Name: Cybersecurity: Attack & Defense Strategies (Red & Blue Team)
Rating: 4.0 (115 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created byPackt Publishing

Last updated 2/2019

English

What you'll learn

How different types of cyberattacks are executed and how to provide vulnerability assessment
Explore the technology of cyber espionage and quickly discover upcoming cyber attacks
How to use Kali Linux, Metasploit, Owasp ZAP, Burp Suite, Maltego, and a lot of other first-class tools for ethical hacking
Know how email and social media accounts can be hacked
How SQL injection and XSS play a vital role in the modern cybersecurity field and why they’re so dangerous
Perform penetration testing with Python
Make use of IDS/IPS and learn how they help you keep hackers away or catch them
Detect why antivirus software is not enough and how to defend your endpoint machines totally

Course content

2 sections • 64 lectures • 6h 44m total length

The Course Overview6:41
This video provides an overview of the entire course.
What is Kali Linux and Why We Should Use it3:29
In this video, we are going to know what Kali Linux is and why using it is the best and fastest way to become a cybersecurity pro.
• Know the reasons of popularity of Kali Linux among penetration testers
• Look inside Kali Linux
• Discover diversity of applications for cyberattacks modeling included in Kali Linux
Installing Kali Linux on Virtual Machine6:19
In this video, we are going to install Kali Linux as virtual machine and run it for the first time.
• Download and install VMware workstation player
• Choose and download correct Kali Linux ISO image
• Install Kali Linux on VMware player and run it
Getting Acquainted with Kali Linux Easy Way9:08
In this video, we are going to know nuts and bolts of Kali Linux interface and how to run it for easy use.
• Discover how Kali Linux works and upgrade it to the freshest version
• Look at Kali tools for penetration testing in more details
• Understand how to tune up Kali Linux on your own choice
Getting Acquainted with Terminal Commands7:52
In this video, we are going to learn how to use Kali terminal and its commands necessary to know for this course.
• Have a look at terminal and how it functions
• Find out a bunch of terminal commands and useful cheats
• Know how to run, install, and delete programs with terminal commands
Tune Up Python3:57
In this video, we are going to tune up Python correctly for the course purposes.
• Run Python console in our Kali terminal
• Puzzle out with Python versions
• Install pip and Scapy tools
Installing Metasploitable 2 on Virtual Machine7:39
In this video, we are going to install Metasploitable 2 as our main target virtual machine and get acquainted with its applications. Also we will install Windows 7 as the secondary target virtual machine.
• Download, install, and run Metasploitable 2 on VMware workstation player
• Browse inside Metasploitable 2 and its vulnerable applications
• Download and install Windows 7 on VMware player check our lab
Network Attack Vectors2:59
In this video, we will consider the variety of ways a network can be attacked and categorize them.
• Know about three vectors of network attack
• Find out how a hackers can detect vulnerabilities in your network
• Discover what a hacker can do if he penetrates into your network
Hidden Scanning Ports with Nmap8:52
In this video, we will learn how to scan a target with Nmap for finding open ports and fingerprinting.
• Know how Nmap can be used for hacking purposes
• Get to know with powerful Nmap options and commands
• Find out how to be hidden while scanning a network
Scanning the Network with OpenVas7:39
In this video, we will know how to find vulnerabilities in a network with an OpenVas scanner.
• Install OpenVas on Kali Linux correctly
• Find out how to tune up OpenVaS for effective scanning
• Run a scan of our target machine with OpenVas
Intercepting Traffic with Wireshark5:29
In this video, we will discover how to use Wireshark for sniffing a network to intercept user’s data.
• Get acquainted with Wireshark
• Run interception the traffic with Wireshark
• Find out how a hacker can sniff your credentials
Types of man-in-the-middle Attack5:19
In this video, we will know about what is man-in-the-middle attack and what harm can be done with it.
• Know about basics of MITM attack: How it functions
• Learn different types of the MITM attack
• Execute MITM attack against our training network with Bettercap
Taking Control Over Target Browser with BeEf11:08
In this video, we will learn about variety of dangerous browser attacks with BeEf framework.
• Get to know with BeEf – browser exploitation framework
• Find out how your browser can be turned into zombie
• Execute a few powerful browser attacks
Creating Reverse Shell with Metasploit9:29
In this video, we will discover how to set a reverse on target computer using Metasploit framework.
• What is reverse shell and why to use it
• Get to know with Metasploit framework
• Run reverse shell exploit on our Metasploitable 2 machine
Leaving a Backdoor in the Target Machine4:37
In this video, we will find out what is persistent backdoor and how it can be installed on target machine.
• What is backdoor and why hackers use it maliciously
• Get to know with Netcat application
• Create our own backdoor on our target machine
Advanced-Level Hacking - Scanning Hosts with Python Script6:17
In this video, we will consider using Python language in cybersecurity field and create flexible Portscanner with Python script.
• Why you need Python for solving cybersecurity issues
• Run Python script to scan our target host
• Modify Python script for even more precise scanning
Exploring Target with Browser6:07
In this video, we discover how to find vulnerabilities in a web-application using a browser only.
• Look for logins and passwords in a page code
• Get technology details with Wappalyzer
• Look inside hidden files to get secrets
Scanning Web-Application with OWASP ZAP5:30
In this video, we get to know OWASP ZAP scanner and learn to find vulnerabilities with automated scanning.
• Run and tune up OWASP ZAP
• Scan our target machine with OWASP ZAP
• Analyze the scanning resultsy
Breaking Database with SQL Injection3:01
In this video, we learn SQL injection attack and its purposes.
• What is SQL injection attack
• What harm a malicious hacker can bring with SQL injection
• How to learn SQL injection in depth
Manual Testing for SQL Injection8:10
In this video, we discover how to test a web-application for SQL injection vulnerability.
• Set Mutillidae app correctly for SQL injection vulnerability testing
• Find out the easiest way to test a web application for SQL injection
• Get to know few powerful SQL injection commands
Executing SQL Injection with SQLmap5:20
In this video, we learn to exploit SQL injection to extract credentials from database with SQLmap.
• Get acquainted with SQLmap
• Test for vulnerability with SQLmap
• Extract logins and passwords from the target database
Proxy Attack with Burp Suite8:08
In this video, we learn how to execute proxy attack using Burp Suite.
• Get acquainted with Burp Suite
• Set up Burp Suite as proxy for our browser
• Intercept and manipulate traffic with Burp Suite
Executing a Session Hijacking6:04
In this video, we get to know with session hijacking attack and demonstrate how cookies can be stolen.
• What is session hijacking and why it is so dangerous
• Most popular ways of session hijacking implementation
• Demonstrate session hijacking with Burp Suite
Infecting Website with Stored XSS6:12
In this video, we will learn Cross Site Scripting and execute stored XSS attack.
• Learn what is Cross Site Scripting (XSS) attack
• Understand why stored XSS is so dangerous and popular
• Practical demonstration of stored XSS cyberattack
Executing Reflected XSS4:26
In this video, we discover details about another type of XSS attack – reflected XSS and how it’s executed.
• What is reflected XSS in details
• How it differs from stored XSS
• Demonstrate session hijacking with reflected XSS
Using Python Script to Find Vulnerabilities4:54
In this video, we will learn why and when using Python scripts is useful. In addition, we create and run Python script for XSS testing.
• Consider Python scripts vs testing tools
• Create Python script for XSS vulnerability scanning
• Scan of our target machine with Python script
Social Engineering Techniques3:37
In this video, we will learn about social engineering and become aware why attacking humans often more effective than attacking computers.
• Explore social engineering attack
• Understand computer-based model of human influence
• Find out techniques cybercriminals use to inject psychological viruses
Making a Phishing Email with SET6:11
In this video, we will get acquainted with Social Engineering Toolkit and get hands-on experience of making a phishing email
• Discover and explore Social Engineering Toolkit (SET)
• Create text for phishing e-mail
• Make our phishing e-mail ready
Creating a Malicious File with SET5:12
In this video, we will learn to make a malicious payload for a phishing email.
• Explore SET options for creation payloads
• Choose right payload for our target
• Add the payload to our phishing email
Creating and Delivering Malicious USB Card3:53
In this video, we will know how malicious USB is created.
• Get knowledge about malicious USB attack
• Create a malicious USB
• Get ways to deliver a malicious USB
Learning Spear-Phishing Methods for VIP5:38
In this video, we will learn about whaling kind of cyberattack targeted at VIP and techniques using in spear-phishing attacks.
• Understand whaling attack
• Discover how cybercriminals find their targets
• Consider how whaling attacks are prepared and executed
Gathering Emails and Phone Numbers with Maltego6:31
In this video we will get to know with Maltego framework and find out how to extract e-mails and phone numbers from the Internet assets
• Find out how Maltego can be used for a social engineering attack
• Discover how to extract target e-mails address with Maltego
• Discover how to get a target phone number with Maltego
Looking for Secrets in Social Media with Online Tools6:16
In this video, we get to know with session hijacking attack and demonstrate how cookies can be stolen.In this video, we will learn OSINT (Open Source Intelligence) techniques to extract information from social media.
• Get to know with OSINT on-line tools that make social networks talk
• Get hands-on experience with extracting information from Facebook
• Understand how cybercriminals can use your social network profile information
Playing on Human Emotions and Weaknesses to Get the Information5:46
In this video, we will learn why and how cybercriminals use psychological manipulation techniques to influence their victims.
• Understand how a malicious hacker can use your emotions to manipulate you
• Find out how to use OSINT results in a phishing letter
• Explore language manipulative tricks in the specific phishing e-mail
How to Hack Without Getting in Touch with a Target7:21
In this video, we will learn a few hacking techniques that don’t require neither special tools nor direct contact with a target.
• To get acquainted with non-contact cyberattack techniques
• Get to know with “dark Google” -- SHODAN search engine
• Find out how to discover information about a website with SHODAN add-on
Cybersecurity Attacks (Red Team Activity)

