Aspire Journeys

Cyber Generalist to Ethical Hacker

  • 87 Courses | 91h 18m 36s
  • 10 Labs | 49h 15m
  • Includes Test Prep
Who would think hacking could ever be ethical? Gain the skills to detect vulnerabilities inside your organization's infrastructure. After you complete this journey, you will understand concepts and methodologies of pen testing, understand the tools and concepts of hacking, know how to conduct penetration testing and lawfully hack into an organization, and have the ability to earn your certifications in CompTIA's Pentest+ and EC Council's Certified Ethical Hacker. This journey includes: On-demand content, Instructor-led training, labs, challenges, exam prep, live mentoring, and additional books/resources.

CND Certification

In this track of the Cyber Generalist to Ethical hacker journey, you will learn about hackers and cyber defense strategies required in today's critical infrastructure.

This track includes instructor-led training, on-demand content, and a practice test.

  • 4 Courses | 3h 10m 30s

CND Certification On Demand

In this track of the Cyber Generalist to Ethical hacker journey, you will learn about hackers and cyber defense strategies required in today's critical infrastructure.

This track includes on-demand content, and a practice test.

  • 13 Courses | 12h 5m 37s

Ethical Hacking

In this track of the Cyber Generalist to Ethical Hacker journey, you will learn to think like a hacker while looking for system weaknesses and vulnerabilities. This journey will help you master an ethical hacking methodology that can be used in penetration testing to lawfully assess the security of a system. This course delivers in-demand ethical hacking skills while preparing you for the internationally-recognized Certified Ethical Hacker certification exam (312-50) from EC-Council.

This track includes instructor-led training, on-demand content, a practice lab and a practice test.

  • 5 Courses | 5h 40s
  • 1 Lab | 22h

Ethical Hacking On Demand

In this track of the Cyber Generalist to Ethical Hacker journey, you will learn to think like a hacker while looking for system weaknesses and vulnerabilities. This journey will help you master an ethical hacking methodology that can be used in penetration testing to lawfully assess the security of a system. This course delivers in-demand ethical hacking skills while preparing you for the internationally-recognized Certified Ethical Hacker certification exam (312-50) from EC-Council.

This track includes on-demand content, a practice lab and a practice test.

  • 44 Courses | 41h 48m
  • 4 Labs | 23h 45m

Pentesting

In this track of the Cyber Generalist to Ethical Hacker journey, he focus will be on general concepts and methodologies related to pen testing.

This track includes instructor-led training, on-demand content, and challenges.

  • 5 Courses | 7h 45m 48s
  • 2 Labs | 1h 30m

Pentesting On Demand

In this track of the Cyber Generalist to Ethical Hacker journey, he focus will be on general concepts and methodologies related to pen testing.

This track includes on-demand content, and challenges.

  • 16 Courses | 21h 28m 1s
  • 3 Labs | 2h

COURSES INCLUDED

Network Security and Emerging Technologies
Computer networking is an indispensable tool for single users and large enterprises alike, but unfortunately there are those who want to steal your information or profit off of you. Also, technology changes faster than most of us can keep up with it. In this course, you'll discover the elements of securing networks against attackers, including common security threats, malware, and social engineering. Then you'll learn about the risks of unsecured networks and how attackers compromise networks. You'll explore threat mitigation techniques, types of network security software, VPNs, perimeter networks, intrusion detection systems, security training, and information security planning. You'll learn about emerging technologies, including new wireless technologies and enterprise mobility. Then you'll explore the Internet of Things (IoT) and software defined networks. Finally, you'll discover the importance of keeping up with new technologies and methods for staying current. This course was originally created by Global Knowledge (GK).
22 videos | 47m has Assessment available Badge
Cybersecurity and Networking Fundamentals
The goal of cybersecurity is to protect systems, networks, data, and programs from digital attacks. As cyber-attacks continue to increase in frequency and sophistication, it is imperative that cybersecurity professionals learn how to quickly identify and mitigate vulnerabilities. In this course, you will learn common security terminology including threats, vulnerabilities, attacks, exploits, controls, and countermeasures. Discover the fundamentals of the confidentiality, integrity, and availability (CIA) triad, and explore the five elements of the AAA framework; identification, authentication, authorization, auditing, and accountability. You'll then explore risk considerations and management strategies, and discover how risks can be mitigated, accepted, transferred, and rejected. Lastly, explore core networking components and discover how information flow models are used to prevent unauthorized information flow in any direction. This course was originally created by Global Knowledge (GK).
13 videos | 42m has Assessment available Badge
Cloud Security Fundamentals: Cloud Infrastructure Security
Learners discover how to secure the Cloud Solution Provider (CSP) account from the outset by using best practices and techniques, in this 11-video course. Other infrastructure security concepts such as Integrated Access Manager (IAM), network access control lists (NACLs), firewalls, and web application firewalls (WAFs) are also covered. Begin by learning about designing and planning security controls to ensure adequate protection of resources. Then explore practical aspects of dealing with a cloud service provider and securing the root account, or billing account. The next tutorial focuses on IAM groups and users, which leads into examining IAM policies and permissions. You will learn how to define IAM roles; explore secure management access; and define network access control lists. Learn about secure management access and Secure Shell (SSH) and transport layer security (TLS). Learn how to define NACLs; configure stateful firewalls (which track connections and automatically allow returning traffic) in the cloud; and describe WAFs. In the final tutorial, discover best practices for hardening virtual machines. The concluding exercise asks learners to describe cloud infrastructure security.
12 videos | 58m has Assessment available Badge
Risk Assessment and Management
Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.
8 videos | 41m has Assessment available Badge

