Hacking Techniques for IT Professionals 2.0 Complete Course

Assess attacker methods and the system information they can obtain, evaluate threat risks, and select cost-effective defense strategies from a business perspective, including cloud security and social engineering topics.

Explore attack methods, including information gathering, entry points, and local attacks, and see how a security policy strengthens access control, BIOS protection, and visitor authentication.

Local attacks exploit hotel rooms with cloning devices and master keys, granting unrestricted access to rooms and laptops, while physical access can bypass TrueCrypt protection.

Explore how early network protocols lack intrinsic security, enabling remote information gathering and open-port scanning. Learn how subnetting, VLAN tagging, and fragmentation can complicate firewall defenses.

Examine target scanning and enumeration techniques for network assessment, covering connectionless udp behavior, icmp port unreachable responses, and idle scan methods using a zombie and ip id tracking.

Learn how passive scanning reveals target operating systems by analyzing TTL values and other protocol attributes, and use vulnerability scanners to identify security gaps on remote web servers.

Explore cyber attack risk assessment and damage analysis through a cost-effective security framework, weighing virus removal costs, basic protections, and attacker profits to optimize security spend.

Apply the dread risk assessment model to quantify security threats by scoring damage potential, reproducibility, exploitability, affected users, and discoverability, then average the scores to prioritize mitigations.

apply the dread model to evaluate exploitability, reproducibility, affected users, and discoverability, assign risk values to threats, and prioritize defenses in it security practice.

Use formal threat modeling with a threat tree and the Dredd model to map threats on a risk-acceptance curve and guide mitigation, outsourcing, or cloud options (IaaS, PaaS, SaaS).

Explore social engineering and rogue software through a mass-scale attack case. Learn how attackers manipulate users to reveal passwords and deploy malware, and why this method remains cheap and effective.

Expose common social engineering tactics used to manipulate IT staff, including impersonation, threat, trust abuse, and fear, and show how to prevent password leakage and remote access abuses.

Examine practical social engineering by creating fake identities with fake name generator, spoofing calls and texts, and using social engineer toolkit to automate attacks, while highlighting psychology tricks.

Explore how the social engineering toolkit automates creating malicious payloads, enabling remote access via callback connections, email delivery, and evading antivirus and firewalls.

Demonstrates rogue software and mass social engineering via email, including the I love you lure and love letter VB script, to steal money and data.

the lecture explains a social engineering scam using an xp antivirus window, fake scans, and an end user license to gain trust and trick users into paying for software.

Learn how fraud tools trick users into installing malicious software, uninstalling antivirus, and paying registration fees through fake warnings, a spoofed security center, and an unsecured registration site.

Examine the defense in depth model, or layered security, and why it replaces a single-line defense. Analyze its effectiveness against the ten immutable laws of computer systems security.

Explains how the defense in depth model protects computer systems through independent layers, emphasizing human factors, access controls, data encryption, backups, monitoring, and application updates.

Apply regular operating system updates and assess security with Microsoft Baseline Security Analyzer. Enforce least privilege, monitor in real time, segment networks, and protect data with SSL and IPsec.

Local attacks exploit physical access; restrict access with locked server rooms and cameras. The lecture demonstrates using the Microsoft diagnostics and recovery tool set to reset local passwords.

Demonstrates using a password and registry editor on Windows to reset an administrator password, while noting encryption protects confidentiality but cannot prevent deletion and defense in depth limits.

Explore defense in depth against automated service attacks, using Code Red and Nimda scenarios to show how firewalls, DMZs, and updates reduce infection risk and illustrate the Swiss cheese model.

Analyze conficker's social engineering via autoplay prompts to spread, and study a non-automated, targeted server attack tested on a local fpp/ftb server, with defense in depth to limit damage.

Introduces the first immutable law of security, noting that running untrusted programs compromises the entire system; highlights risks from downloads, trojans, and the need to avoid administrator privileges.

Protect kernel drivers from hostile processes gaining kernel control through operating system kernel mode supervision. Rely on trusted installers and file protections to maintain system integrity in large footprint environments.

Law #3 warns that unrestricted physical access can expose data unless full-disk encryption protects all storage, including system partitions, and keys are secured, such as with TPM.

Law #4 highlights how allowing unrestricted content modification on a site creates risks for both the web server and users, with cross-site scripting as a common attack vector.

Law five states weak passwords undermine security; attackers with a password impersonate users and bypass defenses. Create 12–15 character passwords with a digit and a special character, avoiding personal information.

law #6 shows that a computer's security depends on a trustworthy administrator; kernel and admin privileges enable full control, unless Windows Vista account control limits them and encryption protects data.

