Ethical Hacking, Pen Testing, Red Teaming and Bug Hunting Deep Dive
Published by Pearson
How to Become a Hacker
- Real-world hacking and bug hunting with hands-on demos throughout
- Daily assignments that include homework labs
- A walkthrough of a real penetration test from start to finish
- Expert insights to help jumpstart your career
Start your ethical hacking and penetration testing career with this intensive 2-day bootcamp taught by Omar Santos, best-selling security author and speaker. To become a hacker, you need to really immerse yourself in the world of cybersecurity. This training is built to give you that inside look and uses live discussions, real-world demos, labs, and insights from someone who is on the front lines. You will benefit from expert use cases of the methodologies used to assess and compromise a network and then take a look at different tools that can be used to hack a wired and wireless network and the systems within that network.
No prior penetration testing or ethical hacking experience is needed. This is the perfect training if you want to start a career in ethical hacking or if you just want to learn how to test your on-premises or cloud-based systems and applications. You will be introduced to offensive cybersecurity concepts and then walk through a complete penetration test, from beginning to end. You will explore passive and active reconnaissance, fuzzing, enumeration, vulnerability assessment, exploitation, and post-exploitation techniques. This course is also helpful for those seeking certifications such as the Offensive Security Certified Professional (OSCP) Certification, CEH Practical, PenTest+, or the GIAC Penetration Tester (GPEN). This live training can also help you if you want to start participating in bug bounties.
What you’ll learn and how you can apply it
- Fundamentals of ethical hacking or security penetration testing
- How to build your lab with WebSploit Labs, Kali Linux, and Parrot Security to perform different penetration testing and bug hunting scenarios
- Passive and Active Reconnaissance, Open-Source Intelligence (OSINT), Vulnerability Scanning and Fuzzing, and Attack Surface Management
And you’ll be able to:
- Find vulnerabilities in modern applications and APIs
- Perform privilege escalation, command and control, exfiltration, and post-exploitation techniques
- Bypass modern cybersecurity monitoring and control solutions
This live event is for you because...
- You have a basic understanding of cybersecurity fundamentals
- You would like to learn the fundamentals of ethical hacking and penetration testing
- You would like to learn about the tools necessary to perform penetration testing as well as real-life methodologies
- You are studying for the Certified Ethical Hacker (CEH) Practical, Offensive Security Certified Professional (OSCP), PenTest+, or GPEN Certifications
- Anyone interested in cybersecurity and penetration testing (ethical hacking) will benefit from this training
- You want to learn different methodologies and best practices to perform security penetration testing assessments
Prerequisites
- Course participants should have a basic understanding of cybersecurity and networking concepts.
Course Set-up
- Setup WebSploit Labs as documented at https://websploit.org
Recommended Preparation
- Watch: The Complete Cybersecurity Bootcamp, 2nd Edition by Omar Santos
- Watch: Certified Ethical Hacker (CEH) Complete Video Course, 3rd Edition by Omar Santos and Nick Garner
Recommended Follow-up
- Watch: The Art of Hacking Video Collection by Omar Santos, Ron Taylor, Jon Sternstein & Chris McCoy
- Watch: CompTIA PenTest+ (PT1-001) by Omar Santos
- Practice: Ethical Hacking Scenarios Playlist
- Practice: Ethical Hacking: Active Recon Scenarios Playlist
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
DAY ONE
- An Overview of Ethical Hacking and Penetration Testing Methodologies (10 minutes)
- Red Teaming vs. Pen Testing vs. Bug Bounties (10 minutes)
- Building your own hacking lab with WebSploit Labs (30 minutes)
- Passive Reconnaissance and Open Source Intelligence (OSINT) (30 minutes)
Break (10 minutes)
- Active Reconnaissance, Scanning, and Fuzzing (30 minutes)
- Introduction to Hacking Modern Web Applications (50 minutes)
Break (10 minutes)
- Introduction to Hacking User Credentials and Cracking Passwords (30 minutes)
- Introduction to Hacking Databases and SQL Injection (30 minutes)
Homework: Learn how to perform advanced network scanning, enumeration, fuzzing and how to create your own scanner using Python by completing the lab guide provided during class.
DAY TWO
- Introduction to Hacking Networking Devices (30 minutes)
- Fundamentals of Wireless Hacking (30 minutes)
- Introduction to Buffer Overflows and Creating Payloads for Code Execution (40 minutes)
Break (10 minutes)
- Introduction to Social Engineering (20 minutes)
- Fundamentals of Evasion and Post Exploitation Techniques (30 minutes)
Break (10 minutes)
- Command and Control, Exfiltration, and Privilege Escalation (30 minutes)
- Best Practices on How to Write Penetration Testing Reports (20 minutes)
Q&A (20 minutes)
Homework: Learn additional exploitation and post-exploitation techniques by completing the lab guide provided during class.
Your Instructor
Omar Santos
Omar Santos is a Distinguished Engineer at Cisco focusing on artificial intelligence (AI) security, research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omar's collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the lead of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee. Omar is the author of over 20 books, numerous video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs.