Ethical Hacking Fundamentals

Paths

Ethical Hacking Fundamentals

Authors: Dale Meredith , Troy Hunt

This series provides the foundational knowledge needed to ethically and effectively discover and exploit vulnerabilities in systems by assuming both the mindset and toolset of an... Read more

What you will learn

  • The difference between "hacking" and "ethical hacking"
  • The five phases of ethical hacking
  • How to identify vulnerabilities
  • How to defend against attacks

Pre-requisites

No ethical hacking experience is required for this series, but it is recommended that you possess a strong understanding of TCP/IP and operating systems and have at least one year of experience working with networking technologies.

Beginner

In this section, you will gain an understanding of what ethical hacking is, and learn the five phases of ethical hacking.

Ethical Hacking: Understanding Ethical Hacking

by Dale Meredith

Sep 17, 2019 / 7h 38m

7h 38m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. This course will start you down the path of becoming an Ethical Hacker, or in other words; become a "Security Profiler." You will learn to start thinking and looking at your network through the eyes of malicious attackers. You will learn to understand the motivation of an attacker. It is the duty of all System Admins and Security Professionals to protect their infrastructure from not only outside attackers but also attackers within your company. We will cover the terminology used by attackers, the difference between "hacking" and "ethical hacking", the phases of hacking, the types of attacks on a system, what skills an Ethical Hacker needs to obtain, types of security policies, why Ethical Hacking is essential, how to be in the "know" of what's happening in the hacking world, who a "hacker" is, what are the biggest security attack vectors, and more. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. The Truth About Living in a Technology Based World
  2. Overview of the CEH Certification Program
  3. How to Build a Lab to Hack Safely
  4. Installing and Configuring Your Windows Server VMs
  5. Installing and Configuring Your Desktop VMs
  6. Information Security Overview
  7. Security Threats and Attack Vectors
  8. Hacking Concepts
  9. Hacking Phases
  10. Attack Types
  11. Information Security Controls
  12. How to Prepare for the Certified Ethical Hacker Exam

Ethical Hacking: Reconnaissance/Footprinting

by Dale Meredith

Sep 28, 2018 / 3h 43m

3h 43m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. As an Ethical Hacker, you've been asked to do a "Blackbox" attack on a customer's infrastructure. Your first step is finding out as much as you can about the "target." You accomplish this via reconnaissance/footprinting. This is the initial stage in gaining a blueprint of the security profile of a target, and it is accomplished in an organized manner. Reconnaissance is one of the three "pre-attack phases," and results in a unique profile of an organization's networks and systems. "Reconning" an organization is necessary in order to systematically gather all the related data in regards to the technologies deployed within the network. Reconnaissance can take up to 90% of the time during penetration testing or an actual attack. We'll show you how attackers are currently reconning your company, as well as discuss in detail the steps of reconnaissance. Finally we'll look at some possible countermeasures to help discourage attackers. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. What Do You Mean by Reconnaissance/Footprinting?
  2. Initially What Do You Look For?
  3. The More You Look, the More You Find
  4. Other Reconnaissance Techniques
  5. Reconnaissance via Google Hacking
  6. Reconnaissance Countermeasures & Pen Testing

Ethical Hacking: Scanning Networks

by Dale Meredith

Oct 2, 2018 / 3h 51m

3h 51m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. So, after reconnaissance, we need to scan for basics, kind of like knocking on all the doors to see who is home and what they look like. Then, when you find a machine that's "live", we need to get to know it really well, asking some rather personal questions like, "what OS are you running?" or "what applications are you running?" and "which ports are listening on the network?". We'll go over all you'll need to know for the exam regarding scanning, and play with some pretty fun tools along the way. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Overview of Scanning
  2. Understanding the 3-way Handshake
  3. Checking for "Live" Systems and Their Open Ports
  4. Types of Scanning
  5. Banner Grabbing and OS Fingerprinting
  6. Vulnerability Scanning and Drawing Out the Network
  7. Preparing Proxies and Other Anonymizing Techniques

Ethical Hacking: Enumeration

by Dale Meredith

Dec 18, 2018 / 3h 12m

3h 12m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Enumeration is the first official attack at your target. Enumeration is the process of gathering information that might include user names, computer names, network shares, services running, and other possible points of entry. This course we'll show different techniques that can be used against your network. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Enumeration Explained & the Techniques Used
  2. Enumerating via Defaults & NetBIOS
  3. Enumerating via SNMP
  4. Enumerating via LDAP
  5. Enumerating via NTP
  6. Enumerating via SMTP
  7. Enumerating via DNS
  8. Oh, There's More
  9. Countermeasures for Enumeration