Protect the decryption key to secure encrypted data; never store the decryption password on the same computer. Focus protection on the key, like safeguarding car keys to prevent theft.

Protect systems with antivirus software by comparing files to signatures in a virus database. Ensure updates are downloaded after signature tests and uploads, because outdated databases leave you unprotected.

Explain why absolute anonymity on the web is impractical, as proxies and onion routing obscure paths but logs and administrators can still reveal the origin.

Understand law number ten, which states that security of computer systems does not rely on technology like firewalls, antivirus, or detection systems; instead it rests on procedures, policy, and users.

Explore the administrator-focused security laws, covering threat realism, security versus functionality, automatic updates, passwords, and policy design. Assess how complexity, configuration mistakes, and risk management shape defense and monitoring.

Explore how system administrators respond to attacks and develop disaster recovery strategies. Learn to monitor security and user activity with Windows tools, document attacks for forensics, and curb malware.

Learn to reduce losses after attacks by implementing proven security policies and recovery procedures, and ensure service availability with load balancing and failover clusters.

Learn how passive and active nodes monitor availability, enable failover clusters, and safeguard service continuity with quorum and asynchronous changes, plus recovery options via reinstallation or backups.

Learn how Windows security auditing records user activity in the security log, covering object access, directory service access, and privilege use. Enable and tailor policy changes monitoring across the environment.

Configure security logs with group rules and use the log parser to query event and system logs via sudo queries, generating reports and charts to detect deviations and external attacks.

Audit failed object access events (event id 560) and monitor password change and password reset attempts to detect unauthorized access and maintain security logs.

Identify high risk users with escalated privileges and audit failed admin logons and privileged service accounts. Monitor dedicated domain accounts for signs of compromise and watch disabled or template accounts.

Explore computer forensics by securing and analyzing evidence of cyber incidents, collecting system configurations and network activity, and verifying authenticity with checksums and signatures.

Analyze a case study on handling a virus outbreak, detailing the Conficker virus, its rapid automatic spread, detection methods, scope assessment, and containment with dedicated tools and knowledgebase guidance.

Explore the Conficker case study and infection vectors: security holes, removable media, local area network, and password guessing. Learn a defender's stepwise plan to identify, contain, and eradicate the outbreak.

Explore how secure and insecure applications handle input and defend against buffer overflow, SQL injection, and cross-site scripting. Apply least privilege and secure defaults to minimise attack surface.

Explore common application attacks, including buffer overflow, SQL query manipulation or fuel injection, and cross-site scripting, and how buffer overflows overwrite stack data to take control of execution.

Learn sql injection techniques and how poorly validated input enables bypassing authentication. Observe how payloads, comments, and always-true expressions like 1=1 exploit queries to read or alter data.

Explore how sql injection attacks bypass authentication, reveal table structures, and extract passwords through error messages, union queries, and blind tests, highlighting defense by avoiding joining statement definitions with parameters.

Explore blind sql injection techniques, using error messages and time-based delays to deduce data from a vulnerable database, and understand how crafted inputs reveal schema and user data.

Learn how automated sql injection attacks target asp.net web servers to extract data from databases, read tables and columns, and steal credentials.

Explains cross-site scripting (xss) and its reflected and persistent variants. Shows how attackers steal cookies and perform session hijacking, and how binding ids and using https help defend.

Assess application security from an administrator’s perspective by identifying risky programs and securing apps. See how firewalls, a demilitarized zone, and protections address sql injection and local attacks.

Identify risks in unsafe applications, such as embedded passwords, default credentials, and excessive admin permissions. Use Process Monitor and Process Explorer to audit permissions and registry access.

Learn application security through configuration and management, shield users from risks without hindering daily work, and analyze automatic updates for Microsoft software and technologies that enforce approved, secure applications.

Manage applications by understanding how outdated software invites automated attacks and how monthly security updates, hot fixes, and knowledge articles reduce risk.

Learn to manage software updates across deployments of all sizes using Microsoft Update, WSUS, and System Center Configuration Manager, including automated approvals, targeted deployment, monitoring, and support for non-Microsoft products.

Learn how Microsoft Update and WSUS servers automate, manage, and distribute updates—including Microsoft Office updates—across a network, with automatic schedules, notifications, and group-based approvals.

Centralize and optimize the management of software across your computers using System Center Configuration Manager, with hardware and software inventory, domain considerations, and push deployment and updates.

