Welcome to our IT Security and Ethical Hacking Course.
These lectures teach the principles, techniques, and tools needed to successfully prepare for and pass the “Ethical Hacking and Countermeasures" exam.
These sections can be taken in any order, as a review of a concept or knowledge area. However, if you are just becoming familiar with it security and ethical hacking it is recommended that you view the sections sequentially.
Note: This course covers many of the same concepts taught in our "IT Security Fundamentals: CompTIA Security+ 2015" course. This course has additional advanced material that pertains to ethical hacking. Most customers will want to purchase one or the other but likely not both.
Ethical hacking is testing the IT resources for a good cause and for the betterment of technology. This training will establish your understanding of all the fundamental concepts, processes, and procedures.. You will spend time concentrating on each knowledge area, and studying the tools and techniques, inputs, and outputs associated with each knowledge area.
Section 1: In the pre-assessment quiz you'll face questions from all sections of this Ethical Hacking training. Test your current knowledge and know your strengths and weaknesses.
Sections 2-4: In Introduction to Ethical Hacking, you will be introduced to various concepts on ethical hacking. You will receive an introduction to the basics of Risk Management and Disaster Recovery. As well as an introduction to Penetration Testing.
Sections 5-7: You will gain a comprehensive understanding of vulnerability assessment and the tools used in this process. What kind of security measures do you take to protect your facilities, equipment, resources, personnel, and property from damage caused by unauthorized access? In this course, Physical Security, these are questions that we will be answering. Footprinting is the gathering of information related to a particular computer and its users and systems.
Sections 8-10: Reconnaissance is an exploration that is conducted to gain information. Network scanning is the scanning of public or private networks to find out which systems are running, their IP addresses, and which services they are running. In Port Scanning, you will learn how ports can be scanned, how a hacker can break into your network through the ports, and the countermeasures you can take to protect your device or network.
Sections 11-13: Banner grabbing is a technique used to grab information about computer systems on a network and the services running its open ports. In this course you will be introduced to enumeration and the many different uses it has in computer systems. This course will include demos on the different tools and uses of enumeration. In this course you will be learning the fundamentals of Linux. We will be pairing this course with demos with a more in-depth look into some of the fundamentals and tools of Linux.
Sections 14-16: Pentesting is an attack on a system in hopes of finding security weaknesses. In the course Configuring Linux for Pentesting, you will be learning the steps to configure Linux for pentesting and tools used for pentesting on a Linux system. Whenever we login to a computer system, we provide information to identify ourselves. We refer to this as authentication. Ensure that you know everything involved in securing a Windows system against attack. During this course you'll get into Windows passwords — how they're created, how they're stored, and different methods used to crack them.
Section 17-19: You will take a good look at spyware, the activities it performs, different types of spyware, and the countermeasures needed in order to prevent hackers from utilizing these types of techniques against your company. You will also spend time studying different types of keyloggers. There are three different types of keyloggers that we see used in today's environments: hardware, software, and kernel/driver keyloggers. Covering Tracks will be going over various ways that attackers have at their disposal to cover any tracks that may lead to their unwanted eviction, or worse yet, to an audit trail that would lead directly back to them. Trojans and Backdoors is the course where our software is going to be going undercover.
Section 20-22: You will discover what viruses and worms are and how they can infect computers and systems. Sniffers is our course where we take a look at Network Sniffing. Social engineering is the art of extorting employees for information.
Sections 23-26: Become familiar with the following concepts: denial-of-service, distributed denial-of-service, and how the denial-of-service and distributed denial-of-service attacks take place. In the course Session Hijacking, you will learn details about session hijacking, well-known techniques employed by aggressors, the steps involved in session hijacking, various types of session hijacking, tools for hijacking sessions, ways you can protect yourselves from session hijacking, and how pentesting can be used to identify vulnerabilities. Hacking Web and Application Servers, is a course that will give you a good idea about vulnerabilities and attacks available for web servers and web applications. In our course our course Advanced Exploitation Techniques, you will learn what advanced exploitation techniques are and how you can use them in your penetration testing.
Sections 36-37: There are many benefits to using Cloud Computing, and in order to take full advantage of those benefits, it’s important to better understand what cloud computing is. Gain an introduction to Cloud Computing concepts and threats. We discuss the four types of cloud types as well as the different forms of cloud computing. Then, we spend time briefly discussing the many threats associated with cloud computing and how they can affect procedures and security. Moving to the cloud can ease a company’s management and support costs so cover the types of threats that can happen on the cloud. We discuss their characteristics, then talk about how to sure up security in order to protect against these attacks. We also discuss the security responsibilities of both the cloud provider and the consumer.
Learn from others! Here are some reviews from the participants enrolled in this course (Click on reviews to see full list of reviews)
The topics covered in these courses directly align with the certified ethical hacker exam objectives as published by EC-Council®. These sections can be taken in any order, as a review of a concept or knowledge area.
However, if you are just becoming familiar with CEH and the EC-Council®, it is recommended that you view the sections sequentially.
Quizzes in your LearnSmart Online Training help you determine your level of command of the material covered in this training course. This Pre-Assessment quiz is designed so that you will be able to see the progression you have as you complete the course. Whether you have pre-existing knowledge or not, the answers given do not effect any scores or required for certification, but helps get you ready and in the mind-set of what this course will be covering.
Introduction to Ethical Hacking, will be introducing you to various concepts on ethical hacking. You will learn about vulnerabilities, exploits, defense strategy, penetration testing, and pentest types and methodology. You will also learn about vulnerability management, incident management, and security policy development.
This lecture will discuss the topics to be covered within Introduction to Ethical Hacking, as well as its implementations within the hacking world.
Vulnerability management is a continuous practice involving scanning for vulnerabilities, classifying them, putting steps to remediate them, and working to mitigate the risk due to vulnerabilities. So, a vulnerability can pose a risk to the organization and the organization works to remediate and/or mitigate it.
This lecture will discuss the vulnerabilities within ethical hacking, as well as several topics related to hacking vulnerabilities.
The principle of defence-in-depth is layered security mechanisms. The layered security enhances the security of the system as a whole. During an attack, if one layer gets impacted, other layers can still “hold down the fort.” Implementing defense-in-depth strategy is not an easy mechanism. Implementing this approach could add to the complexity of the system.
This lecture will discuss the components of Defence-in-depth, as well as how to implement it within ethical hacking.
The purpose of a penetration test is to test the security implementations and policy of an organization. The goal is to see if the organization has implemented security measures as specified in the security policy. A penetration test normally uses the same methods a hacker uses to gain unauthorized access to a network or system with a view to compromise them.
This lecture will discuss the components within penetration testing, as well as why it it used within ethical hacking.
Topics Covered Include:
This lecture will show one of four demonstrations on how to carry out a Penetration Test.
This lecture will show the second of four demonstrations on how to carry out a Penetration Test.
This lecture will show the third of four demonstrations on how to carry out a Penetration Test.
This lecture will show the final of the four demonstrations on how to carry out a Penetration Test.
Penetration Testing is one form of ethical hacking; when you try to penetrate into a system or network, if you are not successful, what would you do? Be happy! You're happy that you couldn't find any vulnerability. But don't stop there. Think like a hacker. Penetration testing methodology will allow you to do so.
This lecture will discuss the tools within Pentesting Methodology, and how they are used to successfully test hacking techniques.Topics Covered Include:
Vulnerability management — the discovery of vulnerabilities and assessment of the risk to the network — is a critical part of the business landscape for long term success. Vulnerability management involves the identification, classification, and potential remediation and/or mitigation of the same.
This lecture will discuss the reasons for vulnerability management within an organization, as well as ways to successfully evaluate vulnerabilities and manage them.Topics Covered Include:
Incidents are errors that interrupt or reduce the quality of the business processes. The incident management process helps to quickly resolve these incidents, with minimal impact on the business. An organization that implements the incident management process derives dual benefits for its IT services and business.
This lecture will discuss the benefits of incident management within an organization, as well as some of the ways to successfully evaluate and manage incidents.Topics Covered Include:
Vulnerabilities, penetration testing, incident management plans, etc. Do they work together or are they done in isolation? They can all work together in the form of a security policy. It is absolutely necessary to have a security policy within any organization.
This lecture will discuss the importance of a security policy within an organization, as well as ways to create one and what needs to be considered when doing so.Topics Covered Include:
An event that may have an effect on the daily operations of a given entity is called a risk. The effect could vary from downtime and disrupting the usual operations to losing money and sensitive information. Risk management requires an understanding of how security measures are implemented in your environment and how a threat can affect your daily operations.
This lecture will discuss the basics of Risk Management and Disaster Recovery, as well as what will be covered additional in this section.Topics Covered Include:
For each scenario, the strategy for managing risks may vary When planning to implement new hardware or new software you need to test the product in a lab or testing environment and perform vulnerability assessment against the product.
This is one way of strategizing risk. This lecture will discuss the different ways of strategizing risk pertaining to potential hackers.Topics Covered Include:
Risk analysis is tight with vulnerability assessment, thus each identified threat should be analyzed and security measures should be taken to manage the risk posed. Risk analysis is based on qualitative and quantitative analysis.
This lecture will discuss the ways in which an organization can analyze risk in order to protect itself from unethical hacking.
This lecture contains a demonstration on how to carry out risk assessment for a project, taking you through each of the steps within risk assessment.
The DRP (Disaster Recovery Plan) is a policy that defines how an organization will recover from a disaster, whether it's a natural or manmade disaster. The DRP should protect both people and assets of a given organization.
This lecture will discuss how to create a DRP for an organization, as well its benefits.
DRP needs maintenance and evaluation on a timely basis. At least once a year the DRP plan should be reevaluated to make sure of it's effectiveness. Changes will be made as necessary.
This lecture will discuss the benefits of updating the DRP within an organization, as well as simple ways to do so.Topics Covered Include:
This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Penetration Testing.
Pentesting is an intentional attack on a system to discover security weaknesses left by either the security officer who designed the defense strategy or the security controls that are incapable to defend against a given threat.
This lecture will discuss the benefits of Penetration Testing within an organization, as well as how it will assist an organization to protect itself from unethical hacking.
Penetration testing simulates a real attack. Penetration testing can be performed either externally or internally. Both tests have the known categories black box, white box, and grey box. The difference between external and internal testing is what to test.
This lecture will discuss the different types of Penetration Testing and what is encompassed within each type.Topics Covered Include:
This lecture contains a demonstration of vulnerability assessment.
Penetration testing is not complete without testing the human behavior. Usually the easiest way to gain access to sensitive information is by exploiting human trust. Hackers attempt to gain the trust of an employee in order to reveal corporate secrets.
This lecture will discuss the areas within Penetration Testing, as well as some of the ways to protect an organization from the different areas.Topics Covered Include:
This lecture will discuss the different types of business processes and their regulatory standards an organization needs to comply with to assist them in becoming aware of potential threats.
Educating employees about security threats and cyber attacks should not be considered a waste of money, but rather an investment in mitigating threats. Also it is prudent that employees know who to contact and what procedures to take in case they suspect a hacking attempt or any other threat.
This lecture will discuss the benefits that will come as a result of training employees to be able to recognize threats within as well as without an organization.Topics Covered Include:
This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Vulnerability Assessment.
A vulnerability assessment is the process in which one can identify, quantify, and prioritize or rank the vulnerabilities in a network infrastructure or a system/ systems. Vulnerability analysis can estimate the effectiveness of proposed countermeasures and can evaluate their actual effectiveness after they are put into use.
This lecture will introduce you to vulnerability assessment as well as some of the topics associated within the concept.Topics Covered Include:
Most vulnerability assessment tools have a GUI front end. So you will start off with the target network or an individual specific URL or IP address of the targets. Then you will run the test.
This lecture will discuss an overview of the vulnerability tools and how they will aid an organization to generate a detailed report.Topics Covered Include:
The National Vulnerability Database, is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance.
This lecture will discuss security alerts that come from the National Vulnerability Database and how they can be implemented within an organization to protect against potential threats.
Nessus uses powerful detection, scanning, and auditing features. Nessus is the world's most widely used vulnerability scanner, with extensive management and collaboration functions.
This lecture will discuss the different methods of vulnerability scanning and the benefits of each.Topics Covered Include:
This lecture contains a demonstration on how to use Nessus to conduct a vulnerability assessment.
This lecture contains a demonstration on how to use IBM AppScan to conduct a vulnerability assessment.
This lecture contains a demonstration on how to use GFI Languard to conduct a vulnerability assessment.
Professional pen testers will not simply rely on the test result but he or she will ensure that the result is meaningful and there is no false positive. So he or she has to: Assess risk presented by vulnerabilities, Compare the results to security policy, Verify vulnerabilities and prioritize vulnerabilities.
This lecture will discuss the importance of analyzing any type of scan result in order to achieve the best result possible.
The generation of reports against your collected assessment data is very critical to your vulnerability testing program. Providing the right data to the right people is the key to a successful effort.
This lecture will discuss the ways of generating vulnerability assessment reports and how they aid an organization in protecting itself from potential threats.Topics Covered Include:
A well developed and designed remediation plan will add value while reducing risks and vulnerabilities. The remediation team must be a dedicated core team with the support of subject matter experts from both the business and technology areas in order to be successful.
This lecture will discuss the importance of remediation in order for an organization to better protect itself from potential threats.Topics Covered Include:
Patch management is an important area of systems management. This involves acquiring, testing, and installing multiple patches to your computer system. Patch management tasks are maintaining current knowledge to ensure that patches are installed properly.
This lecture will discuss the necessity for expert patch management within an organization so that it can fully prepare itself against potential attacks.Topics Covered Include:
This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Physical Security.
Security is very important to any organization and physical security is no exception. Physical security has a different set of threats, vulnerabilities, and risks when compared to other security issues.
This lecture will introduce the concept of physical security, as well as some of the concepts this section will cover.Topics Covered Include:
The physical security of computers and their resources are more challenging today than they were in the 1960s and 70s. In those days, computers were mostly mainframes locked in server rooms. Today, nearly everyone has access to at least one computer.
This lecture will discuss the importance of physical security for an organizational as well as for an individual.Topics Covered Include:
A physical security program should consider safety and security mechanisms. Safety means the protection of life and assets against fire, natural disasters, and devastating accidents. Security should protect against vandalism, theft, and attacks by individuals.
This lecture will discuss the steps to planning a physical security program, as well as the benefits it will have for an organization.
Crime prevention through environmental design (or CPTED) is a discipline which outlines how the properly designed physical environment can prevent crime by directly affecting human behavior.
This lecture will discuss the benefits of CPTED within an organization and how it will aid in protecting against potential threats.
It is not enough to have included the details of an asset into a register. Today, valuables such as laptops are being stolen. It is not just money that thieves may get when sold in grey markets. The data that they could get their hands on is a major concern. You will have to take a few precautions to mitigate the risk.
This lecture will discuss the necessity for an organization to protect their assets and the steps taken to do so.Topic Covered Include:
Key factors in running an office, when this is said, what things come to your mind? Internal Support Systems should be one of them. They are assumed to be functioning, and they are assumed to have proper plans to set up, operate, and maintain.
This lecture will introduce the concepts that will be discussed throughout the second portion of this section.Topics Covered Include:
Both computing and communication have become an essential part of our lives. These two rely heavily, or we could even say, solely on a power supply. Therefore, power failure is much more devastating to a business than it was 10 or 20 years ago.
This lecture will discuss the importance of having a protection plan in place in the case of a power failure within an organization.
If you don't have proper environment controls, they can cause damage to services, equipment, and lives. To prevent this from happening, you must involve a physical security team to setup proper controls.
This lecture will discuss the risks involved within an organization from the environment as well as ways to control those risks.Topics Covered Include:
You will want to be prepared in case a fire starts on your premises. First, you want to prevent fires as much as you can. However, if there is a fire, you want to be alerted quickly, before it becomes unmanageable.
This lecture will discuss the measures that must be taken within an organization to prevent fire, as well as what steps to take if a fire does occur.Topics Covered Include:
Security must have a layered approach. Perimeter security is the first layer of defense. You must have multiple layers of defense before someone can get to the most secured place, meaning the place with the secured servers, equipment, or information.
This lecture will discuss the steps to create a security perimeter within an organization.Topics Covered Include:
You can provide access control mechanisms through locks and keys, an electronic card access system, and personnel awareness. You can set up physical barriers by having fences, gates, walls, doors, windows, protected vents, and vehicular barriers.
This lecture will discuss the necessary places within an organization that need boundary protection and the best ways to provide boundary protection.Topics Covered Include:
Locks are widely accepted access control mechanisms. When locked, they delay the intruder, giving security personnel more time to respond. Fencing can be an effective physical barrier. A fence may not stop an intruder from entering but it can delay the intruder in his attempts and it acts as a deterrent.
This lecture will discuss the benefits of both locks and fences within an organization to protect against potential attacks.Topics Covered Include:
Lighting is one of the most important aspects of physical security. Poorly lit areas can always give intruders an opportunity to sneak in. Patrols is another method of protection, providing real time monitoring and response teams.
This lecture will discuss the benefits of having lights as well as patrols in place within an organization to deter potential threats.Topics Covered Include:
You can have surveillance devices installed, monitored, and controlled from a central point. The advantage is that you can centrally monitor and deploy people depending on an intrusion attempt.
This lecture will discuss the benefits of providing a surveillance system within an organization.Topics Covered Include:
By using intrusion detection systems (IDSs), unauthorized entries can be detected. An IDS can alert a responsible entity to respond. IDSs can monitor entries, doors, windows, devices, or removable coverings of equipment.
This lecture will discuss the benefits of an Intrusion Detection System in place within an organization.Topics Covered Include:
Physical access control systems can use software and auditing features to produce audit trails or access logs pertaining to access attempts.
This lecture will discuss the ways to audit physical security.Topics Covered Include:
You should carry out an emergency mock drill. To do this, you need to craft a plan with the help of a team and test it out. The drills should be carried out at least once a year and the entire program should be continually updated and improved.
This lecture will discuss the importance of testing protection systems and having drills for potential disasters.Topics Covered Include:
This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Footprinting.
The whole process of information gathering is called reconnaissance. As part of the reconnaissance process, they gather initial information first. This will be a passive data gathering exercise and generally known as passive footprinting.
This lecture will introduce you to the concepts that will be discussed throughout the duration of this section.Topics Covered Include:
Footprinting is the process of collecting information about a target network and its environment. Footprinting is a very important step in gathering information about the security profile of a network or system. The more methodical you are, the more accurate the security profile will be when drawn up.
This lecture will discuss the first steps within hacking, as well as how they are carried out.Topics Covered Include:
This lecture will ask sample questions about possible threats of footprinting.
Footprinting is about information gathering. It can be both passive and active. As an attacker you employ both modes to gather information. Initial information gathering is very important. Good information gathering can make a difference when you hack or pentest a system or a network.
This lecture will discuss the importance of gathering information and how it will aid a hacker.
Topics Covered Include:
This lecture will ask sample questions about information gathering groups.
Footprinting can be external and it can be internal. It can be active and it can be passive. In internal footprinting, identify customer internal ranges that carry out both active and passive footprinting.
This lecture will discuss the hierarchy within footprinting.Topics Covered Include:
This lecture contains a demonstration on the basics of footprinting using WHOIS commands.