Ethical Hacking: Vulnerability Analysis

by Dale Meredith

Sep 27, 2018 / 3h 15m

3h 15m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Networks aren’t what they use to be. They’re more complex than ever. Systems today are so interconnected, and buried within those systems are thousands of undetected security vulnerabilities waiting to be used against you. Attackers perform vulnerability analysis to identify loopholes in your organization's infrastructure. Any vulnerabilities they find will be used to breach and dig deeper into your systems. In this course, Ethical Hacking: Vulnerability Analysis, you'll learn how to further secure your infrastructures by using the same tools and techniques that attackers use to probe your network to find possible attack vectors. First, you'll be taught about the different types of vulnerabilities, the types of scans and possible regulatory requirements that you might face. Next, you'll learn about the different VMS (Vulnerability Management Software) programs and how to choose one that is best for your organization. Finally, you learn how to prioritize your vulnerabilities and the remediation steps needed for servers, a workstation, networks, or even virtual machines. When you've finished this course, you'll have under your "Utility-Belt," the skills and knowledge of an Ethical Hacker when it comes to vulnerability analysis.

Table of contents
  1. What Do You Need to Start?
  2. Shaping and Implementing Our Vulnerability Scans
  3. The Scanners
  4. Analyzing Vulnerability Scans
  5. Remediation and Change Control
  6. Remediating Host Vulnerabilities
  7. Remediating Network Vulnerabilities
  8. Remediating Virtual Environment Vulnerabilities

Ethical Hacking: System Hacking

by Dale Meredith

Sep 28, 2018 / 3h 55m

3h 55m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. This is what it all comes down to. After we've done our research, we've found our target, and identified its services, shares, users and resources, it’s time to take total and complete control of this box. In turn, we then use this box to repeat our efforts to pwn more boxes within the network as well as grab any intellectual property that could be of great worth. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Understanding This Stage
  2. Phase 1: Gaining Access – Cracking Passwords
  3. More Cracking
  4. Phase 2: Gaining Access – Escalating Privileges
  5. Phase 3: Maintaining Access – Executing Applications
  6. Phase 4: Maintaining Access – Hiding Your Tools
  7. Phase 5: Covering Your Tracks - Clearing Logs and Evidence

Ethical Hacking: Malware Threats

by Dale Meredith

Sep 28, 2018 / 3h 47m

3h 47m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. The easiest way to get into a system or network is to get someone to let us in. Do you pirate software, movies, music, or heaven forbid - an operating system? I'm about 99.999% sure you've already been pwned. Malware is specifically designed to gain access or damage systems without the knowledge of the victim. Malware is on the rise due to the sheer volume of new types that are easily created daily, and the money that can be made through organized Internet crime. We'll talk about the various malware types, including viruses, Trojans, and worms. Now, we won't leave you in despair, we'll also talk about countermeasures and ways to detect these bad boys. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. The Hard Truth Behind Malware
  2. What's a Trojan?
  3. Trojan Infections
  4. Types of Trojans
  5. Virus and Worms
  6. Detecting Malware
  7. Countermeasures

Intermediate

This segment of the Path will teach you how to identify security vulnerabilities by using techniques such as Sniffing, Social Engineering, Honeypots, and more.

Ethical Hacking: Sniffing

by Dale Meredith

Oct 2, 2018 / 2h 22m

2h 22m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. There's so much an attacker can learn from simply "listening" or sniffing your network. Passwords? Check. Emails? check, and the list goes on and on. This course, Ethical Hacking: Sniffing (part of the Ethical Hacking series) will clarify the central ideas of sniffing and their utilization in hacking exercises. You'll also learn how imperative it is for security professionals to be "up" on sniffers and their methods. Furthermore, you'll be shown a plethora of instruments and procedures utilized as part of securing your network from these types of attacks. By the end of this course, you'll understand much more about sniffing and how to keep your data protected.