Enforce software restriction policies and application control policies to block untrusted programs by default. Build a whitelist and identify allowed apps by certificates, hashes, paths, or internet zones.

Explore software restrictions policies, including path, file hash, and publisher rules, and how central policies with domain controllers govern program execution.

Learn to implement application control with software restriction policies and AppLocker in Windows, using path, hash, certificate, and publisher rules to block or allow programs.

Isolate untrusted applications through dedicated computers, virtualization, or sandboxing with tools like Sandboxie. The module shows how sandboxing restricts data access and supports secure program execution.

Explore cryptography fundamentals, including symmetric and asymmetric cipher modes, hybrid schemes, steganography, and the critical role of keys in protecting confidentiality against cryptanalysis.

Trace the history of ciphers from Caesar to the one-time pad, highlighting weak keys and frequency analysis, then compare symmetric and public key cryptography, hashing, and digital signatures.

Explore how symmetric and asymmetric ciphers work, and learn key concepts like entropy, password strength in bits, and the roles of confusion and diffusion in cryptography.

Explore how symmetric-key algorithms use the same key for encryption and decryption, offering fast performance, key management challenges, and the role of rounds, randomness, and round keys in securing data.

Explore block ciphers that process fixed-length blocks with Feistel networks, round keys, and nonlinear functions to achieve diffusion, avalanche effect, and secure encryption.

The data encryption standard is a symmetric block cipher with 64-bit blocks and a 56-bit key, using 26 Feistel rounds and S-boxes. The caption notes vulnerability to brute force attack.

Explore DES-X variants to strengthen the DS algorithm and boost entropy from 64 to about 88 bits. Assess triple DES speed, RC2 weaknesses, and RC5's flexible design.

Explore Advanced Encryption Standard, a 128-bit block cipher with 128–256 bit keys, 14 rounds for 256-bit keys, and its nonlinear substitution, row shifting, column mixing, and add round key layers.

Explore block cipher modes, including ECB, CBC, CTR, and feedback modes (CFB, OFB), and learn how initialization vectors and chaining affect ciphertext security.

RC4 demonstrates stream ciphers as an alternative to block ciphers by generating a keystream and XORing with plaintext; reusing keys reveals plaintext and keys.

Delve into public key asymmetric algorithms, their two-key operation, and benefits like effortless key exchange, non repudiation, and trust; compare RSA, El-Gamal, and discrete-log based schemes.

Explore the RSA algorithm, its 1977 origins, its link to Diffie-Hellman key exchange and public key infrastructure, and its key generation, encryption, and decryption steps.

El-Gamal is an asymmetric encryption algorithm developed by the Egyptian cryptographer TJR El-Gamal, using a large prime p and generator g to form a public key for confidential ciphertext.

Explore how hash functions enable authenticity and non repudiation through one-way mappings, address collision risks via the birthday paradox, and compare MD5, SHA-1, and 256- to 512-bit hashes.

Learn how a digital signature uses a private key to encrypt a hash, enabling non repudiation and verifiable integrity through the public key.

Explore hybrid cryptography that blends symmetric encryption with asymmetric key exchange via a digital envelope, securing session keys, and enabling authenticity and nonrepudiation.

Explore cryptology through the public key infrastructure, examining certificate roles, x.509 standards, and certification authorities, including offline root and subordinate CAs, trust models, and archiving of private keys.

Implement trust but control with public key infrastructure by using digital certificates issued by certification authorities and managing the certificate distribution point, validity, and revocation to sustain trusted systems.

Implementing public key infrastructure enables certificate-based identity verification for internet services, digital signatures, and code signing. Utilize root and subordinate authorities to defend against man-in-the-middle and spoofing attacks.

Explore PKI applications, from smart card authentication and digital signing to network access protection and software restriction policies. Understand trust from certificate issuance, revocation lists, and hierarchical or peer-to-peer models.

Explore how root and subordinate authorities establish trust in x509 certificates. Inspect a not trusted certificate and review serial number, rsa key length two kilobytes, and two-year validity.

Understand the certificate life cycle from request to renewal, including how certification authorities verify identities, issue and revoke x.509 certificates, manage stores, and validate trust in root authorities.

Plan a two-level PKI with an offline root and subordinate authorities to enhance trust and control. Configure policies, key lengths, and CRLs, ensuring subordinate CAs rely on a standalone root.

Manage certification authorities and certificates with strict role separation, covering installation, configuration, renewals, and monitoring. Oversee backups, templates, certificate revocation lists, and key archiving and recovery through a PKI.