COURSES INCLUDED

Network Security and Emerging Technologies
Computer networking is an indispensable tool for single users and large enterprises alike, but unfortunately there are those who want to steal your information or profit off of you. Also, technology changes faster than most of us can keep up with it. In this course, you'll discover the elements of securing networks against attackers, including common security threats, malware, and social engineering. Then you'll learn about the risks of unsecured networks and how attackers compromise networks. You'll explore threat mitigation techniques, types of network security software, VPNs, perimeter networks, intrusion detection systems, security training, and information security planning. You'll learn about emerging technologies, including new wireless technologies and enterprise mobility. Then you'll explore the Internet of Things (IoT) and software defined networks. Finally, you'll discover the importance of keeping up with new technologies and methods for staying current. This course was originally created by Global Knowledge (GK).
22 videos | 47m has Assessment available Badge
Cybersecurity and Networking Fundamentals
The goal of cybersecurity is to protect systems, networks, data, and programs from digital attacks. As cyber-attacks continue to increase in frequency and sophistication, it is imperative that cybersecurity professionals learn how to quickly identify and mitigate vulnerabilities. In this course, you will learn common security terminology including threats, vulnerabilities, attacks, exploits, controls, and countermeasures. Discover the fundamentals of the confidentiality, integrity, and availability (CIA) triad, and explore the five elements of the AAA framework; identification, authentication, authorization, auditing, and accountability. You'll then explore risk considerations and management strategies, and discover how risks can be mitigated, accepted, transferred, and rejected. Lastly, explore core networking components and discover how information flow models are used to prevent unauthorized information flow in any direction. This course was originally created by Global Knowledge (GK).
13 videos | 42m has Assessment available Badge
Cloud Security Fundamentals: Cloud Infrastructure Security
Learners discover how to secure the Cloud Solution Provider (CSP) account from the outset by using best practices and techniques, in this 11-video course. Other infrastructure security concepts such as Integrated Access Manager (IAM), network access control lists (NACLs), firewalls, and web application firewalls (WAFs) are also covered. Begin by learning about designing and planning security controls to ensure adequate protection of resources. Then explore practical aspects of dealing with a cloud service provider and securing the root account, or billing account. The next tutorial focuses on IAM groups and users, which leads into examining IAM policies and permissions. You will learn how to define IAM roles; explore secure management access; and define network access control lists. Learn about secure management access and Secure Shell (SSH) and transport layer security (TLS). Learn how to define NACLs; configure stateful firewalls (which track connections and automatically allow returning traffic) in the cloud; and describe WAFs. In the final tutorial, discover best practices for hardening virtual machines. The concluding exercise asks learners to describe cloud infrastructure security.
12 videos | 58m has Assessment available Badge
Risk Assessment and Management
Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.
8 videos | 41m has Assessment available Badge
Information Security: APT Defenses
In this 13-video course, discover key Advanced Persistent Threat (APT), concepts such as defense and best practices. Explore common APT attacks and mitigation techniques that can be used, APT tools, and how to create effective APT checklists. You will begin with an introduction to APT and its purpose, then look at the steps of the APT lifecycle. Learners will examine motives behind an APT and probable targets, and learn to identify APT defense best practices. Next, you will explore methods that can be used to strengthen APT defenses, and then recall the method(s) to deal with APTs. You will then take a look at the Equation aka APT group and its involvement in various cyber crimes. Another tutorial examines the key tools that are used when conducting an APT. Define risk assessment processes that can help you protect your assets. In the final tutorial in this course, you will be asked to identify key points for creating an effective checklist to address APT attacks.
13 videos | 1h 24m has Assessment available Badge
Information Security: NACs & Gateways
Learners will discover key features of network access control (NAC), the importance of NAC in a network, various NAC elements, authentication, and its implementation, in this 12-video course. Explore the risks and challenges associated with BYOD-which means "bring your own device"-and IoT, which is Internet of Things. You will begin the course by examining the security risks introduced by BYOD and IoT, along with their preventive measures. You will then explore the major challenges with BYOD in an organization. The next tutorial defines NAC and the importance it has in a network. This leads into examining the NAC architecture; the different features of NAC; and the impact of an improperly configured NAC. You will learn about the various NAC elements; recall the best practices of implementing NAC, and identify the key points for creating an effective checklist for NAC security. In the final tutorial, learners will be asked to list the NAC authentication methods.
12 videos | 37m has Assessment available Badge
Information Security: Subnetting & DNS for Security Architects
In this 11-video course, learners will discover key concepts related to subnetting, virtual machines (VMs), container, and DNS (domain name system) security. Examine tips and tricks used in subnetting and subnetting advantages. Explore classless inter-domain routing (CIDR), notation, deployment and security considerations for VMs and containers, and types of DNS attacks and mitigation strategies. You will begin the course by taking a look at the importance of subnetting, how it relates to security, and its advantages and disadvantages. Then move on to defining the CIDR notation. You will examine the subnetting cheat sheet, and learn various subnetting tips and tricks; compare VMs and containers, and examine the deployment considerations for VMs and containers. Next, learners will observe the best practices for deploying VMs, and the best practices for VM and container security. In the final two tutorials of this course, you will discover the various types of DNS attacks and their mitigations, and the various types of subnetting attacks and mitigations.
11 videos | 1h 5m has Assessment available Badge
Information Security: Securing Networking Protocols
Learners can explore the key concept of the common protocols in use, and discover the security issues of the transmission control protocol/Internet protocol (TCP/IP) model and security protocols, in this 10-video course. You will begin by taking a look at the common protocols used in a network, the ports they use, and the type they are and what they do. Next, you will examine some of the security issues of the TCP/IP model at the layer level, of which it has four: application, transport, Internet, and data link. You will also explore the threats, vulnerabilities, and mitigation techniques in network security; identify the types of weak protocols and their replacements; and classify the various types of security protocols. Then learners will continue by examining various ways to use security protocols in different situations; the importance of implementing security protocols. In the final tutorial, learners will explore the security-first mindset and its necessity.
10 videos | 56m has Assessment available Badge
Information Security: Hardened Security Topologies
In this 8-video course, learners will discover the key concepts of different security topologies and the key role they play in network security. Begin with an introduction to security topologies, which define the network design based on security requirements. You will then explore the design goals for security topology, the elements used to ensure that the information is secure, which means that you need the concepts of confidentiality, integrity, and availability (CIA), of information in a proper way, and it needs to be secured. You also need to practice accountability along with CIA concepts. Next, you will examine advantages and disadvantages of different security topologies, which are the Intranet, the Internet, and various other topologies. You will take a look at the impact of integrating cloud topologies, and also delve into the various layers of security in cloud computing. The final tutorial in this course explores the different methods used to harden the components of security topologies.
8 videos | 42m has Assessment available Badge
Information Security: Continual Infrastructure Testing
Discover DevOps practices such as continuous security and security monitoring, the benefits of using DevOps, and best practices of DevOps security in this 11-video course. Explore the secure DevOps lifecycle and learn about security risks and the various tools used for DevOps testing. Key concepts covered in this course include continuous security practices and the need for continuous security in a DevOps environment; the benefits of using DevOps including improved quality, saving money, and saving time by not having to integrate code at the later stage; and the components of DevOps and their impact on the infrastructure security. Next, learners will examine the best practices of DevOps security and learn the secure DevOps lifecycle; and learn security risks that come with DevOps and tools that can help aid with continuous security infrastructure testing. Finally, learn the security risks of DevOps; and the various tools used for DevOps testing, as in each stage of DevOps certain types of tools will be used.
11 videos | 43m has Assessment available Badge
Information Security: Security Governance
In this 9-video course, learners will discover the importance of implementing security governance in an organization. Explore differences between security governance and security management, types of governance frameworks, and the roles of senior management. Also covered are ensuring good IT security governance, risks and opportunities, security governance programs, and governance framework structure. Key concepts covered in this course include how to distinguish between security governance and security management; learning about different types of IT governance frameworks including ISO 27001, PCI DSS, HIPAA (Health Insurance Portability and Accountability Act), ITIL, and COBIT; and learning the various roles and responsibilities of senior management in governance; learn the measures used to ensure good IT security governance including creating governance within an organization, delivering governance through the right stakeholders. Next, observe how to review governance on a periodic basis; learn the risks and opportunities in security governance and making sure the security policies are up to date; and examine the process of rolling out a security governance program. Finally, you will examine the structure of a governance framework.
9 videos | 1h 14m has Assessment available Badge
Information Security: Honeypots
Explore various honeypot concepts, such as the types of honeypots, roles and uses of a honeypot, and how honeypot data analysis is used. In this 12-video course, you will examine strengths and weaknesses of a honeypot and how it is placed in networks. Key concepts covered in this course include the honeypot system itself, configured to detect, deflect, or counteract any unauthorized attempt to gain access to information; learning the various types of honeypots that can be used focusing on low and high interaction level types; and learning about the role played by honeypots in overall network security. Next, you will examine learn honeypot uses and disadvantages; learn the deployment strategies of a honeypot; and learn the various open-source and commercial honeypot products available on the market. Finally, learners will observe how honeypots are placed in a network; how to install and configure a honeypot by using KFSensor honeypot software; and explore how honeypot data analysis is captured through automated software or through a manual method.
12 videos | 35m has Assessment available Badge
Information Security: Pen Testing
Explore the key penetration (pen) testing concepts such as vulnerability assessment, types of pen testing, and threat actors, in this 14-video course. Discover why pen testing is needed and investigate tools used for pen testing. Key concepts covered in this course include pen testing, a set of tasks that are performed by ethical hackers against an organization, but in a legal way; steps performed during the pen testing process; and reasons why an organization needs to perform pen testing and distinguish between pen testing and vulnerability assessments. Next, you will compare the different types of pen testing and learn the weaknesses of pen testing; learn the various types of tools used in pen testing and the target selection for pen testing; and learn the types of assets in an organization; compare the types of risk responses that an organization may adapt. Finally, learners observe how to use the Metasploit framework in Kali Linux; and how to create an exploit by using MSFvenom.
14 videos | 1h 34m has Assessment available Badge