Table of contents
  1. Sniffing – It's Not the Cold Season
  2. DHCP Assaults
  3. Big-MAC Attacks
  4. ARP Poisoning
  5. DNS Poisoning
  6. Countermeasures

Ethical Hacking: Social Engineering

by Troy Hunt

Sep 13, 2019 / 4h 36m

4h 36m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Security defenses within information systems focus primarily on technology controls, that is, security is implemented within physical appliances and software. These controls are frequently bypassed when the humans themselves are compromised by a social engineering attack. Social engineering involves compromising the individuals that use these systems. Attackers look to exploit weaknesses in human nature and coerce people into performing actions which give the attacker an advantage. In this course, we'll look at various different social engineering techniques that can be used to compromise systems. We'll also look at both computer-based and behavior-based tools to help defend against this risk. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Humans: The Soft Center within the Hard Shell
  2. A Walkthrough of a Social Engineering Attack
  3. Reconnaissance and OSINT
  4. Phishing Attacks
  5. Identity Theft and Impersonation
  6. Social Engineering Countermeasures

Ethical Hacking: Denial of Service

by Troy Hunt

Sep 17, 2019 / 2h 50m

2h 50m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Denial of service attacks typically seek to render a service unavailable by flooding it with malicious traffic so that it becomes unresponsive to legitimate requests. In this course, Ethical Hacking: Denial of Service (part of the Ethical Hacking series), you'll look at the purposes of these attacks, ranging from disrupting gaming adversaries, to hacktivism, and to law enforcement by government agencies. You'll also explore various ways attacks are constructed and the weaknesses they exploit in order to be successful. Finally, you'll delve into defensive patterns to help protect services from malicious attacks. By the end of this course, you'll have a much better understanding of denial of service attacks and how to protect yourself from them.

Table of contents
  1. Understanding Denial of Service Attacks
  2. Attack Techniques
  3. Tools and Services
  4. Defending Against Attacks

Ethical Hacking: Session Hijacking

by Troy Hunt

Sep 16, 2019 / 3h 28m

3h 28m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Session persistence is a fundamental concept in information systems. On the web, for example, which is dependent on the stateless HTTP protocol, session persistence is a key component of features ranging from shopping carts to the ability to logon. At a lower level on the network tier, the TCP protocol relies on sessions for communication between machines such as a client and a server. The confidentiality and integrity of this communication can be seriously impacted by a session hijacking attack. Learning how to identify these risks is an essential capability for the ethical hacker. Systems are frequently built insecurely and readily expose these flaws. Conversely, the risks are often easy to defend against by implementing simple patterns within the application. This course walks through both the risks and the defenses. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Understanding Session Hijacking
  2. Session Persistence in Web Applications
  3. Hijacking Sessions in Web Applications
  4. Network and Client Level Session Hijacking
  5. Mitigating the Risk of Session Hijacking
  6. Automating Session Hijack Attacks

Ethical Hacking: Evading IDS, Firewalls, and Honeypots

by Troy Hunt

May 3, 2016 / 3h 1m

3h 1m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Most modern networks are protected by a combination of intrusion detection systems and firewalls. Increasingly, they may also include honeypots as a means of early detection of malicious activity. Attackers are constantly looking for ways of evading these defenses in order to render them ineffective. They're seeking to both gain access to resources which are intended to be beyond their reach, and do so in a stealthy manner so as to go undetected. In this course, we'll look at the advantages each of these security defenses provides and the roles they play in securing networks. We'll then look at how attackers seek to undermine their effectiveness by employing a range of techniques that help them evade detection. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking.

Table of contents
  1. Understanding Organizational Defenses
  2. Firewalls
  3. Intrusion Detection Systems
  4. Honeypots

Ethical Hacking: Hacking Web Servers

by Troy Hunt

Nov 11, 2015 / 2h 26m

2h 26m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Vulnerabilities in web server implementations are frequently the vector by which online attackers compromise systems. The impact can range from short periods of outage, to the total disclosure of sensitive internal information. There are many different levels an attacker may focus their efforts on, including the application, the host operating system, and of course the web server itself. Each has their own weaknesses and each must have the appropriate defenses in place to ensure resiliency from online attacks. In this course, we'll look at various attack vectors in web servers. These include exploiting misconfigured servers, leveraging weaknesses in unpatched environments, compromising weak SSL implementations and much, much more. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Understanding How Web Servers Are Hacked
  2. Discovering Risks in Web Servers
  3. Web Server Misconfiguration
  4. Managing and Hardening Web Servers
  5. Other Attacks Against Web Servers

Ethical Hacking: Hacking Web Applications

by Troy Hunt

Oct 8, 2015 / 4h 50m

4h 50m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. The security profile of web applications is enormously important when it comes to protecting sensitive customer data, financial records, and reputation. Yet, web applications are frequently the target of malicious actors who seek to destroy these things by exploiting vulnerabilities in the software. Most attacks against web applications exploit well known vulnerabilities for which tried and tested defenses are already well-established. Learning these patterns – both those of the attacker and the defender – is essential for building the capabilities required to properly secure applications on the web today. In this course, we'll look a range of different security paradigms within web applications both conceptually and in practice. They'll be broken down into detail, exploited, and then discussed in the context of how the attacks could have been prevented. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Understanding Security in Web Applications
  2. Reconnaissance and Footprinting
  3. Tampering of Untrusted Data
  4. Attacks Involving the Client
  5. Attacks Against Identity Management and Access Controls
  6. Denial of Service Attacks
  7. Other Attacks on the Server

Advanced

This section encompasses the more advanced topics, which include how to best protect systems and defend against attacks.

Ethical Hacking: SQL Injection

by Troy Hunt

Sep 16, 2019 / 5h 26m

5h 26m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Ever since we started connecting websites to databases, SQL injection has been a serious security risk with dire ramifications. The ability for attackers to run arbitrary queries against vulnerable systems can result in data exposure, modification, and in some cases, entire system compromise. SQL injection is classified as the number one risk on the web today due to the "perfect storm" of risk factors. It's very easily discoverable, very easily exploited, and the impact of a successful attack is severe. Add to that the fact that injection risks remain rampant, it's clear how it deserves that number one spot. This course takes you through everything from understanding the SQL syntax used by attackers, basic injection attacks, database discovery and data exfiltration, advanced concepts, and even using injection for network reconnaissance and running system commands. It's everything an ethical hacker needs to know to be effective in identifying the SQL injection risk in target systems. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Why SQL Injection Matters
  2. Understanding SQL Queries
  3. The Mechanics of SQL Injection Attacks
  4. Discovering Schema and Extracting Data
  5. Blind SQL Injection
  6. Advanced SQL Injection Concepts
  7. Defending Against Attacks
  8. Evasion Techniques
  9. Automating Attacks

Ethical Hacking: Hacking Wireless Networks

by Dale Meredith

Oct 2, 2018 / 3h 15m

3h 15m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Great! You have just finished setting up your wireless network. You did everything you were suppose to, like giving your SSID a unique name and securing your network with a strong password, so that someone can't piggyback off your network. Now that you are "safe and secure," you don't have to worry about hackers right? SLOW DOWN there skippy. While you have taken the "basic" steps required, you still need to be aware of some hacking methods that can be used to gain access to your network, despite your precautions. You also need to be very wary whenever you are accessing the network that is not your own, and let's not forget about other wireless technology; Bluetooth. This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking.

Table of contents
  1. Insights into Wireless
  2. Encryption in Wireless
  3. Threats from Wireless
  4. The Methodology of Hacking Wireless
  5. Hacking Bluetooth
  6. Countermeasures

Ethical Hacking: Hacking Mobile Platforms

by Dale Meredith

Jan 29, 2019 / 4h 57m

4h 57m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Okay, who here DOESN'T have a mobile device? Hands anyone? Didn't think so. Mobile devices have, at an alarming rate, become extremely popular with users and businesses. So next question, what are you doing about it's security? Anyone? Most folks have approached mobile devices with the attitude of "if it works, syncs, and plays games, I'm good". Overlooking this side of technology will lead you into one day appearing on an online video with the words "FAIL" plastered across your company's logo (or your face!). This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Mobile Device Attack Vectors
  2. Hacking Android
  3. Hacking iOS
  4. Hacking Other Mobile Platforms
  5. MDM: Mobile Device Management, Guidelines, and Tools
  6. Mobile Malware
  7. Mobile Payments

Ethical Hacking: Hacking the Internet of Things (IoT)

by Dale Meredith

Nov 5, 2018 / 2h 44m

2h 44m

Start Course
Description

At the core of Ethical Hacking, every Security Professional needs to have a thorough knowledge of all devices on their networks, including the Internet of Things (IoT). In this course, Ethical Hacking: Hacking the Internet of Things (IoT), you’ll see how these devices are designed to work and how to protect your infrastructure with these devices coming online. First, you'll learn about the different communication models IoT devices use, as well as the most common architectures and protocols. Next, you’ll be introduced to the different threats that IoT devices create if not managed correctly, you'll also learn about how to choose a manufacturer whose goals are also to protect your networks. Finally, you'll discover the different tools that could be used against you as well as some countermeasures you can deploy to better protect your resources. When you’re finished with this course, you’ll have a great understanding of IoT devices and how they could possibly open new attack vectors, as well as understanding that will help you as you move forward as a security professional in Ethical Hacking