The Course Overview6:08
This video will give you an overview about the course.
Understanding Firewalls and Tuning Them Up7:20
Learn how firewalls can protect you and how to tune them up for this purpose.
Understand the true mission of firewalls
Discover how firewalls really function and manage traffic data
Understand firewall rules and how to create them
How to Work with IDS/IPS6:01
IDS/IPS are extremely powerful tools to monitor and detect the signs of many types of cyberattacks. In this video, learn how exactly they help to protect your network or host and why they should be used along with firewalls
Understand how IPS/IDS analyze traffic to discover an attack
Explore the difference between IDS and IPS and which one is better to use
Get started with SNORT - an open source IPS capable of real-time traffic analysis
Securing Your Wi-Fi Network6:35
Wi-Fi networks are one the favorite targets of cybercriminals, and in this video you will know why. We’ll discuss all threatening consequences of a WLAN hacking and three easy steps to create a bulletproof protection for your network.
Discover how malicious hackers can utilize your hacked Wi-Fi network
Learn to change passwords and security key
Set right encryption and kill WPS
Ferreting out a Hacker by IP6:07
Everyone leaves traces in the cyberspace. In this video, you’ll learn how to fight back if you have an attacker’s IP.
Collect evidence and identify the attackers network
Get help from the network owner and ISP
Report the incident to the law enforcement
Analyzing Traffic Wireshark to catch a spy6:15
Man-in-the middle attack is very common and dangerous because the attacker can covertly intercept and manipulate all the data you transfer. In this video, you’ll understand how to discover and fight back such attack.
Learn Ettercap E a powerful tool for imitating a MITM attack
Run the attack with Ettercap
Discover the attack with Wireshark
The Fastest Way to Detect ARP Poisoning Attack5:26
ARP Poisoning is the most widespread type of MITM attack. In this video, you’ll find out how to constantly monitor your network and discover this attack in seconds starting from the moment it begins.
Understand and demonstrate ARP Poisoning attack
Install Xarp E the tool for monitoring your network
Conduct ARP Poisoning and discover it with Xarp
Spying a spy: how to monitor a hostile activity9:14
Discover how to not only detect a cybercriminal activity in your network but also how to counterspy him with legal tools.
Detect a spy in your network
Monitor and analyze the spy activity
Detect and cut the suspicious connections
Unmask enemy agents: three ways to detect malware12:12
Malware is the main weapon of destruction in cybercriminals hands, so you need to know it well. In this video, you’ll learn different types of malware targeted at you and various ways to detect and neutralize them.
Check for a suspicious file properties
Upload and check the file with Virus Total service
Conduct deep analysis of the suspicious file with an online sandbox
How to Outfox Ransomware8:31
Ransomware is widespread devastating malware able to rob all your files, block access to your data and computer. Many people fell prey of it every day. In this video, we’ll learn how it can be delivered to your machine and how you can prevent it.
Understand what ransomware is and how it functions
Find out how you can be attacked with ransomware
Learn three main ways to protect from ransomware
Advanced-level Techniques: What to Do If Hackers Already in Your Network5:59
In this video, you’ll know what to do if your assets went under cyberattack. Such situation is extremely stressful, so you must prepare. Here, we’ll create an action plan to fight back.
Understand what is the first thing to do after detecting the attack
Create risk assessment and prepare action plan
Evaluate the situation and urgent steps to take
Brute-Forcing Website Passwords with OWASP ZAP10:47
Password is a magic key to taking control over a website. In this video, you’ll see the detailed explanation and demo on how attackers can extract the password for your website by brute force attack.
Understand basics of brute force attack
Run the brute forcing attack with OWASP ZAP scanner
Analyze the results to extract the password
How to Create a Bulletproof Password in a Second6:27
For security reasons, password must be long and complicated. But such passwords are too hard to remember and use. Is there a way to solve this problem? In this video, you’ll get the answer and know how to create a secure password in seconds.
Understand the difference between a secure and unsecure password
Create strong and easy-to-remember password
Install LastPass Password Messenger and tune up its features correctly
Testing a Website for SQL Injection with Burp Suite7:37
Find out ways to test your website for vulnerability to SQL injection.
Understand SQL injection attack
Set up Burp Suite as attacking machine and DWVA as a victim machine
Scan the victim machine to find SQL-injection vulnerability
Testing a Website for XSS Vulnerability8:03
XSS is another most widespread and dangerous type of malicious injection. In this video, you’ll find out how to test your website for XSS vulnerability.
Understand XSS attack
Set up Burp Suite as attacking machine and DWVA as a victim machine
Scan the victim machine to spot XSS vulnerability
Building Fortifications – Input Validation and Whitelisting6:08