COURSES INCLUDED

CEH v11: Cybersecurity Basics, Attacks & Information Warfare
Building a strong foundation of knowledge is crucial to becoming an effective cybersecurity professional. In this course, you'll build that foundational knowledge by exploring the five core elements of cybersecurity. You'll examine how classifying what motivates an attacker to attack a network or system can go a long way into figuring out how to best protect systems and networks. Next, you'll explore the many types of attacks that threat actors use to gain access to systems and sensitive data. Finally, you'll learn about information warfare, including its categories and strategies. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
5 videos | 1h 9m has Assessment available Badge
CEH v11: Cyber Kill Chain, TTPs, Behaviors & Threat Hunting
If you know how most threat actors and groups attack their targets, you'll be better equipped to defend against those attacks. In this course, you'll explore the seven phases of the Cyber Kill Chain, which aims to guide defenders in their understanding of commonly used attack strategies. Next, you'll learn how tactics, techniques, and procedures can help you better understand the threats your organization faces. You'll move on to examine behavioral patterns typical with today's threat actors and Advanced Persistent Threats. The average time it takes to detect a breach is around 200 days, which is why threat hunting has become a standard security practice. To complete this course, you'll explore threat hunting and its usefulness, as well as the concept of Indicators of compromise. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 1h 5m has Assessment available Badge
CEH v11: Hacking Phases & Concepts
Being an ethical hacker means, in some ways, that you'll need to assume the identity of a bad hacker. In this course, you'll learn what it means to be a hacker, the common hacker classes, and the five phases of hacking. As an ethical hacker, you may encounter those that don't understand what that means and how a person can use seemingly dangerous skills towards an ethical purpose. You'll examine ethical hacking and how it can be a great tool for helping to create a more secure network. You'll also explore skills and limitations common to ethical hackers. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
2 videos | 41m has Assessment available Badge
CEH v11: Risk Management, Cyber Threat Intelligence & Threat Modeling
At the end of the day, cybersecurity is all about understanding risk. In this course, you'll learn about how risk pertains to cybersecurity, risk levels, and how to use a risk matrix to visualize risk. You'll also examine the concept, practice, and phases of risk management, which can help you minimize the negative effects of risk. Next, you'll explore how using Cyber Threat Intelligence is a more proactive approach towards your cybersecurity defenses and the four types of CTI. Finally, you'll learn about using threat modeling to stop threats before they become security incidents and the five steps common to the threat modeling process. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 51m has Assessment available Badge
CEH v11: Incident Management, ML, AI & Regulations
A very important job that a cybersecurity professional will need to be familiar with is that of incident management. In this course, you'll explore incident management and what it's designed to accomplish. Next, you'll examine the nine steps of the incident handling and response process to help familiarize yourself with the actions and expectations you may need to take to properly deal with a security incident. You'll learn about effective tools for protecting against advanced threats, as well as the role artificial intelligence and machine learning play in the current cybersecurity battlefield. Finally, you'll examine standards, regulations, and laws that govern how computer systems must be secured and maintained. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 1h 12m has Assessment available Badge