Table of contents
  1. Course Overview
  2. IoT Concepts
  3. IoT Threat Types
  4. The Method to the Madness of IoT Hacking
  5. The Tools for IoT Hacking
  6. Our Countermeasures

Ethical Hacking: Cloud Computing

by Troy Hunt

Jul 7, 2016 / 2h 59m

2h 59m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. "The Cloud" is revolutionizing how we run software and services by providing low cost, flexible, and innovative alternatives to traditional hosting models. However, with the shift to cloud comes new security considerations. The cloud isn't more secure or less secure, rather it's differently secure; it strengthens security profiles in many areas whilst presenting new risks in others. Then again, many of the traditional risks in software don't change at all. In this course, we'll look at the ways the cloud can enable us to build more secure software than ever, whilst also identifying where it can leave us more vulnerable. We'll also look at "hardening" the cloud – how can we take this new computing paradigm and use it to strengthen our security profiles? This course is part of the Ethical Hacking Series. http://blog.kiss941.com/learning-path-ethical-hacking

Table of contents
  1. Cloud Computing Concepts
  2. Organizational Security Considerations
  3. Cloud Computing Risks
  4. Cloud Computing Security Strengths
  5. Hardening the Cloud

Ethical Hacking: Cryptography

by Dale Meredith

Dec 3, 2018 / 2h 29m

2h 29m

Start Course
Description

Today the Internet is a part of our everyday life’s. From work to home, we are using the Internet for sending data back and forth across this public network. Some information is just a request for a webpage, while other requests are extremely confidential; like passwords, medical data, or financial data. Cryptography is the technology that we can use to changing the plain text to unreadable text. We use it during authentication, as well as to transfer data and to keep data confidential. In this course, Ethical Hacking: Cryptography, you’ll learn the overall concepts of cryptography. First, you'll explore the different algorithms used along with those key concepts. Next, you’ll find out about the different tools and apps for both PC’s and mobile devices that you can use to deploy different types of cryptography. Finally, you’ll dive into what attacks might be thrown at you by attackers and how to protect yourself and your resources. By the end of this course, you'll gain greater knowledge of cryptography and how you can better implement it for your organization.

Table of contents
  1. Course Overview
  2. Understanding Cryptography
  3. Cryptography Tools
  4. PKI Made Simple
  5. Encrypting Emails, File, and Disk Drives
  6. The Attacks Against Cryptography
  7. Your Countermeasure

Ethical Hacking: Penetration Testing

by Dale Meredith

Jul 18, 2016 / 4h 43m

4h 43m

Start Course
Description

Pluralsight is not an official partner or accredited training center of EC-Council. What's penetration testing? Well it's simple, as security professionals our job is to make it extremely difficult to get inside our systems. Remember, you can't stop attackers, your job is to slow them down. How? Let's start by doing exactly what the attacker will do. Penetration testing (pen testing) is the practice of attacking your own network or that of a client's, using the same tools, techniques, and steps that an attacker would. The purpose of pen testing is to expose gaps, weaknesses, and possible entry points without doing any real damage. In this course, you will learn how to prepare, execute a pen test, and how you should report your results in a way that will add value to your time and efforts.

Table of contents
  1. Understanding Penetration Testing
  2. Pen Testing: Reconning and/or Footprinting the Target
  3. Pen Testing: Scanning the Target
  4. Pen Testing: Enumerating the Target
  5. Pen Testing: Hacking the Target
  6. Pen Testing: Sniffing the Target
  7. Pen Testing: Social Engineering the Target
  8. Pen Testing: DoS/DDoS the Target
  9. Pen Testing: Session Hijacking the Target
  10. Pen Testing: Targeting Web Servers
  11. Pen Testing: Hitting Web Apps
  12. Pen Testing: Looking at the Wi-Fi
  13. Pen Testing: Focusing on the Mobile Devices
  14. Pen Testing: Target the Firewall and/or IDS
  15. Pen Testing: Going After the Cloud
  16. How to Bring It All Together
Offer Code *
Email * First name * Last name *
Company
Title
Phone
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit