The Complete Cyber Range Hacking Lab: Full Course
What you'll learn
- Learn Active Directory Red Teaming, Web Application Hacking, Penetration Testing and Bug Bounty Hunting in a safe, customizable environment on your local system
- Avoid expensive AWS or Microsoft Azure costs by hosting the entire attack range on your local machine
- Build confidence for job interviews as you will know EXACTLY how modern attacks and defenses work
- How to analyze packet captures with Google Stenographer and Wireshark
- How to extract malicious files from packet captures with Network Miner
- How to use pFsense to monitor network traffic
- How to use Zeek (formerly Bro) to examine network metadata
- How to use the open source host intrusion detection platform Wazuh to monitor Windows 10 endpoints
- How to analyze Sysmon logs for evidence of attack
- How to use Strelka to automatically extract malicious files and scan them against Yara rules
- How to setup Security Onion 2, Elk, Kibana and Logstash and how to use it to hunt for evil in your network
- How to use osquery and Fleet to interact with your endpoints, query processes, scheduled tasks and more
- How to use WinLogBeat to ship Windows Powershell logs, Event Logs and more to your SIEM for analysis
Requirements
- You will need a beefy system for this course as we are building a complete cyber attack and defense range on your local machine
- 250GB of Hard disk Space is recommended although you could probably get by with 200GB
- 32GB of RAM is recommended, 16GB is probably possible but not ideal.
- VMWare Workstation Pro
- A willing heart to learn!
Description
All *NEW CONTENT* for 2021!
This is the course I wish I had.
I've been scouring Youtube and Udemy for a complete course that can walk beginners through building a Cyber Range, from start to finish, which includes a Windows Active Directory environment, vulnerable web apps and a full featured SIEM such as the ELK Stack. There is a terrible shortage of high quality teaching in this subject. So what did I do? I marshalled my years of expertise and training to build the best resource for building an ethical hacking cyber attack and defense lab! I hope to see more training like this on Udemy!
This course is a 100% hands-on workshop. There are no PowerPoint slides.
By the end of the course you will have the confident feeling and satisfaction of knowing EXACTLY how modern attacks take place on corporate networks.
We cover everything, nothing is left out. For example here is a sample of the tools and technologies you will use and learn as you progress through the course:
Zeek (Formerly Bro, Industry standard Network Metadata solution)
Suricata (IDS and Network Security Monitoring)
Stenographer (Google's robust full packet capture solution)
Wireshark (Analyze packets and protocols)
Network Miner (Extract files from packet captures)
Wazuh (Powerful open-source EDR)
Beats (Log shipper for Windows Event logs and more)
OSQuery (Well-known awesome endpoint visibility tool)
Sysmon + Sysmon-Modular (Endpoint visibility on steroids)
Strelka (Automatically detects and analyzes malware and shoots to YARA for analysis)
pfsense (Open-source firewall)
Burp Suite
Nmap
And much much much more...
I am constantly adding to and improving this course it will not get outdated.
Once you enroll you will be grandfathered into a lifetime of updates.
This course also provides the perfect backdrop to any other ethical hacking courses you take on Udemy because you will have a safe, isolated, realistic environment to hack, detect and block adversary actions. You will be truly building the ultimate learning resource for ethical hacking! So what are you doing still reading this? Jump inside and let's start building your cyber range!
Who this course is for:
- New Security Operations Center Analysts ("SOC") and Insident Responders
- New and Experienced Network and Web Application Penetration Testers
- Bug Bounty Hunters who hunt targets on HackerOne and BugCrowd
- Red Teamers who use Cobalt Strike, Metasploit or PowerShell Empire 3
- Security Engineers who want to know how to stand up attack and defense infrastructure
- Information Security Managers and Executives who want hands-on details about how breaches occur (and can be detected and prevented)
- Anyone who wants a hands-on practical free lab to prepare for the Security+, CEH or OSCP exams (without the stupid 60 day limitations cloud vendors slap you with)
Instructor
I'll never forget the day I first got hacked.
I was fooling around in an AOL chat room downloading little hacking programs called proggies and punters. I thought I was special, or leet as they call it, simply because I had a lowercase screenname which made me a bit mysterious since AOL didn't let ordinary people create lowercase names (called icases); my icase indicated that I knew how to "hack" the system.
I also commanded a vast array of punters including Fate X, HaVok Platinum, Firetoolz and Area51. Punters were tiny programs that let you violate AOL's terms of service by booting innocent people off AOL. If someone made me mad I would just click a button and send them into oblivion. The victim would almost immediately be forced to logoff and go through the painful process of dialing-up and reconnecting.. These proggies also let you scroll text super fast which would prevent other people from chatting and force them to leave the room.
Now that that I think about it, I was was probably at the apex of immaturity but I was barely in middle school and booting people offline was simply too much fun.
But one day I met my match.
I downloaded a program that was purportedly a new punter that had a bevy of features that my other tools lacked. Everything was fun in the beginning but after a few days weird things started happening to my computer.
For example, my CD-ROM would randomly open on its own, my mouse cursor seemed to move without my input and strange programs would sometimes leap onto my screen and then instantly vanish.
I was freaking out! It's really hard to describe just how scary this was.
I had no idea what was happening but I had to find out. Apparently whoever, (or whatever) had seized control of my computer didn't make any effort to hide his or her antics. After a few weeks of complete frustration, a chat box popped on my screen from an unknown name. I was the guy who hacked me. He started to taunt me by saying things like "i got you" or "your password is 1234567"
This is when I made it my mission to figure out as much as I could about this person and his methodology. After several interactions I learned he was using a remote access trojan called SubSeven. I quickly scoured the internet looking for this tool and once I found it I found my new love.
That's how I got into cybersecurity and ethical hacking. I was hacked and wanted to learn how it happened.
Unfortunately, back in middle school my motives weren't so pure and I used my new skills to hack other victims; however, after graduating from high school and with a little prodding by my dad to explore programming, I decided I wanted to major in Computer Science to do good in the world.
Since then I've never looked back.
So who am I? My name is Vonnie Hudson and I have over 13 years of hands-on experience maintaining, troubleshooting and repairing computer software and hardware. I actually started my career as a technical support analyst at a satellite internet company and eventually landed a job at IBM as a security engineer. From there I became the IT director of a large multimedia enterprise based in Time Square, New York.
I'm currently a Senior CyberSecurity Analyst at a large D.C based firm and I regularly contribute to the information security community by attending information security conferences and webinars and sharing my knowledge on my blog and email list.
My blog, fixedByVonnie, gets about half a million visitors per month. The articles span topics ranging from speeding up your browser to ethical hacking with Kali Linux.
I'm also an author and have published a highly rated Windows 8.1/10 Kindle book on Amazon. And always being an avid learner myself, I hold numerous industry standard certifications in good standing including the A+, Network+, Security+, CCNA, CCNP, CISSP and GCIH.
I have a lively Youtube channel, loyal Twitter following and a bunch of book and video ideas which I can't wait to implement. Thanks for reading my profile and checking out my videos - it's going to be a fun ride!
I think my teaching style is a bit unique. I try to respect your time by quickly getting into the content but I also let my personality bleed into everything I do. My videos sometimes feel like you have your very own guru sitting next to you showing you step-by-step how to learn. I promise you that you'll not only get your solid fill of content from my videos but also take away few laughs alone the way. I can't wait to see you inside!
Thanks again
-Vonnie