Provide a powerful protection from SQL and XSS attacks.
Learn blacklisting and whitelisting methods
Compare blacklisting and whitelisting methods
Apply whitelisting correctly
Testing Your SSL/TLS Connection5:29
SSL/TLS protocol provides confidentiality of data in transfer. But very often it’s not tune up properly. In this video, you’ll know how to check the reliability of your SSL/TLS connection.
Understand the functioning of SSL/TLS
Test your website for SSL/TLS vulnerabilities with online scanner
Analyze the results of the scanning
Scanning Your Website for Malicious Scripts4:06
Cybercriminals can infect your website with malicious script for providing various types of malicious activity, and you even won’t be aware of that. To avoid this threat, you need to constantly check your website. In this video, you’ll learn how to do that.
Understand how a malicious script can destroy your business
Check your website for a malware script presence
Analyze the results of the scan
Protecting from a Session Hijacking Attack6:55
Session hijacking can give an attacker the access to your accounts even without stealing a password! That’s why you need to take special care about preventing such attacks on your website. In this video, you’ll learn how to do that quickly and effectively.
Understand session hijacking attack and the most popular ways to conduct it.
Secure the cookies function
Implement the methods of protection against section hijacking
The Big Strategy – Three Shortcuts to Secure a Web Application6:03
Find out how to combine all learned techniques into the powerful strategy to protect your website. You’ll also explore the most important models of cybersecurity: CIA triad and Defense-in-Depth and how to apply them.
Get acquainted with CIA triad model
Use CIA triad model to build your defense system
Understand Defense-in-Depth principle and apply it to your website protection
The Rule of Thumb to Fight Back Social Engineering Attacks5:10
Understand what is social engineering attack surface, how attackers manipulate humansEemotions and how to protect against such manipulations
Explore the four favorite targets of social engineers
Understand the thumb rule to fight back a social engineering attack
Discovering a Phishing Link6:12
Understand why phishing has become the most popular trend of social engineering attacks, how to spot a phishing web link and what you can to avoid falling as a phisher’s prey.
Look how the attackers imitates real websites
Find out if a website is phishing
Protect yourself from this kind of phishing attack
Unmasking a Phishing Email4:10
There many ways to differ a phishing email from a true one. In this video, you’ll see the easiest and fastest ways to do that.
Discover a fake email using the easiest way that is hovering
Go deeper on how to check an email by the header
Understand the traces of truth or lie: what exactly to look for in an email header
Anti-Whaling: How to Prevent Yourself from Spear-phishing6:22
Learn about whaling as a special kind of spear-phishing attacks, who are the main targets of this type of social engineering, and what algorithm the perpetrators use to hunt for their prey.
Understand how and where cybercriminals gather information about targets
Learn how they create baits to deliver malware
Explore how to protect from this kind of phishing
How to Prevent Password Stealers3:39
Password Stealers is skyrocketing in efforts to penetrate usersEcomputers. In this video, you’ll know what Passwords Stealers are, how cybercriminals use them in phishing attacks, and how this malware can harm you.
Explore how a password stealer can be delivered to a victim
Under why sometimes the user is unaware that she is attacked with a password Stealer
Build a bulletproof protection from Password Stealers
How to Protect Your Banking Secrets5:19
Banking credentials are the first target for cybercriminals. In this video, you’ll learn about the most vulnerable points perpetrators aimed at and how to protect them.
Learn about attackersEtools to steal money
Learn how to protect the credentials
Use Comodo Secure Shopping tool to neutralize all cybercriminals' efforts
Securing Your Email with ProtonMail6:52
Your email is a real tidbit for an attacker. In this video, you’ll understand why is it so and what exactly cybercriminals will be able to do if they hack it. And, of course, what can you do to protect yourself.
Learn how an attacker can hack email
Understand how attackers sell data, hijack accounts, spreads spam and other troubles
Explore the uncommon way to protect your email with ProtonMail
How to Outfox Keyloggers5:18
A key logger is able to record every keystroke your make and send the records to attackers. In this video you’ll see how exactly the key loggers works and the way to deceive them.
Look at examples of key loggers activity
Understand how a key logger functions
Neutralize a key logger activity with Key Scrambler
The Final Game: Building the Anti-Social-Engineering Strategy5:19
Combine all techniques we learned in one powerful strategy based on defense-in-depth principles.
Understand clearly why using various techniques separately can’t protect you
Apply defense-in-depth principles to fight social engineering attack
Build the whole strategy to protect from social engineering attacks
Cybersecurity: Methods of Protection (Blue Team Activity)

Requirements

Prior knowledge of penetration testing would be beneficial.

Description

Cybersecurity is a constant challenge for all organizations. When talking about cybersecurity, Read Team and Blue Team are often mentioned as the Red Team that teaches the attacking techniques while the Blue Team helps us know how to defend. The only way to be good at cybersecurity is to learn both the techniques of an attacker as well as a defender. If you are someone who thinks like a hacker and want to deeply explore what are the threats are and how to protect yourself from such threats, then go for this course.

This course starts with setting up hacker’s development lab before moving to Red Team tactics, where you will learn the basic syntax for the Linux tools that are commonly used to perform the necessary operations. You will gain hands-on experience of using Red Team techniques with powerful tools such as Python and Kali Linux, which will enable you to discover vulnerabilities in your system and to exploit them. You will also learn how a system is usually compromised by adversaries, and how they hack user’s identity, and the various tools used by the Red Team to find vulnerabilities in a system.

In the next section, you will learn about the defense strategies followed by the Blue Team to enhance the overall security of a system. You will learn about an in-depth strategy to ensure that there are security controls in each network layer, and how you can carry out the recovery process of a compromised system. Finally, you will learn how to defend yourself from social engineering attacks.

By the end of this course, you will be well-versed with Red Team and Blue Team techniques and will have learned the required techniques used nowadays to attack and defend systems.

Meet Your Expert(s):

We have the best work of the following esteemed author(s) to ensure that your learning journey is smooth:

● Sergii Nesterenko is Information Security Consultant and Penetration Tester with 20 years’ experience in the information security and 6 years’ in the cybersecurity field. He consults international business companies, military staff, NGOs, politicians, Members of Parliament, law enforcement, and other VIP on security issues. His wide knowledge in information technologies and human psychology let him elaborate effective technologies to prevent and overcome most cunning cyberattacks. He has also known for his publications and lectures on cybersecurity, anti-fraud, and counter-cyber espionage issues.

Who this course is for:

This course aims at IT professional who want to venture the IT security domain. IT pentester, Security consultants, and ethical hackers will also find this course useful.

What you'll learn

Explore related topics

Course content

Cybersecurity Attacks (Red Team Activity)35 lectures • 3hr 35min

Cybersecurity: Methods of Protection (Blue Team Activity)29 lectures • 3hr 10min

Requirements

Description

Who this course is for: