to implement those attacks.

An explanation of what an XML External Entity attack is and what it might look like.

An explanation of a cross site scripting attack and what it might look like in practice.

Using Burp Suite to automate some web application testing and vulnerability identification.

Using the ZED Attack Proxy to automate web application testing and vulnerability identification

Remediation of web application vulnerabilities

Introduction to this module

An overview of the types of malware that are commonly seen

There are different ways malware can infect a system. This module covers the different infection vectors.

Botnets are a common type of malware. This lecture covers uses and reasons of botnets.

Botnets require command and control infrastructure to function. This covers what that infrastructure would look like.

Anti-virus is a common protection against malware. This covers what that anti-virus is and how it works.

Static analysis is looking at details about the malware sample without running it. This can be done with a debugger.

File metadata can provide a lot of information and there are multiple tools that can be used to collect that information.

Virtual machines are an essential way to protect against infection from an assessment of malware samples.

Sandboxes can be used to assess malware in a safe manner.

Introduction to the module

Different types of languages -- compiled, interpreted and intermediate

When a program is executed, it becomes a process and there is a structured way it is loaded into memory.

Buffer overflows are a commonly exploited software vulnerability. This is about how a buffer overflow works.

Heap spraying is a technique that can be used to enable software exploits. This explains heap spraying attacks and the part of memory it targets.

There are ways to protect against common software attacks like buffer overflows. This explains what those techniques are.

Protecting against vulnerabilities starts with programming practices. This covers some of those practices.

Software development, when done well, is structured through methodologies, allowing for a repeatable process.

Threat modeling is an important part of software development that is often overlooked. This covers what threat modeling is.

Sometimes software needs to be protected from itself, or at least each other. There are ways to isolate software making it harder for attackers to do much even if they do exploit a vulnerability.

An introduction to this module

This video covers the terminology necessary to understand 802.11

Wi-Fi, especially WPA, uses a handshake to associate a station with an access point.

WEP was the original implementation of encryption over Wi-Fi links. While it has long been deprecated, it's not out of the realm of possibility that you'll run across it.

WPA has continued to improve as we learn more and also discover more vulnerabilities so this gives an overview of WPA encryption.

Deauthentication attacks are how attackers gain information about the encryption process, so understanding how and why they are used is important.

An introduction to the module

Any network design needs requirements -- define the problem before solving it.

Defense in depth is about implementing layers of complementary security controls

Defense in breadth adds more color to a defense in depth network design.

Visibility is essential and logging can provide visibility, as well as something to detect and alert on.

A SIEM is a place to aggregate all security knowledge, including logs and threat intel. It's becoming very commonplace to have.

Modern networks should be designed as a defensible network architecture, which provides the ability to respond to attacks.

We've been talking a lot about security controls but this consolidates some of that and makes sure you understand what a control is.

Intro to the module

A detailed explanation of risk and how it applies to information security

The difference between threats and vulnerabilities and how they apply to information security.

Information security policy should be the starting point of activities, architectures, deployments, etc. This is what an information security policy should include.

Once you have your policies in place, standards should be the next level.

Security operations is the implementation of all the policies, standards, procedures -- the first line of defense.