Where do you start, especially when you want to attack a system or network of a business? You will look for publicly available sources or an open source. You can get a quite a lot of information about the organization, its culture, hierarchy, people, etc.
This lecture will discuss the methodology used within footprinting as well as how it affects the information gathering process.Topics Covered Include:
There are two modes of footprinting. You have a passive mode and active mode. In passive mode footprinting, it is nearly impossible to get detected. Active footprinting has direct touch with the websites, network, servers, and systems.
This lecture will discuss passive vs. active footprinting.Topics Covered Include:
This lecture will ask sample questions about the WHOIS Database.
This lecture will ask sample questions about the DNS Zone Data.
Social engineering is a nontechnical method of intrusion that hackers use. It relies heavily on human interaction. It could involve tricking people to share information. Today, it is one of the greatest threats that organizations face.
This lecture will discuss the threats social engineering possess to an organization, as well as ways to protect against potential attacks.
Google hacking refers to creating complex search engine queries. If you have the right queries, you can retrieve a whole lot of valuable data about a target company.
This lecture will discuss the different ways google can be used to hack into an organization.Topics Covered Include:
Exploit database contains the latest Google Hacking Entries. Attackers will be able to find very useful information if the site is vulnerable to Google hacking. They can get information through error messages. Generally error messages contain sensitive information that a hacker can make use of.
This lecture will discuss the Exploit Database and how it is used within Google Hacking.Topics Covered Include:
This lecture contains a demonstration on how to use the Exploit Database.
This lecture contains a demonstration on how to use Google Hacking for Charity.
When you search using Google, you would want the results to be as accurate as possible. You can use advanced operators to find private information of a target company. You can also get contact details of personnel of the company through Google.
This lecture will discuss the steps for an advanced search within Google Hacking.Topics Covered Include:
Google Hacking tools are used to extract things like metadata, removing the cache from a search, search for google's cache vulnerabilities, expose novel functionalities, and determine sensitive information.
This lecture will discuss the different types of Google Hacking Tools, as well as how they are used to gather information about an organization and aid a hacker.
Maltego footprinting tool is a platform that gives you a clear threat picture to the environment that an organization owns and operates. You need to gather the basic and important information about the target organization.
This lecture will discuss the different footprinting tools and how they are used to gather information about an organization.Topics Covered Include:
This lecture contains a demonstration on how to successfully use the Maltego Footprinting Tool.
This lecture will discuss some of the additional Footprinting Tools.
Footprinting countermeasures are the measures or actions taken to counter or offset information disclosure. It is important that you have a strategy in place to test your environment periodically, and ensure the vulnerabilities identified are addressed based on business and security priorities.
This lecture will discuss the countermeasures for footprinting used within an organizational.Topics Covered Include:
Footprinting pentest is used to determine an organization's publicly available information on the Internet. Pen testers try to gather publicly available sensitive information of the target by pretending to be an attacker.
This lecture will discuss the tactics of a Pentester when they are working to expose potential footprinting threats.Topics Covered Include:
This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Reconnaissance.
Reconnaissance is the preparation stage where the hackers will try to gather as much information as possible about the target. The information gathered in this stage can help to draw up a map of the target's network infrastructure and its security.
This lecture will introduce the concepts covered throughout this section.Topics Covered Include:
Reconnaissance is very important step in gathering information about the security profile of a network or system. The more methodical you are, the more accurate the security profile you create.
This lecture will discuss the threats that are posed from Reconnaissance and the ways hackers can exploit an organization by using reconnaissance.Topics Covered Include:
As an ethical hacker, you will want to gather information about the vulnerabilities and see how you may protect your environment. With the information you have, you can try to map the network. The map provides the hacker with the blueprint of the organization's security profile.
This lecture will discuss the seven steps to gather information on an organization and how a hacker will use them to exploit an organization.
Of the seven steps in reconnaissance, six of them are categorized as footprinting. Where do you start? As a hacker, you can employ so many techniques or means to gather information. Take a look at the situation and decide what works.
This lecture will discuss the techniques that are used within footprinting methodology and how a hacker will use them to exploit an organization.
There are two modes of footprinting: passive mode and active mode. In passive mode footprinting, it is nearly impossible to be detected. In active footprinting you have some direct touch with the websites, network, servers, and systems.
This lecture will discuss the differences between active footprinting and passive footprinting.Topics Covered Include:
This lecture will discuss one of the passive footprinting tools.
This lecture contains a demonstration of PassiveRecon and how it is used within Footprinting.
This lecture contains a demonstration of Shodanhq.com and how it is used within Footprinting.
Banner Grabbing is one type of Active Footprinting. Banner grabbing is an enumeration technique used to glean information about computer systems on a network and the services running its open ports.
This lecture will discuss the different types of active footprinting and how they are used by a hacker to exploit an organization.Topics Covered Include:
This lecture contains a demonstration on how to use Visualroute Trace within reconnaissance.
Port scanning is the act of remotely testing numerous ports to determine what state they are in. Network scanning is a procedure for identifying active hosts on a network, either for the purpose of attacking them or for network security assessment.
This lecture will discuss the techniques used to scan both networks and ports and how they can be used by a hacker to exploit an organization.
This lecture contains a demonstration on Nmap Scan and how it is used within reconnaissance.
Enumeration is nothing but listing and identifying the specific services and resources about a particular target. The goal of enumeration is to list services which are known and reachable from your source.
This lecture will discuss the goals of enumeration and how a hacker can use it to exploit an organization.Topics Covered Include:
Reconnaissance countermeasures are the measures or actions taken to counter or offset information disclosure. It is important that you have a strategy in place to test your environment periodically and ensure the vulnerabilities identified are addressed based on business and security priorities.
This lecture will discuss the countermeasures that an organization can implement to protect itself against potential attacks.Topics Covered Include:
This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Scanning Networks.
When planning for a pentest it is essential to discover the network in order to design the attack. Assuming that a hacker is willing to attack your network, the hacker doesn't have any information about what systems are running in your private network. Here comes the network scanning role.
This lecture will introduce scanning networks as well as the concepts covered within this section.Topics Covered Include:
Usually when we mention network scanning we mean scanning the private network but we don't want to exclude the public network. Most of the techniques are developed to scan internally and quite a few have the ability to scan the public network and give reliable results.
This lecture will discuss the techniques used to scan both private and public networks and how an attacker can use it to exploit an organization.Topics Covered Include:
This lecture contains a demonstration on how to use Angry IP Scanner within Network Scanning.
This lecture contains a demonstration on how to use Nmap within Network Scanning.
This lecture contains a demonstration on how to use Hping within Network Scanning.
Zmap is a project developed at the University of Michigan, the target of which is to find a tool that can scan the IPv4 network in a very short time. Zmap is designed to be faster than Nmap by 1300 times and is only available as command line tool.
This lecture will discuss public scanning with Zmap, and how it is used by an attacker.Topics Covered Include:
This lecture contains a demonstration on how to use Zmap within Network Scanning.
This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Port Scanning.
LearnSmart has served the learning community with high-quality professional skills and IT certification training since 1997. In that time, the company has helped thousands earn career-related certifications from respected vendors, such as Project Management Institute (PMI)®, Cisco, Microsoft, CompTIA, Oracle, and EC-Council. LearnSmart offers over 1,000 courses covering IT, project management, administrative, HR, and workplace safety topics. With a rapidly growing clientele of individuals and corporations, LearnSmart serves a broad range of Fortune 500 companies to universities, as well as government institutions and the armed forces.
LearnSmart is able to meet diverse career and learning needs through its extensive selection of training. LearnSmart uses industry experts to give learners the most up-to-date content in a video format as well as training resources including; reference tools, pretests, study guides and labs. For more information about how we can help pinpoint and solve your individual or multi-user training challenges.
PMI is a registered trademark of the Project Management Institute, Inc.