IT Security and Ethical Hacking

Learn the basics of IT Security, Ethical Hacking and its various concepts. Work on becoming a Certified Ethical Hacker!
3.8 (1,076 ratings) Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
17,118 students enrolled
$19
$200
90% off
Take This Course
  • Lectures 471
  • Length 26 hours
  • Skill Level All Levels
  • Languages English, captions
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 3/2015 English Closed captions available

Course Description

Welcome to our IT Security and Ethical Hacking Course.

These lectures teach the principles, techniques, and tools needed to successfully prepare for and pass the “Ethical Hacking and Countermeasures" exam. 

These sections can be taken in any order, as a review of a concept or knowledge area. However, if you are just becoming familiar with it security and ethical hacking it is recommended that you view the sections sequentially.

Note: This course covers many of the same concepts taught in our "IT Security Fundamentals: CompTIA Security+ 2015" course. This course has additional advanced material that pertains to ethical hacking. Most customers will want to purchase one or the other but likely not both.

Course Overview:

Ethical hacking is testing the IT resources for a good cause and for the betterment of technology. This training will establish your understanding of all the fundamental concepts, processes, and procedures.. You will spend time concentrating on each knowledge area, and studying the tools and techniques, inputs, and outputs associated with each knowledge area.

Section 1: In the pre-assessment quiz you'll face questions from all sections of this Ethical Hacking training. Test your current knowledge and know your strengths and weaknesses.

Sections 2-4: In Introduction to Ethical Hacking, you will be introduced to various concepts on ethical hacking. You will receive an introduction to the basics of Risk Management and Disaster Recovery. As well as an introduction to Penetration Testing.

Sections 5-7: You will gain a comprehensive understanding of vulnerability assessment and the tools used in this process. What kind of security measures do you take to protect your facilities, equipment, resources, personnel, and property from damage caused by unauthorized access? In this course, Physical Security, these are questions that we will be answering. Footprinting is the gathering of information related to a particular computer and its users and systems.

Sections 8-10: Reconnaissance is an exploration that is conducted to gain information. Network scanning is the scanning of public or private networks to find out which systems are running, their IP addresses, and which services they are running. In Port Scanning, you will learn how ports can be scanned, how a hacker can break into your network through the ports, and the countermeasures you can take to protect your device or network.

Sections 11-13: Banner grabbing is a technique used to grab information about computer systems on a network and the services running its open ports. In this course you will be introduced to enumeration and the many different uses it has in computer systems. This course will include demos on the different tools and uses of enumeration. In this course you will be learning the fundamentals of Linux. We will be pairing this course with demos with a more in-depth look into some of the fundamentals and tools of Linux.

Sections 14-16: Pentesting is an attack on a system in hopes of finding security weaknesses. In the course Configuring Linux for Pentesting, you will be learning the steps to configure Linux for pentesting and tools used for pentesting on a Linux system. Whenever we login to a computer system, we provide information to identify ourselves. We refer to this as authentication. Ensure that you know everything involved in securing a Windows system against attack. During this course you'll get into Windows passwords — how they're created, how they're stored, and different methods used to crack them.

Section 17-19: You will take a good look at spyware, the activities it performs, different types of spyware, and the countermeasures needed in order to prevent hackers from utilizing these types of techniques against your company. You will also spend time studying different types of keyloggers. There are three different types of keyloggers that we see used in today's environments: hardware, software, and kernel/driver keyloggers. Covering Tracks will be going over various ways that attackers have at their disposal to cover any tracks that may lead to their unwanted eviction, or worse yet, to an audit trail that would lead directly back to them. Trojans and Backdoors is the course where our software is going to be going undercover.

Section 20-22: You will discover what viruses and worms are and how they can infect computers and systems. Sniffers is our course where we take a look at Network Sniffing. Social engineering is the art of extorting employees for information.