COURSES INCLUDED

CEH v11: Cybersecurity Basics, Attacks & Information Warfare
Building a strong foundation of knowledge is crucial to becoming an effective cybersecurity professional. In this course, you'll build that foundational knowledge by exploring the five core elements of cybersecurity. You'll examine how classifying what motivates an attacker to attack a network or system can go a long way into figuring out how to best protect systems and networks. Next, you'll explore the many types of attacks that threat actors use to gain access to systems and sensitive data. Finally, you'll learn about information warfare, including its categories and strategies. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
5 videos | 1h 9m has Assessment available Badge
CEH v11: Cyber Kill Chain, TTPs, Behaviors & Threat Hunting
If you know how most threat actors and groups attack their targets, you'll be better equipped to defend against those attacks. In this course, you'll explore the seven phases of the Cyber Kill Chain, which aims to guide defenders in their understanding of commonly used attack strategies. Next, you'll learn how tactics, techniques, and procedures can help you better understand the threats your organization faces. You'll move on to examine behavioral patterns typical with today's threat actors and Advanced Persistent Threats. The average time it takes to detect a breach is around 200 days, which is why threat hunting has become a standard security practice. To complete this course, you'll explore threat hunting and its usefulness, as well as the concept of Indicators of compromise. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 1h 5m has Assessment available Badge
CEH v11: Hacking Phases & Concepts
Being an ethical hacker means, in some ways, that you'll need to assume the identity of a bad hacker. In this course, you'll learn what it means to be a hacker, the common hacker classes, and the five phases of hacking. As an ethical hacker, you may encounter those that don't understand what that means and how a person can use seemingly dangerous skills towards an ethical purpose. You'll examine ethical hacking and how it can be a great tool for helping to create a more secure network. You'll also explore skills and limitations common to ethical hackers. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
2 videos | 41m has Assessment available Badge
CEH v11: Risk Management, Cyber Threat Intelligence & Threat Modeling
At the end of the day, cybersecurity is all about understanding risk. In this course, you'll learn about how risk pertains to cybersecurity, risk levels, and how to use a risk matrix to visualize risk. You'll also examine the concept, practice, and phases of risk management, which can help you minimize the negative effects of risk. Next, you'll explore how using Cyber Threat Intelligence is a more proactive approach towards your cybersecurity defenses and the four types of CTI. Finally, you'll learn about using threat modeling to stop threats before they become security incidents and the five steps common to the threat modeling process. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 51m has Assessment available Badge
CEH v11: Incident Management, ML, AI & Regulations
A very important job that a cybersecurity professional will need to be familiar with is that of incident management. In this course, you'll explore incident management and what it's designed to accomplish. Next, you'll examine the nine steps of the incident handling and response process to help familiarize yourself with the actions and expectations you may need to take to properly deal with a security incident. You'll learn about effective tools for protecting against advanced threats, as well as the role artificial intelligence and machine learning play in the current cybersecurity battlefield. Finally, you'll examine standards, regulations, and laws that govern how computer systems must be secured and maintained. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 1h 12m has Assessment available Badge
CEH v11: Footprinting, Google Dorks, Search Engines & Sub-domains
Knowledge is power and in the ethical hacking game, the more you know about your target, the more likely you are to find a weakness in their security. In this course, you'll explore the practice of footprinting and the different types of information you can gather in this initial stage of attack. Next, you'll examine Google Dorks and some of the useful advanced search features of the Google search engine. You'll learn how to use the Shodan, Censys, and Thingful search engines to find IoT and other Internet-connected hosts and services in order to see the larger attack surface of a target. Finally, you'll explore sub-domains and how they can lead to compromise if not properly managed, as well as some tools that can help you enumerate a target's sub-domains. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 1h 5m has Assessment available Badge
CEH v11: Recon Tools & Tactics
Having knowledge of a target's physical location can be useful for social engineering and physical security assessments. In this course, you'll explore tools and tactics used to learn a target's geographical location. Next, you'll examine how conducting Open Source Intelligence on social media sites can yield sensitive information through direct investigation or social engineering. You'll move on to learn how to utilize job posts and job boards to search out useful target info like what technologies are being used, names of legitimate users, and areas they may be weak due to lack of staffing. Finally, you'll explore the large portion of the Internet that consists of the dark and deep webs and how these mostly unseen resources can be used to discover potentially sensitive info about a target. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 56m has Assessment available Badge
CEH v11: Metadata, Wordlists, Email, WHOIS & DNS Recon
When you're looking for useful target information, you want to pull from every available source. In this course, you'll investigate how to gather and inspect metadata for possible sensitive info about a target. You'll learn how to use wordlists for fuzzing and password attacks, about the usefulness of custom wordlists, and how to generate a wordlist based off the target's web presence. Next, you'll examine how e-mail tracking systems can glean info like IP addresses, geolocation, and host operating systems. Finally, you'll learn about useful information that can be found using WHOIS and DNS service. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 54m has Assessment available Badge
CEH v11: Footprinting and Social Engineering Recon & Countermeasures
If you're engaged in a security assessment, mapping your target's public network presence is a critical step in that process. In this course, you'll learn how to discover the public network info associated with your target. Next, you'll explore a few commonly used footprinting tools that will help you with not only the exam, but that can be used in real life as well. You'll move on to examine how you can use social engineering techniques like shoulder surfing and dumpster diving to obtain useful or sensitive information about your target's organization. Finally, you'll learn about some security controls that could be recommended to a client to help them better protect against an attacker's footprinting and recon efforts. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 51m has Assessment available Badge
CEH v11: Network Scanning, TCP, Host Discovery & Port/Service Scanning
An ethical hacker can be most effective when employing the right tools for the job. In this course, you'll learn about networking scanning types and the various flags used in TCP communication. Next, you'll explore commonly used network scanning tools used by many of today's security professionals. You'll then move on to learn about tools that can be used for host discovery, common methods of implementation, and even some countermeasures for prevention purposes. Finally, you'll examine the differences between port and service scans, their use cases, and common port/service associations. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
5 videos | 57m has Assessment available Badge
CEH v11: Nmap TCP Scans
When scanning a target with Nmap for open ports and/or services, there are several common types of scans. In this course, you'll explore TCP Connect scans, how to issue a TCP Connect scan with Nmap, and pros and cons of using this type of scan. You'll also look at Stealth and TCP scans, how to issue them with Nmap, and their pros and cons. Next, you'll examine how good network security professionals employ firewalls to protect their assets and how this can hinder network-based recon activities. Finally, you'll learn about using Nmap's ACK scan for the purposes of mapping possible firewall rules enumerating port states. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 51m has Assessment available Badge
CEH v11: Nmap IP Scans
Staying off of the radar of your target's security team is a common goal for many ethical hackers when performing security assessments. In this course, you'll learn to use the Nmap IDLE/IPID scan to take advantage of other network hosts to obfuscate scan origins from detection systems and logs. You'll explore using Nmap to discover what is utilizing UDP to help you add to your list of possible inroads of a target system. You'll also examine how SCTP works and how to work with Nmap to use it for scanning purposes. Finally, you'll learn about using Nmap's IPv6 option as another way to discover open ports and about using the versioning option to learn more about the service running on open ports. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 53m has Assessment available Badge
CEH v11: Scan Optimization, OS Identification & IDS/Firewall Evasion
Running Nmap scans can sometimes take a lot of time. In this course, you'll explore a few options and techniques for decreasing the amount of time you wait for Nmap to complete its scans. Knowing what operating system your target is running sets the stage for how you'll conduct the subsequent steps of your hacking methodology, so you'll also examine common tools and techniques for discovering a target's host OS. Finally, you'll learn about tactics and tools that can be used to help you evade common network security controls such as firewalls and IDS. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 46m has Assessment available Badge
CEH v11: NetBIOS, SMB, SNMP & LDAP Enumeration
To be a successful ethical hacker, you need to be good at gathering information. In this course, you'll explore the concept of enumeration, including what it is, how it's done, and the importance of the details gathered during this process. Next, you'll learn how to enumerate a target's useful or sensitive information using both SMB and NetBIOS. You'll move on to learn how you can use SNMP to access information about target systems. Finally, you'll explore the details of the LDAP protocol and some tools that use LDAP to help you enumerate your targets. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 53m has Assessment available Badge
CEH v11: NTP, NFS, SMTP & FTP Enumeration
Having the correct time helps to ensure systems operate properly, especially if you have configured things like time-based access. In this course, you'll explore the Network Time Protocol, including attributes and enumeration tools. You'll also examine the Network File System and how it can be taken advantage of when implemented incorrectly. Finally, you'll learn about the Simple Mail Transfer Protocol (SMTP) and File Transfer Protocol (FTP), including what details can be enumerated from target systems using both of these protocols. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 48m has Assessment available Badge
CEH v11: Vulnerability Assessment, Management & Classification
One of the main job duties of many ethical hackers is performing vulnerability assessments. In this course, you'll explore the basic concepts of vulnerability assessments, as well as tools and resources commonly used when performing one. You'll examine the vulnerability management life cycle and common activities performed during it. Finally, you'll learn about the various vulnerability types you may discover during an assessment. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 51m has Assessment available Badge
CEH v11: Vulnerability Assessment Types, Models, Tools & Reports
Performing a vulnerability assessment allows you to locate potential weaknesses in systems, networks, and channels of communication. This is a vital step in defending systems against attacks. In this course, you'll learn about the different types of vulnerability assessments. You'll move on to explore various vulnerability assessment models and tools. Finally, you examine important information that should be included in your vulnerability assessment reports. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 56m has Assessment available Badge
CEH v11: CEH Hacking Methodology & Windows Authentication
When it comes to ethical hacking, repeatable successful tactics and processes are the name of the game. In this course, you'll explore the CEH Hacking Methodology to understand each of its phases and goals. You'll also learn about Windows authentication methods and the process behind them. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
2 videos | 33m has Assessment available Badge
CEH v11: Passwords Attacks, Extraction & Cracking
Passwords are a part of many of today's authentication systems and are therefore prone to attack. In this course, you'll investigate common attack methods and tools used to defeat passwords. You'll examine how hackers are able to obtain and decrypt a user's password, including tools and techniques used to procure encrypted passwords and cracking tools used to uncover the original password data. Finally, you'll learn about common password cracking enhancement techniques aimed to decrease the amount of time and increase the success rate when attempting to crack passwords. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 58m has Assessment available Badge
CEH v11: Buffer Overflows, Privilege Escalation & System Access
Buffer overflows can be one of the more mysterious and difficult techniques to understand and employ, but when successful they can be highly useful when gaining access to target systems. In this course, you'll explore the basic concepts behind buffer overflows, as well as some useful protections against them and how to develop and deploy them in a test environment. Next, you'll examine common privilege escalation techniques, for both Windows and Linux operating systems, that can help you obtain full administrative access. Once you've fully compromised a host, you're going to want to hang on to that access for a long as possible. Finally, you'll learn about tools and techniques that will help you maintain access over a compromised target system. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 1h 2m has Assessment available Badge
CEH v11: Steganography & Avoiding Detection
Exfiltration of sensitive data is a common goal of many hacks. In this course, you'll explore how hackers are able to avoid detection when exfiltrating data by using steganography techniques and tools. On average it takes roughly nine months before a breach is detected. You'll also examine common tactics attackers use to cover their tracks and avoid detection by administrators. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
2 videos | 42m has Assessment available Badge
CEH v11: Malware, Threats, Trojans & Viruses
Malware is a common threat used to attack, compromise, and even destroy computer systems. In this course, you'll learn about common malware types and components so you can properly defend against malicious software. Then, you'll move on to explore Advanced Persistent Threats, which are becoming more and more of a danger due to their sophisticated malware. You'll examine the malicious software version of the Trojan Horse, as well as the different types of trojans, deployment methods, construction, and techniques for evading anti-virus detection. Finally, you'll learn about viruses and worms, including concepts, types, and characteristics. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 1h 12m has Assessment available Badge
CEH v11: Fileless Malware, Malware Analysis & Countermeasures
The most common way for anti-virus programs to detect a malware infection is by checking files against a database of known-malicious objects. In this course, you'll learn about fileless malware, which avoids detection by not writing any files with known malicious content. Next, you'll explore malware analysis techniques that allow you to configure stronger defenses. You'll also examine sheep dipping and how to build a test environment. There are many security controls to protect against malware infections, so you'll complete this course by learning about countermeasures like logging, anti-virus, and backups. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 1h 3m has Assessment available Badge
CEH v11: Sniffing & Poisoning
Networks are constantly sending data to deliver messages and keep network services working, but those data packets may contain sensitive information like passwords. In this course, you'll examine how an attacker can gain access to sensitive data through packet sniffing. You'll learn how attackers can manipulate DHCP, which can allow them to then intercept target host communications. Next, you'll explore how attackers can manipulate ARP by taking advantage of the default functions of the ARP protocol. You'll move on to examine how attackers trick users into sharing personal information through DNS poisoning. Finally, you'll learn about common security controls that allow networks to communicate, while still adding layers of scrutiny, control, and obfuscation. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
5 videos | 1h 23m has Assessment available Badge
CEH v11: Social Engineering, Insider Threats & Identity Theft
Often times, the most insecure point in a network is not the network hosts, but the end user that works with it. In this course, you'll explore the concepts and tactics of social engineering attacks, where the end user becomes the vulnerable system. The most dangerous attack can come from inside your network. You'll also examine insider threats, including why they're effective, their organization impacts, and why they're difficult to detect and defend against. Identity theft is one of the most common and lucrative avenues of attack. To complete this course, you'll learn the basic concepts, motives, and goals behind identity theft attacks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 55m has Assessment available Badge
CEH v11: DoS, DDoS, Volumetric & Protocol Attacks
Denial of Service attacks can be very disruptive to an organization both monetarily and reputationally. In this course, you'll explore Denial of Service and Distributed Denial of Service attacks, as well as common DoS techniques and categories and common tools used to perform them. Next, you'll examine volumetric DoS attacks, which are one of the more common types deployed by attackers. These include UDP flood, Ping of Death, Smurf, and Pulse Wave. Finally, you'll learn about protocol-based DoS attacks, including SYN floods, ACK floods, and fragmentation attacks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 50m has Assessment available Badge
CEH v11: App Layer Attacks, Botnets & DoS Countermeasures
The application layer is another prime target for Denial of Service attacks. In this course, you'll explore common application layer DoS attacks like SlowLoris, the Reddit Hug of Death, and UDP app-layer attacks. With botnet traffic making up about 25% of all Internet traffic, they are a real cause for concern. You'll also learn about bots and botnets, including their purpose and common ways they are proliferated. Since Denial of Service attacks can cause so much havoc, you need to do all you can to defend against them. Finally, you'll explore commonly deployed DoS and DDoS defensive countermeasures, tools, and strategies. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 48m has Assessment available Badge
CEH v11: Hijacking Concepts & Countermeasures
Sessions are like a verified conversation between trusted systems, which makes session hijacking a common form of attack. In this course, you'll learn about session hijacking, including how it's accomplished and the different types. Session hijacking attacks can be performed at the network level, so you'll also explore common network-based session hijacking attacks such as UDP, TCP, and RST hijacking. Next, you'll move on to examine common application level session hijacking attacks such as man-in-the-middle, man-in-the-browser, cross-site scripting, and cross-site request forgery. Finally, you'll learn about common session hijacking security controls and countermeasures, as well as best practices like using encrypted protocols and secure session handling techniques. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 1h 2m has Assessment available Badge
CEH v11: Intrusion Prevention and Detection, Firewalls & Honeypots
Intrusion detection and prevention systems are security controls that provide alerts and protection for many organizations today. In this course, you'll explore their function, commonly deployed IDS/IPS solutions, and techniques for evading detection by these systems. Next, you'll examine firewalls, their role as a security countermeasure, and techniques commonly used to bypass them. If you know how an attacker is likely to attack, you can build better defenses to protect your organization. Finally, you'll learn how honeypots can be used to determine the attacks a production network is most likely to face from threats. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 54m has Assessment available Badge
CEH v11: Web Server Hacking, Attacks & Attack Methodologies
Having a web presence is almost a necessity in today's business age, but web applications can be very complicated and difficult to build securely. This includes the web server that runs the app. In this course, you'll explore the web server, its function, common components that can lead to vulnerabilities, and security controls to help mitigate those possible vulnerabilities. Next, you'll examine common web server attacks such as directory traversal, HTTP response splitting, and Server-side Request Forgery. Finally, you'll learn how following an established attack methodology will increase your likelihood of success when attacking a web server, and examine a common web server attack methodology and tools and techniques used at each step. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 1h 1m has Assessment available Badge
CEH v11: Web Application Attacks & Vulnerabilities
Web applications are typically the face of most organizations today. It's how customers interact with an organization's services, which makes for an inviting target for attackers. In this course, you'll examine the details of web applications, including their commonly used technologies, associated risks, and defenses. Next, you'll explore the OWASP Top 10 Web Application Attacks document, one of the best resources for understanding web application security vulnerabilities, and learn how to use common attacks as ethical hackers and protect against them as defenders. Finally, you'll learn about unvalidated redirects and forwards and how they can be used to access protected data. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 57m has Assessment available Badge
CEH v11: CSRF, IDOR, LFI & RFI Attacks
Cross-Site Request Forgery, Direct Object Reference, and Local and Remote File Inclusion attacks can prove very harmful to web applications. In this course, you'll examine how these attacks work and how to recognize them. First, you'll explore CSRF attacks and how they can be leveraged to attack users. Next, you'll learn about the IDOR attack, including how to find and exploit it. Finally, you'll learn about LFI and RFI attacks, including how they work and how they can be leveraged to gain access to a remote system. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 39m has Assessment available Badge
CEH v11: Web Application Hacking & Login Attacks
The key to success when security testing a web application is making sure you have an effective plan. In this course, you'll explore the common web app hacking methodology, as described by EC-Council. Next, you'll learn how the tools you have at your disposal will be crucial to your success when testing the security of any web application. Finally, getting past the login page of a web application can be a common first stop for security researchers, so you'll examine how to accomplish this using techniques like injection and brute-force attacks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 1h 1m has Assessment available Badge
CEH v11: XSS, Web Shells, APIs & Webhooks
Common attack vectors such as cross-site scripting are becoming more difficult to exploit due to the implementation of defenses. In this course, you'll examine how to evade input filters to gain XSS execution. Next, you'll explore web shells, including how they can be deployed, defenses, and evasions. Many of today's web applications utilize an Application Programming Interface to facilitate interaction between clients and services. To wrap up this course, you'll learn about attributes of APIs, how they compare with webhooks, and common vulnerabilities and security countermeasures associated with both APIs and webhooks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 1h has Assessment available Badge
CEH v11: SQL Injection Concepts & Attacks
Many web applications store data in a back-end database and the data is then retrieved as the end user requests it from the front end. This process can allow for end-user injection of SQL queries, revealing sensitive data to the unauthorized attacker. In this course, you'll learn about SQL injection, including attack types, tools, security controls, and defense evasion techniques. Next, you'll explore error-based SQLi and how to test for and exploit this common SQLi vulnerability. SQL injections can be used to gain access to sensitive information or even allow access into a remote system, but they aren't always easily executed. To complete this course, you'll learn about blind-based SQLi methods and how to use them to access sensitive information on a remote system. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 57m has Assessment available Badge
CEH v11: SQL Injection & SQLMap
SQL injection is typically used to access sensitive information from a target's database, but under the right circumstances, it can be used to access the remote file system or even allow for remote system shell access. In this course, you'll learn the SQLi techniques used to read and write to files on the target system, as well as gain interactive shell access. Manual SQL injection testing is a necessary skill, but often time to test is limited and it's useful to have a tool like SQLMap. You'll finish this course by learning how to use SQLMap to automate the process of testing SQL injections. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
2 videos | 42m has Assessment available Badge
CEH v11: Wireless Concepts, Threats & Hacking Tools
Wireless technologies abound in today's networks, making them a prime target for attack. In this course, you'll explore the features of Wi-Fi, common standards, authentication types, antennas, and encryption schemes. Next, you'll examine common threats against wireless technologies that you need to be aware of to be an effective security professional, including authentication attacks, Evil Twins, Rogue AP, and Denial of Service. To complete this course, you'll learn about commonly used wireless hacking tools, including those used for discovery, mapping, traffic analysis, and wireless attacks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 1h 4m has Assessment available Badge
CEH v11: Wireless Hacking & Countermeasures
There are a few common attack vectors when targeting Wi-Fi networks that you should be aware of. In this course, you'll learn how to perform wireless hacking attacks such as MAC spoofing, de-authentication, and WPA/2 encryption cracking. Defending wireless networks can be a daunting task if you're unaware of effective security countermeasures. To complete this course, you'll explore common security controls that will get you on the right track to keeping your wireless network safe. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
2 videos | 43m has Assessment available Badge
CEH v11: Mobile Hacking, OS Security & Device Management
Mobile devices are one of the core components of today's network environments, so it's vital to know how and where they are possibly vulnerable. In this course, you'll explore the attack surface related to mobile devices and the Top 10 Mobile Risks as defined by OWASP, in terms of both attacking and defending these critical pieces of infrastructure. Next, you'll examine common vulnerabilities and attack tools for both Android and iOS, as well as defensive measures you can take to secure them. One of the main reasons that attackers are successful against mobile devices is due to the difficulty in managing them. To complete this course, you'll learn about the need for mobile device management software, how to deploy it, and how it helps secure things in a BYOD world. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 1h 26m has Assessment available Badge
CEH v11: IoT Threats, Vulnerabilities, Attack Tools & Countermeasures
Internet-of-Things (IoT) devices make our lives convenient and that makes them more prevalent every day. In this course, you'll learn about IoT and its main components, as well as IoT architecture, deployment areas, protocols, communication models, and security challenges. The best way to effectively attack IoT devices is to be familiar with the common threats and vulnerabilities, so next you'll explore these areas. Finally, you'll examine common attacks and hacking tools that you can use to gain access to IoT devices, as well as defensive countermeasures you can employ to protect against those attacks and tools. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 1h 4m has Assessment available Badge
CEH v11: Operational Technology Concepts, Attack Tools & Countermeasures
To be effective at both defending and attacking Operational Technology (OT) systems, you must first be aware of the basic components and concepts that OT systems are made of. In this course, you'll explore OT systems and their base components, as well as systems such as Industrial Control System, Supervisory Control and Data Acquisition, programmable logic controllers, and Intelligent Electronic Devices. You'll also learn about the common security challenges facing OT systems. Finally, you'll examine common OT-related attacks, tools, and defensive countermeasures. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
2 videos | 45m has Assessment available Badge
CEH v11: Cloud Computing, Containers, Hacking & Security Controls
Many of today's systems are becoming cloud-based at a rapid pace. In this course, you'll explore different cloud services, deployment models, responsibility areas, and architectures relevant to your CEH exam. Another rapidly adopted technology in today's networks is containers, making knowledge of them a necessary skill. You'll examine containers, technologies like Docker, and orchestration, as well as common security challenges. Next, you'll learn why cloud services have been prone to security issues and breaches and examine common security vulnerabilities and assessment tools. Finally, you'll learn about common security controls for cloud environments that can help you protect cloud accounts, storage, containers, and orchestration. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
4 videos | 1h 26m has Assessment available Badge
CEH v11: Cryptography, Algorithms, Implementations & Tools
Encryption is one of the best security controls available for defending computer networks and data, and cryptography plays a vital role in this process. In this course, you'll explore cryptography, including its purpose, types, and common ciphers, to help you better understand the strengths and weaknesses of common crypto-systems. Next, you'll examine the common algorithms and implementations used by various crypto-systems, including symmetric and asymmetric algorithms, hashing functions, and digital signatures. Encryption is highly effective for protecting sensitive data, but how do you encrypt something? To complete this course, you'll learn about tools that can help you to secure sensitive data on servers, desktops, e-mail, and mobile. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 49m has Assessment available Badge
CEH v11: PKI, Cryptanalysis & Attack Countermeasures
In today's day and age, we must be encrypting data for secure communication with third parties. But how is this accomplished? In this course, you'll examine Public Key Infrastructure as an encryption solution. You'll also explore PKI components, process, and how it compares with self-signed certificates. As long as there has been encrypted data, there have been attempts to break those encryptions. You'll next learn about cryptanalysis methods and attacks used to reveal hidden messages. Finally, you'll explore how to deploy the right encryption in the right way by learning about best practices and strategies for keeping your data safe. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.
3 videos | 52m has Assessment available Badge

COURSES INCLUDED

CompTIA PenTest+: Scoping & Engagement
Penetration testing is a coordinated and simulated cyberattack used to evaluate the security of a computer system or computer network. The initial and critical planning phase of penetration testing is key to a successful engagement process. In this course, you'll explore the fundamentals of penetration testing, including a comparison of governance, risk, and compliance concepts. You'll examine legal concepts such as service level agreements, statements of work, non-disclosure agreements, and master service agreements. You'll learn the importance of scoping and organizational and customer requirements, including common standards and methodologies, rules of engagement, environmental considerations, target list definition, and scope of the engagement validation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
15 videos | 1h 23m has Assessment available Badge
CompTIA PenTest+: Professionalism & Integrity
Penetration testers must be ethical in order to avoid any illegal activities and to best serve clients. In this course, you'll learn how to develop and demonstrate an ethical hacking mindset by maintaining integrity and professionalism during penetration testing exercises. You'll explore the importance of performing background checks on penetration testing team members and adhering to the scope of engagement. You'll then examine how to identify, handle, and report on security breaches and potential findings of a criminal nature. You'll learn how to limit the use of tools for a particular engagement and invasiveness based on scope. Lastly, you'll learn the importance of maintaining data and information confidentiality of data and information and explore risks to penetration testing team members. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
10 videos | 1h 8m has Assessment available Badge
CompTIA PenTest+: Vulnerability Scanning
Vulnerability scanning is a process used to assess systems for known weaknesses. In this course, you'll learn how to configure vulnerability scanner settings and scan targets for vulnerabilities. You'll explore the different types of scanning methods, as well as vulnerability testing tools and common scanning themes. Next, you'll learn how to perform a scan analysis. You'll also examine the Nmap utility, which is designed to discover hosts and services on a computer network. You'll move on to explore Nmap Scripting Engine scripts and the numerous switches included in the Nmap utility that can helpful in penetration testing. Lastly, you'll learn about vulnerability testing tools that can help facilitate automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
14 videos | 1h 30m has Assessment available Badge
CompTIA PenTest+: Network Attacks & Exploits
Network attacks are commonly performed to gain unauthorized access to an organization's network, with a goal of performing malicious activity or stealing data. In this course, you'll learn how to research attack vectors and perform network attacks. You'll learn about password attacks such as password spraying, hash cracking, brute force, and dictionary. You'll explore how to perform common network attacks such as ARP poisoning, on-path, kerberoasting, virtual local area network hopping, as well as Link-Local Multicast Name Resolution and NetBIOS Name Service poisoning. Finally, you'll explore common network attack tools such as Metasploit, Netcat, and Nmap. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
19 videos | 2h 6m has Assessment available Badge
CompTIA PenTest+: Penetration Testing Tools
A penetration tester's toolkit should include a wide range of tools and may vary based on the penetration testing engagement requirements. In this course, you'll explore use cases of tools required during the different phases of a penetration test. You'll examine scanner tools such as Nikto, SQLmap, and WPScan, as well as credential testing tools and debuggers. You'll learn about open-source intelligence tools, as well as wireless and networking tools such as Wireshark. Next, you'll explore web application, social engineering, remote access tools, and other miscellaneous tools. Lastly, you'll learn about common steganography tools and cloud tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
16 videos | 1h 36m has Assessment available Badge

COURSES INCLUDED

CompTIA PenTest+: Scoping & Engagement
Penetration testing is a coordinated and simulated cyberattack used to evaluate the security of a computer system or computer network. The initial and critical planning phase of penetration testing is key to a successful engagement process. In this course, you'll explore the fundamentals of penetration testing, including a comparison of governance, risk, and compliance concepts. You'll examine legal concepts such as service level agreements, statements of work, non-disclosure agreements, and master service agreements. You'll learn the importance of scoping and organizational and customer requirements, including common standards and methodologies, rules of engagement, environmental considerations, target list definition, and scope of the engagement validation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
15 videos | 1h 23m has Assessment available Badge
CompTIA PenTest+: Professionalism & Integrity
Penetration testers must be ethical in order to avoid any illegal activities and to best serve clients. In this course, you'll learn how to develop and demonstrate an ethical hacking mindset by maintaining integrity and professionalism during penetration testing exercises. You'll explore the importance of performing background checks on penetration testing team members and adhering to the scope of engagement. You'll then examine how to identify, handle, and report on security breaches and potential findings of a criminal nature. You'll learn how to limit the use of tools for a particular engagement and invasiveness based on scope. Lastly, you'll learn the importance of maintaining data and information confidentiality of data and information and explore risks to penetration testing team members. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
10 videos | 1h 8m has Assessment available Badge
CompTIA PenTest+: Passive Reconnaissance
One of the main responsibilities of a penetration tester is to gather information by way of reconnaissance. Simply put, reconnaissance is the process of collecting as much information as possible about a target. In this course, you'll learn how to gather information using various passive reconnaissance techniques such as DNS lookups, cryptographic flaws, and social media scraping. You'll learn how to differentiate between cloud and self-hosted reconnaissance and examine valuable data found in password dumps, metadata, and public source-code repositories. You'll also explore how to use open source intelligence techniques, tools, and sources to exploit weaknesses and gather intelligence. This course will help prepare learners for the CompTIA PenTest+ PT0-002 certification exam.
11 videos | 1h 18m has Assessment available Badge
CompTIA PenTest+: Active Reconnaissance
Active reconnaissance requires a penetration tester to engage and interact with the targeted system to gather information and identify vulnerabilities. To do this, penetration testers can use several different methods including automated scanning and manual testing techniques. In this course, you'll learn how to use active reconnaissance techniques such as enumeration and web site reconnaissance, which are commonly used to gather intelligence about hosts, services, and web sites. You'll also learn about packet crafting, tokens, wardriving, network traffic, active fingerprinting, and defense detection and avoidance techniques. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
13 videos | 1h 14m has Assessment available Badge
CompTIA PenTest+: Vulnerability Scanning
Vulnerability scanning is a process used to assess systems for known weaknesses. In this course, you'll learn how to configure vulnerability scanner settings and scan targets for vulnerabilities. You'll explore the different types of scanning methods, as well as vulnerability testing tools and common scanning themes. Next, you'll learn how to perform a scan analysis. You'll also examine the Nmap utility, which is designed to discover hosts and services on a computer network. You'll move on to explore Nmap Scripting Engine scripts and the numerous switches included in the Nmap utility that can helpful in penetration testing. Lastly, you'll learn about vulnerability testing tools that can help facilitate automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
14 videos | 1h 30m has Assessment available Badge
CompTIA PenTest+: Network Attacks & Exploits
Network attacks are commonly performed to gain unauthorized access to an organization's network, with a goal of performing malicious activity or stealing data. In this course, you'll learn how to research attack vectors and perform network attacks. You'll learn about password attacks such as password spraying, hash cracking, brute force, and dictionary. You'll explore how to perform common network attacks such as ARP poisoning, on-path, kerberoasting, virtual local area network hopping, as well as Link-Local Multicast Name Resolution and NetBIOS Name Service poisoning. Finally, you'll explore common network attack tools such as Metasploit, Netcat, and Nmap. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
19 videos | 2h 6m has Assessment available Badge
CompTIA PenTest+: Wireless Attacks
The goal of a wireless network attack is generally to capture information sent across the network. In this course, you'll learn how to research attack vectors and perform wireless attacks. You'll explore common wireless network attack methods including eavesdropping, data modification, data corruption, relay attacks, spoofing, jamming, on-path, and capture handshakes. You'll then learn about common network attacks such as evil twin, bluejacking, bluesnarfing, radio-frequency identification cloning, amplification attacks, and Wi-Fi protected setup PIN attacks. Lastly, you'll discover how to use aircrack-ng suite and amplified antenna wireless network attack tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
13 videos | 1h 4m has Assessment available Badge
CompTIA PenTest+: Application-based Attacks
Application-based attacks are designed to deliberately cause a fault in a computer's operating system or applications. In this course, you'll learn how to research attack vectors and perform application-based attacks. You'll explore the benefits of the OWASP Top 10 standard awareness document, which is used to present the most critical security risks to web applications. You'll examine application-based attacks such as server-side request forgery, business logic flaws, and injection attacks. You'll move on to learn about application vulnerabilities such as race conditions, lack of code signing, and session attacks, as well as the characteristics of API attacks such as Restful, Soap, and Extensible Markup Language-Remote Procedure Call. Lastly, you'll learn about application-based attack tools and resources. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
15 videos | 1h 24m has Assessment available Badge
CompTIA PenTest+: Attacks on Cloud Technologies
Penetration testers need to account for all types of systems available in an environment. In addition to servers and network appliances, this can also include cloud-based systems. In this course, you'll learn how to research attack vectors and perform attacks on cloud technologies. You'll explore common cloud-based attacks, such as credential harvesting, privilege escalation, and account takeovers. You'll learn how to identify misconfigured cloud assets, including identity and access management and containerization technologies. You'll move on to explore how cloud malware injection, denial of service, and side-channel attacks can exploit a system. Lastly, you'll learn about common cloud tools such as the software development kit. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
13 videos | 1h 13m has Assessment available Badge
CompTIA PenTest+: Attacks on Specialized Systems
Specialized systems by nature can be very challenging for penetration testers. They can use proprietary operating systems and file systems, and may require advanced reverse engineering and sandbox analysis. However, specialized systems are also very susceptible when it comes to weaknesses and vulnerabilities. In this course, you'll learn how to identify common attacks and vulnerabilities against specialized systems, including mobile systems and Internet of Things devices. You'll also explore common vulnerabilities, including data storage system vulnerabilities, management interface vulnerabilities, vulnerabilities related to virtual environments, and vulnerabilities related to containerized workloads. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
11 videos | 1h 14m has Assessment available Badge
CompTIA PenTest+: Social Engineering Attacks
Social engineering involves the psychological manipulation of people and it's used to trick them into divulging information or performing certain actions. In this course, you'll learn how social engineering attacks are performed and how they can be used by attackers. You'll explore the pretext for a social engineering approach, as well as various social engineering attacks such as e-mail phishing, vishing, short message service, phishing, universal serial bus drop key, and watering hole. You'll then learn about tailgating, dumpster diving, shoulder surfing, and badge cloning physical attack methods. Lastly, you'll examine social engineering impersonation techniques, methods of influence, and tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
15 videos | 1h 50m has Assessment available Badge
CompTIA PenTest+: Post-Exploitation Techniques
Cybercriminals use post-exploitation techniques to maintain a level of access while they attempt to perform other actions during an open session. In this course, you'll learn about post-exploitation techniques and tools. You'll explore common post-exploitation tools such as Empire, Mimikatz, and BloodHound. Next, you'll examine post-exploitation techniques such as lateral movement, privilege escalation, and upgrading a restrictive shell. You'll learn techniques used to maintain foothold and persistence using trojans, backdoors, and daemons. Finally, you'll learn detection avoidance techniques, as well as enumeration techniques used to extract users, groups, forests, sensitive data, and unencrypted files. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
12 videos | 1h 5m has Assessment available Badge
CompTIA PenTest+: Written Reports
A final written report is prepared by a penetration tester or testing team to document all findings and recommendations for the client once the engagement has completed. In this course, you'll learn the critical components of a written report, as well as the importance of communication during the penetration testing process. You'll explore how to analyze and report on findings, and how to securely distribute of the final product. Next, you'll examine common content to include in a written report such as an executive summary, scope details, methodology, findings, and conclusion. Lastly, you'll learn the steps required to properly analyze the findings and recommend the appropriate remediation within a report. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
10 videos | 1h 21m has Assessment available Badge
CompTIA PenTest+: Communication & Post-Report Activities
During penetration testing, tester activities can leave behind remnants that may alter a system. Any action performed during testing should be clearly documented. Upon completion of testing, penetration testers should perform a series of post-report delivery activities that include removing shells, removing tester created credentials, and removing any penetration testing tools. In this course, you'll explore post-report delivery activities such as post-engagement cleanup, client acceptance, lessons learned, attestation of findings, as well as data destruction processes and best practices. You'll also learn the importance of communication during the penetration testing process. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
11 videos | 45m has Assessment available Badge
CompTIA PenTest+: Analyzing Tool & Script Output
Scripting languages can be used by penetration testers to help automate the execution of common tasks and increase the depth and scope of testing coverage. In this course, you'll learn the basic concepts of scripting and software development. Explore logic constructs concepts such as loops and conditionals, as well as the following operators; Boolean, string, and arithmetic. Discover other basic concepts of scripting including data structures, libraries, classes, procedures, and functions. You then explore how to analyze a script or code sample for use in a penetration test. Discover shells, programming languages, and exploit codes, and learn how to identify opportunities for automation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
12 videos | 1h 9m has Assessment available Badge
CompTIA PenTest+: Penetration Testing Tools
A penetration tester's toolkit should include a wide range of tools and may vary based on the penetration testing engagement requirements. In this course, you'll explore use cases of tools required during the different phases of a penetration test. You'll examine scanner tools such as Nikto, SQLmap, and WPScan, as well as credential testing tools and debuggers. You'll learn about open-source intelligence tools, as well as wireless and networking tools such as Wireshark. Next, you'll explore web application, social engineering, remote access tools, and other miscellaneous tools. Lastly, you'll learn about common steganography tools and cloud tools. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
16 videos | 1h 36m has Assessment available Badge

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.