Sections 23-26: Become familiar with the following concepts: denial-of-service, distributed denial-of-service, and how the denial-of-service and distributed denial-of-service attacks take place. In the course Session Hijacking, you will learn details about session hijacking, well-known techniques employed by aggressors, the steps involved in session hijacking, various types of session hijacking, tools for hijacking sessions, ways you can protect yourselves from session hijacking, and how pentesting can be used to identify vulnerabilities. Hacking Web and Application Servers, is a course that will give you a good idea about vulnerabilities and attacks available for web servers and web applications. In our course our course Advanced Exploitation Techniques, you will learn what advanced exploitation techniques are and how you can use them in your penetration testing.

Sections 36-37: There are many benefits to using Cloud Computing, and in order to take full advantage of those benefits, it’s important to better understand what cloud computing is. Gain an introduction to Cloud Computing concepts and threats. We discuss the four types of cloud types as well as the different forms of cloud computing. Then, we spend time briefly discussing the many threats associated with cloud computing and how they can affect procedures and security. Moving to the cloud can ease a company’s management and support costs so cover the types of threats that can happen on the cloud. We discuss their characteristics, then talk about how to sure up security in order to protect against these attacks. We also discuss the security responsibilities of both the cloud provider and the consumer.

Recommendations:

Learn from others! Here are some reviews from the participants enrolled in this course (Click on reviews to see full list of reviews)

  • Excellent Course, Highly Recommended - If you are interested in learning the principles of IT Security and Hacking, this course is for you. Very detailed, in-depth, and well-presented. With over 25 hours of video, and references to several outside resources. This course builds and excellent foundation for the beginner and provides a good review for the more experienced IT professional -- Michael Chesbro
  • Great for all levels - the Idea about this course is to get thinking about Security. And you will learn something . Something is new something is old. But everyone need a refresh now and then and see the whole picture. I recommend this course -- Alf-Olav NIlsen
  • Ethical hacking helps - The production of your teaching is awesome. Thanks to your teaching I have gotten rid of some hacker which have been bothering me for quite some time. I didn't know much about Security or ethical hacking until until I took this course. It has opened up a new world for me -- John Ackerman

What are the requirements?

  • No prerequisites for this course - A computer with Internet
  • The majority of the tools used in this series must be run on a Windows machine. There might be a MAC equivalent, but the tools demonstrated were all run on a Windows machine.

What am I going to get from this course?

  • Recently updated to be compatible with CEHv9 Cloud Computing Concepts
  • Upon completion of this course, students will have a basic introduction to ethical hacking and its various concepts.
  • You will be able to understand and apply information technologies concepts that include: vulnerabilities, defense-in-depth, penetration testing, the methodology for pentesting/ethical hacking, vulnerability management, incident management, and creating and implementing a security policy.
  • You will also know the countermeasures that can be taken to protect yourself from the dangers of hacking, and all that that may entail.
  • You will be able to identify what a SQL injection is along with the different wireless types and vulnerabilities. You will also gain a basic understanding of the concepts behind buffer overflow, cryptography and their weaknesses, mobile hacking, how to evade both firewalls and honeypots, and successfully evade IDS.
  • Communicate with the instructor and openly ask questions that will be addressed within 48 hours!
  • Download extra printable and saveable flash cards, games, slideshows, and other supplemental materials for each lecture in our course
  • Participate in active discussions with other information technology students & participants becoming certified
  • Apply your knowledge througout the course with quick quizzes

What is the target audience?

  • This course is intended for individuals looking to expand their knowledge of different IT Security principals.

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

01:13

This lecture will give a brief orientation to the course supplemental materials.

Section 1: Pre-Assessment
34 questions

The topics covered in these courses directly align with the certified ethical hacker exam objectives as published by EC-Council®. These sections can be taken in any order, as a review of a concept or knowledge area.

However, if you are just becoming familiar with CEH and the EC-Council®, it is recommended that you view the sections sequentially.

Quizzes in your LearnSmart Online Training help you determine your level of command of the material covered in this training course. This Pre-Assessment quiz is designed so that you will be able to see the progression you have as you complete the course. Whether you have pre-existing knowledge or not, the answers given do not effect any scores or required for certification, but helps get you ready and in the mind-set of what this course will be covering.

Section 2: Introduction to Ethical Hacking
10:00

Introduction to Ethical Hacking, will be introducing you to various concepts on ethical hacking. You will learn about vulnerabilities, exploits, defense strategy, penetration testing, and pentest types and methodology. You will also learn about vulnerability management, incident management, and security policy development.

This lecture will discuss the topics to be covered within Introduction to Ethical Hacking, as well as its implementations within the hacking world.


Topics Covered Include:
  • Hacking
  • Ethical Hacking
  • Vulnerability
  • Exploits
06:58

Vulnerability management is a continuous practice involving scanning for vulnerabilities, classifying them, putting steps to remediate them, and working to mitigate the risk due to vulnerabilities. So, a vulnerability can pose a risk to the organization and the organization works to remediate and/or mitigate it.

This lecture will discuss the vulnerabilities within ethical hacking, as well as several topics related to hacking vulnerabilities.


Topics Covered Include:
  • Confidentiality
  • Integrity
  • Availability
  • Malware
03:25

The principle of defence­-in­-depth is layered security mechanisms. The layered security enhances the security of the system as a whole. During an attack, if one layer gets impacted, other layers can still “hold down the fort.” Implementing defense-­in­-depth strategy is not an easy mechanism. Implementing this approach could add to the complexity of the system.

This lecture will discuss the components of Defence-in-depth, as well as how to implement it within ethical hacking.


Topics Covered Include:
  • Data Layer
  • Host Level
  • Defence-in-depth
07:28

The purpose of a penetration test is to test the security implementations and policy of an organization. The goal is to see if the organization has implemented security measures as specified in the security policy. A penetration test normally uses the same methods a hacker uses to gain unauthorized access to a network or system with a view to compromise them.

This lecture will discuss the components within penetration testing, as well as why it it used within ethical hacking.

Topics Covered Include:

  • Penetration Test
  • Penetration Testing
  • Methodology
05:17

This lecture will show one of four demonstrations on how to carry out a Penetration Test.

02:20

This lecture will show the second of four demonstrations on how to carry out a Penetration Test.

03:10

This lecture will show the third of four demonstrations on how to carry out a Penetration Test.

04:56

This lecture will show the final of the four demonstrations on how to carry out a Penetration Test.

02:37

Penetration Testing is one form of ethical hacking; when you try to penetrate into a system or network, if you are not successful, what would you do? Be happy! You're happy that you couldn't find any vulnerability. But don't stop there. Think like a hacker. Penetration testing methodology will allow you to do so.

This lecture will discuss the tools within Pentesting Methodology, and how they are used to successfully test hacking techniques.

Topics Covered Include:
  • Methodology for Testing
  • Attack Vectors
Chapter 1 Quiz
7 questions
01:14

Vulnerability management — the discovery of vulnerabilities and assessment of the risk to the network — is a critical part of the business landscape for long term success. Vulnerability management involves the identification, classification, and potential remediation and/or mitigation of the same.

This lecture will discuss the reasons for vulnerability management within an organization, as well as ways to successfully evaluate vulnerabilities and manage them.

Topics Covered Include:
  • Vulnerability Management
02:40

Incidents are errors that interrupt or reduce the quality of the business processes. The incident management process helps to quickly resolve these incidents, with minimal impact on the business. An organization that implements the incident management process derives dual benefits for its IT services and business.

This lecture will discuss the benefits of incident management within an organization, as well as some of the ways to successfully evaluate and manage incidents.

Topics Covered Include:
  • Incident Management
01:52

Vulnerabilities, penetration testing, incident management plans, etc. Do they work together or are they done in isolation? They can all work together in the form of a security policy. It is absolutely necessary to have a security policy within any organization.

This lecture will discuss the importance of a security policy within an organization, as well as ways to create one and what needs to be considered when doing so.

Topics Covered Include:
  • Collaborations
  • Security Policy
00:55

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Disaster Recovery and Risk Management.

Section 3: Disaster Recovery and Risk Management
02:15

An event that may have an effect on the daily operations of a given entity is called a risk. The effect could vary from downtime and disrupting the usual operations to losing money and sensitive information. Risk management requires an understanding of how security measures are implemented in your environment and how a threat can affect your daily operations.

This lecture will discuss the basics of Risk Management and Disaster Recovery, as well as what will be covered additional in this section.

Topics Covered Include:
  • Risk
  • Risk Management
02:12

For each scenario, the strategy for managing risks may vary When planning to implement new hardware or new software you need to test the product in a lab or testing environment and perform vulnerability assessment against the product.

This is one way of strategizing risk. This lecture will discuss the different ways of strategizing risk pertaining to potential hackers.

Topics Covered Include:
  • Risk Management Scenarios
05:23

Risk analysis is tight with vulnerability assessment, thus each identified threat should be analyzed and security measures should be taken to manage the risk posed. Risk analysis is based on qualitative and quantitative analysis.

This lecture will discuss the ways in which an organization can analyze risk in order to protect itself from unethical hacking.


Topics Covered Include:
  • Risk Analysis
  • Risk Domains
  • Likelihood
18:16

This lecture contains a demonstration on how to carry out risk assessment for a project, taking you through each of the steps within risk assessment.

Chapter 1 Quiz
7 questions
05:03

The DRP (Disaster Recovery Plan) is a policy that defines how an organization will recover from a disaster, whether it's a natural or man­made disaster. The DRP should protect both people and assets of a given organization.

This lecture will discuss how to create a DRP for an organization, as well its benefits.


Topics Covered Include:
  • Disaster Recovery Plan
  • Long Term
  • Data Backup
02:15

DRP needs maintenance and evaluation on a timely basis. At least once a year the DRP plan should be re­evaluated to make sure of it's effectiveness. Changes will be made as necessary.

This lecture will discuss the benefits of updating the DRP within an organization, as well as simple ways to do so.

Topics Covered Include:
  • DRP
01:00

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Penetration Testing.

Section 4: Penetration Testing
05:48

Pentesting is an intentional attack on a system to discover security weaknesses left by either the security officer who designed the defense strategy or the security controls that are incapable to defend against a given threat.

This lecture will discuss the benefits of Penetration Testing within an organization, as well as how it will assist an organization to protect itself from unethical hacking.


Topics Covered Include:
  • Pentesting
  • Vulnerability Assessment
  • Security Assessment
04:32

Penetration testing simulates a real attack. Penetration testing can be performed either externally or internally. Both tests have the known categories black box, white box, and grey box. The difference between external and internal testing is what to test.

This lecture will discuss the different types of Penetration Testing and what is encompassed within each type.

Topics Covered Include:
  • Penetration Testing
  • External Testing
  • Performable Tests
  • Internal Testing
10:36

This lecture contains a demonstration of vulnerability assessment.

04:45

Penetration testing is not complete without testing the human behavior. Usually the easiest way to gain access to sensitive information is by exploiting human trust. Hackers attempt to gain the trust of an employee in order to reveal corporate secrets.

This lecture will discuss the areas within Penetration Testing, as well as some of the ways to protect an organization from the different areas.

Topics Covered Include:
  • Penetration Testing
Chapter 1 Quiz
5 questions
01:37
Conducting a security audit is necessary to be compliant with certain ISO acts or standards. Depending on the the different types of business processes that occur in an organization there will more likely be at least one of the regulatory standards that the organization will need to be compliant with.

This lecture will discuss the different types of business processes and their regulatory standards an organization needs to comply with to assist them in becoming aware of potential threats.


Topics Covered Include:
  • PCI DSS
  • FERPA
  • COPPA
01:25

Educating employees about security threats and cyber attacks should not be considered a waste of money, but rather an investment in mitigating threats. Also it is prudent that employees know who to contact and what procedures to take in case they suspect a hacking attempt or any other threat.

This lecture will discuss the benefits that will come as a result of training employees to be able to recognize threats within as well as without an organization.

Topics Covered Include:
  • Education
  • Policies
01:04

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Vulnerability Assessment.

Section 5: Vulnerability Assessment
02:34

A vulnerability assessment is the process in which one can identify, quantify, and prioritize or rank the vulnerabilities in a network infrastructure or a system/ systems. Vulnerability analysis can estimate the effectiveness of proposed countermeasures and can evaluate their actual effectiveness after they are put into use.

This lecture will introduce you to vulnerability assessment as well as some of the topics associated within the concept.

Topics Covered Include:
  • Concepts
  • Vulnerability Assessment
00:50

Most vulnerability assessment tools have a GUI front end. So you will start off with the target network or an individual specific URL or IP address of the targets. Then you will run the test.

This lecture will discuss an overview of the vulnerability tools and how they will aid an organization to generate a detailed report.

Topics Covered Include:
  • Tools
04:09

The National Vulnerability Database, is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance.

This lecture will discuss security alerts that come from the National Vulnerability Database and how they can be implemented within an organization to protect against potential threats.


Topics Covered Include:
  • SANS Top 20
  • Common Vulnerabilities
  • CVSS
04:21

Nessus uses powerful detection, scanning, and auditing features. Nessus is the world's most widely used vulnerability scanner, with extensive management and collaboration functions.

This lecture will discuss the different methods of vulnerability scanning and the benefits of each.

Topics Covered Include:
  • Nessus
  • IBM Security AppScan
  • GFI
  • iScanOnline
04:17

This lecture contains a demonstration on how to use Nessus to conduct a vulnerability assessment.

02:54

This lecture contains a demonstration on how to use IBM AppScan to conduct a vulnerability assessment.

01:34

This lecture contains a demonstration on how to use GFI Languard to conduct a vulnerability assessment.

Chapter 1 Quiz
5 questions
04:32

Professional pen testers will not simply rely on the test result but he or she will ensure that the result is meaningful and there is no false positive. So he or she has to: Assess risk presented by vulnerabilities, Compare the results to security policy, Verify vulnerabilities and prioritize vulnerabilities.

This lecture will discuss the importance of analyzing any type of scan result in order to achieve the best result possible.


Topics Covered Include:
  • Analyzing Scan Results
  • Reports
  • Report Types
01:54

The generation of reports against your collected assessment data is very critical to your vulnerability testing program. Providing the right data to the right people is the key to a successful effort.

This lecture will discuss the ways of generating vulnerability assessment reports and how they aid an organization in protecting itself from potential threats.

Topics Covered Include:
  • Report Templates
07:47

A well developed and designed remediation plan will add value while reducing risks and vulnerabilities. The remediation team must be a dedicated core team with the support of subject matter experts from both the business and technology areas in order to be successful.

This lecture will discuss the importance of remediation in order for an organization to better protect itself from potential threats.

Topics Covered Include:
  • Review Results
  • Remediation
  • Remediating Planning
  • Remediation Commencement
01:28

Patch management is an important area of systems management. This involves acquiring, testing, and installing multiple patches to your computer system. Patch management tasks are maintaining current knowledge to ensure that patches are installed properly.

This lecture will discuss the necessity for expert patch management within an organization so that it can fully prepare itself against potential attacks.

Topics Covered Include:
  • Patch Management
01:03

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Physical Security.

Section 6: Physical Security
00:46

Security is very important to any organization and physical security is no exception. Physical security has a different set of threats, vulnerabilities, and risks when compared to other security issues.

This lecture will introduce the concept of physical security, as well as some of the concepts this section will cover.

Topics Covered Include:
  • Introduction
03:33

The physical security of computers and their resources are more challenging today than they were in the 1960s and 70s. In those days, computers were mostly mainframes locked in server rooms. Today, nearly everyone has access to at least one computer.

This lecture will discuss the importance of physical security for an organizational as well as for an individual.

Topics Covered Include:
  • Physical Security Threats
  • Physical Security
  • Security Professionals
04:49

A physical security program should consider safety and security mechanisms. Safety means the protection of life and assets against fire, natural disasters, and devastating accidents. Security should protect against vandalism, theft, and attacks by individuals.

This lecture will discuss the steps to planning a physical security program, as well as the benefits it will have for an organization.


Topics Covered Include:
  • Physical Security Program
  • Safety Mechanisms
  • Threat Profile
06:52

Crime prevention through environmental design (or CPTED) is a discipline which outlines how the properly designed physical environment can prevent crime by directly affecting human behavior.

This lecture will discuss the benefits of CPTED within an organization and how it will aid in protecting against potential threats.


Topics Covered Include:
  • Natural Access Control
  • Natural Surveillance
  • Natural Territorial Reinforcement
01:45

It is not enough to have included the details of an asset into a register. Today, valuables such as laptops are being stolen. It is not just money that thieves may get when sold in grey markets. The data that they could get their hands on is a major concern. You will have to take a few precautions to mitigate the risk.

This lecture will discuss the necessity for an organization to protect their assets and the steps taken to do so.

Topic Covered Include:
  • Protecting Asset Precautions
Chapter 1 Quiz
3 questions
02:38

Key factors in running an office, when this is said, what things come to your mind? Internal Support Systems should be one of them. They are assumed to be functioning, and they are assumed to have proper plans to set up, operate, and maintain.

This lecture will introduce the concepts that will be discussed throughout the second portion of this section.

Topics Covered Include:
  • Internal Support Systems
  • Support Systems
06:42

Both computing and communication have become an essential part of our lives. These two rely heavily, or we could even say, solely on a power supply. Therefore, power failure is much more devastating to a business than it was 10 or 20 years ago.

This lecture will discuss the importance of having a protection plan in place in the case of a power failure within an organization.


Topics Covered Include:
  • Power Supply Protection
  • UPS
  • Power Disturbances
02:46

If you don't have proper environment controls, they can cause damage to services, equipment, and lives. To prevent this from happening, you must involve a physical security team to set­up proper controls.

This lecture will discuss the risks involved within an organization from the environment as well as ways to control those risks.

Topics Covered Include:
  • Physical Security Team
  • During Facility Construction
  • Climate Control
  • Ventilation
03:41

You will want to be prepared in case a fire starts on your premises. First, you want to prevent fires as much as you can. However, if there is a fire, you want to be alerted quickly, before it becomes unmanageable.

This lecture will discuss the measures that must be taken within an organization to prevent fire, as well as what steps to take if a fire does occur.

Topics Covered Include:
  • Fire Prevention
  • Construction and Design
  • Fire Suppression Systems
  • Fire Suppression Caution
03:28

Security must have a layered approach. Perimeter security is the first layer of defense. You must have multiple layers of defense before someone can get to the most secured place, meaning the place with the secured servers, equipment, or information.

This lecture will discuss the steps to create a security perimeter within an organization.

Topics Covered Include:
  • Perimeter Security Levels
  • Defence Model
  • Access Control
  • Access Mechanisms
01:38

You can provide access control mechanisms through locks and keys, an electronic card access system, and personnel awareness. You can set up physical barriers by having fences, gates, walls, doors, windows, protected vents, and vehicular barriers.

This lecture will discuss the necessary places within an organization that need boundary protection and the best ways to provide boundary protection.

Topics Covered Include:
  • External Boundary Protection
  • Forms of Boundary Protection
01:36

Locks are widely accepted access control mechanisms. When locked, they delay the intruder, giving security personnel more time to respond. Fencing can be an effective physical barrier. A fence may not stop an intruder from entering but it can delay the intruder in his attempts and it acts as a deterrent.

This lecture will discuss the benefits of both locks and fences within an organization to protect against potential attacks.

Topics Covered Include:
  • Locks
  • Fences
02:51

Lighting is one of the most important aspects of physical security. Poorly lit areas can always give intruders an opportunity to sneak in. Patrols is another method of protection, providing real time monitoring and response teams.

This lecture will discuss the benefits of having lights as well as patrols in place within an organization to deter potential threats.

Topics Covered Include:
  • Lighting
  • Trained Personnel
  • Guard Dogs
01:11

You can have surveillance devices installed, monitored, and controlled from a central point. The advantage is that you can centrally monitor and deploy people depending on an intrusion attempt.

This lecture will discuss the benefits of providing a surveillance system within an organization.

Topics Covered Include:
  • Surveillance Devices
01:50

By using intrusion detection systems (IDSs), unauthorized entries can be detected. An IDS can alert a responsible entity to respond. IDSs can monitor entries, doors, windows, devices, or removable coverings of equipment.

This lecture will discuss the benefits of an Intrusion Detection System in place within an organization.

Topics Covered Include:
  • IDS
Chapter 2 & 3 Quiz
6 questions
00:51

Physical access control systems can use software and auditing features to produce audit trails or access logs pertaining to access attempts.

This lecture will discuss the ways to audit physical security.

Topics Covered Include:
  • Information to Logged and Reviewed
01:11

You should carry out an emergency mock drill. To do this, you need to craft a plan with the help of a team and test it out. The drills should be carried out at least once a year and the entire program should be continually updated and improved.

This lecture will discuss the importance of testing protection systems and having drills for potential disasters.

Topics Covered Include:
  • Testing
  • Drills
00:39

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Footprinting.

Section 7: Footprinting
01:14

The whole process of information gathering is called reconnaissance. As part of the reconnaissance process, they gather initial information first. This will be a passive data gathering exercise and generally known as passive footprinting.

This lecture will introduce you to the concepts that will be discussed throughout the duration of this section.

Topics Covered Include:
  • Reconnaissance
04:34

Footprinting is the process of collecting information about a target network and its environment. Footprinting is a very important step in gathering information about the security profile of a network or system. The more methodical you are, the more accurate the security profile will be when drawn up.

This lecture will discuss the first steps within hacking, as well as how they are carried out.

Topics Covered Include:
  • Footprinting
  • Knowledge Check
  • Organization Threats
01:16

This lecture will ask sample questions about possible threats of footprinting.

06:33

Footprinting is about information gathering. It can be both passive and active. As an attacker you employ both modes to gather information. Initial information gathering is very important. Good information gathering can make a difference when you hack or pentest a system or a network.

This lecture will discuss the importance of gathering information and how it will aid a hacker.

Topics Covered Include: 

  • Gathering Information
  • Visiting the Public Website
  • Active Footprinting
  • Information Gathering Steps
01:57

This lecture will ask sample questions about information gathering groups.

01:08

Footprinting can be external and it can be internal. It can be active and it can be passive. In internal footprinting, identify customer internal ranges that carry out both active and passive footprinting.

This lecture will discuss the hierarchy within footprinting.

Topics Covered Include:
  • Internal Footprinting
  • External Footprinting
01:53

This lecture contains a demonstration on the basics of footprinting using WHOIS commands.

Chapter 1 Quiz
3 questions
02:42

Where do you start, especially when you want to attack a system or network of a business? You will look for publicly available sources or an open source. You can get a quite a lot of information about the organization, its culture, hierarchy, people, etc.

This lecture will discuss the methodology used within footprinting as well as how it affects the information gathering process.

Topics Covered Include:
  • Footprinting Methodology
  • Loss Information Pseudonymous Footprinting
  • Gathering Information
04:39

There are two modes of footprinting. You have a passive mode and active mode. In passive mode footprinting, it is nearly impossible to get detected. Active footprinting has direct touch with the websites, network, servers, and systems.

This lecture will discuss passive vs. active footprinting.

Topics Covered Include:
  • Passive Footprinting
  • Active Footprinting
  • Knowledge Check
01:30

This lecture will ask sample questions about the WHOIS Database.

01:59

This lecture will ask sample questions about the DNS Zone Data.

08:03

Social engineering is a non­technical method of intrusion that hackers use. It relies heavily on human interaction. It could involve tricking people to share information. Today, it is one of the greatest threats that organizations face.

This lecture will discuss the threats social engineering possess to an organization, as well as ways to protect against potential attacks.


Topics Covered Include:
  • Social Engineering
  • Phishing
  • Email Tracking
01:57

Google hacking refers to creating complex search engine queries. If you have the right queries, you can retrieve a whole lot of valuable data about a target company.

This lecture will discuss the different ways google can be used to hack into an organization.

Topics Covered Include:
  • Google
  • Google Hacking
  • Google Operators
00:49

Exploit database contains the latest Google Hacking Entries. Attackers will be able to find very useful information if the site is vulnerable to Google hacking. They can get information through error messages. Generally error messages contain sensitive information that a hacker can make use of.

This lecture will discuss the Exploit Database and how it is used within Google Hacking.

Topics Covered Include:
  • Exploit Database
01:19

This lecture contains a demonstration on how to use the Exploit Database.

01:32

This lecture contains a demonstration on how to use Google Hacking for Charity.

01:48

When you search using Google, you would want the results to be as accurate as possible. You can use advanced operators to find private information of a target company. You can also get contact details of personnel of the company through Google.

This lecture will discuss the steps for an advanced search within Google Hacking.

Topics Covered Include:
  • Advanced Operations
  • Google Hacker Options
Chapter 2 & 3 Quiz
5 questions
02:59

Google Hacking tools are used to extract things like metadata, removing the cache from a search, search for google's cache vulnerabilities, expose novel functionalities, and determine sensitive information.

This lecture will discuss the different types of Google Hacking Tools, as well as how they are used to gather information about an organization and aid a hacker.


Topics Covered Include:
  • Google Hacking Tools
  • SiteDigger
  • Bi-directional Link Extractor
01:13

Maltego footprinting tool is a platform that gives you a clear threat picture to the environment that an organization owns and operates. You need to gather the basic and important information about the target organization.

This lecture will discuss the different footprinting tools and how they are used to gather information about an organization.

Topics Covered Include:
  • Network Footprinting
  • Maltego Footprinting Tool
  • Real-world Links
01:41

This lecture contains a demonstration on how to successfully use the Maltego Footprinting Tool.

00:46

This lecture will discuss some of the additional Footprinting Tools.

02:18

Footprinting countermeasures are the measures or actions taken to counter or offset information disclosure. It is important that you have a strategy in place to test your environment periodically, and ensure the vulnerabilities identified are addressed based on business and security priorities.

This lecture will discuss the countermeasures for footprinting used within an organizational.

Topics Covered Include:
  • Footprinting Countermeasures
03:03

Footprinting pentest is used to determine an organization's publicly available information on the Internet. Pen testers try to gather publicly available sensitive information of the target by pretending to be an attacker.

This lecture will discuss the tactics of a Pentester when they are working to expose potential footprinting threats.

Topics Covered Include:
  • Footprinting PenTest
01:55

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Reconnaissance.

Section 8: Reconnaissance
01:51

Reconnaissance is the preparation stage where the hackers will try to gather as much information as possible about the target. The information gathered in this stage can help to draw up a map of the target's network infrastructure and its security.

This lecture will introduce the concepts covered throughout this section.

Topics Covered Include:
  • Overview
  • Reconnaissance

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

LearnSmart LLC, Smarter Training. Never Open a Textbook Again.

LearnSmart has served the learning community with high-quality professional skills and IT certification training since 1997. In that time, the company has helped thousands earn career-related certifications from respected vendors, such as Project Management Institute (PMI)®, Cisco, Microsoft, CompTIA, Oracle, and EC-Council. LearnSmart offers over 1,000 courses covering IT, project management, administrative, HR, and workplace safety topics. With a rapidly growing clientele of individuals and corporations, LearnSmart serves a broad range of Fortune 500 companies to universities, as well as government institutions and the armed forces.

LearnSmart is able to meet diverse career and learning needs through its extensive selection of training. LearnSmart uses industry experts to give learners the most up-to-date content in a video format as well as training resources including; reference tools, pretests, study guides and labs. For more information about how we can help pinpoint and solve your individual or multi-user training challenges.

PMI is a registered trademark of the Project Management Institute, Inc.

Ready to start learning?
Take This Course