Ethical Hacking si Penetration Testing pe intelesul tuturor
In acest curs vei invata unelte, metodologii si tehnici de hacking. Un curs practic, pas cu pas.
Watch Promo
Pentru a te proteja de hackeri, este nevoie sa gandesti ca unul.
In acest curs vei invata unelte de hacking, metodologii si tehnici. Un curs practic, explicat pas cu pas. Acest curs are o abordare practica cu situatii care se intalnesc zi de zi in viata unui penetration tester. Vor fi furnizate masini virtuale pentru laborator.
Obiectivul cursului este sa te ajute sa gandesti ca un hacker si sa actionezi ca unul. Vom porni la drum intelegand ce inseamna un proiect de penetration testing, care sunt pasii acestuia, care sunt avantajele, si vom trece prin urmatoarele videouri:
- Introducere in pentetration testing
- Pregatirea laboratorului (Kali + Nessus, Windoes, Metasploitable)
- Strangerea de informatii, OSINT (Open Source Inteligence)
- Enumerarea serviciilor
- Enumerarea directoarelor din serverul web. Spidering vs brute forcing directoare
- Scanarea pentru vulnerabilitati de sistem si servicii
- Scanarea pentru vulnerabilitati ale serverului web
- Cautare manuala pentru vulnerabilitati - baze de date de exploituri
- Prezentarea framework-ului de exploatare Metasploit
- Exploatearea ftp serverului folosind metasploit
- Exploatarea smb folosind Metasploit
- Post Exploatare manuala vs automat
- Demo armitage
- Spargerea parolelor online - crearea unui dictionar propriu personalizat
- Spargerea hashurilor de parole offline
- Interceptarea pachetelor - Man in the Middle. Introducere in Cain si Abel, Ethereal. HTTP si HTTPS (sslstrip)
- Cross site scripting - Interceptarea sesiunilor web
- Stored XSS - Demo beef si social engieering
- Vulnerabilitati Web - file upload, local file inclusion, web backdoors
- CSRF demo - vulnerabilitati web
- Command Execution - vulnerabilitati web
- Introducere in Burp Suite: Proxy, Spidering, Import CA certificat, Extensii, Repeater module
- SQL Injection - vulnerabilitati web
- Brute force pe aplicatii web
- Backdoors de windows, android
- Alte atacuri de tip Social Engineering
- Demo wifi - Mana Toolkit
- Demo Backdoors and Social Engineering - Empire and Rubber Ducky
- Demo phising - SocialPhish
Your Instructor
Senior Information Security Consultant
- I work in the Internet security team, focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.
- Scan and exploit for a wide variety of data center infrastructure and application vulnerabilities, following defined rules of engagement and attack scenarios (ethical hacking).
- Make recommendations on security weaknesses and report on activities and findings.
- Perform Internet penetration testing (black box / white box testing) and code reviews (manual and automated)
- Use testing tools as NetBIOS scanning, network pinging and testing, packet crafting and analyzing, port scanning for vulnerability assessment
- Perform analysis and testing to verify the strengths and weaknesses of Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc.)
- Perform analysis and testing to verify the strengths and weaknesses of a variety of operating systems, network devices, web applications, and security architectures
- Assist with the development of remediation services for identified findings
- Customize, operate, audit, and maintain security related tools and applications
IT Trainer
- CEH, ECSA, CHFI from EC-Council
- Cisco CCNA, CCNA Security, Linux Essentials
- Various Custom Trainings
Certifications
- OSWE
- OSCE
- OSWP
- CREST Registered Penetration Tester (CRT)
- OSCP
- CHFI (Computer Hacking Forensic Investigator)
- ISO 270001 Lead Auditor
- ECSA (EC-Council Security Analyst)
- CEH (Certified Ethical Hacker)
- CCNA and CCNA Security
- CCNP Routing and CCNP Switching
- Advanced Linux&InfoSEC
- VMWare vSphere Install, Configure, Manage
- Microsoft Certified Technology Specialist (MCTS/MCP 70-642): Microsoft Windows Server 2008 Network Infrastructure, etc.
Course Curriculum
Introducere si pregatirea laboratorului
Available in
days
days
after you enroll
Adunarea de informatii, scanarea de vulnerabilitati
Available in
days
days
after you enroll
-
StartStrangerea de informatii (30:11)
-
StartEnumerarea serviciilor si versiunilor aferente (6:20)
-
StartEnumerarea resurselor serverului web (11:31)
-
StartScanarea pentru vulnerabilitati de sistem si servicii - rezentarea rezultatelor (24:05)
-
StartScanarea pentru vulnerabilitati ale serverului web (10:20)
-
StartCautare manuala pentru vulnerabilitati - baze de date de exploituri (16:04)
Exploatarea de vulnerabilitati de servicii, spargerea si interceptarea parolelor
Available in
days
days
after you enroll
-
StartExploatearea unui server FTP vulnerabil (8:54)
-
StartExploatarea protocolului SMB vulnerabil (11:32)
-
StartPost Exploatare - manual vs automat (8:29)
-
StartDemo Armitage (16:27)
-
StartExploatare manuala a vulnerabilitatiilor - SSH (6:36)
-
StartSpargerea parolelor online si crearea unui dictionar propriu personalizat (14:12)
-
StartSpargerea hashurilor criptografice (12:06)
-
StartInterceptarea diferitelor protocoale: HTTP, FTP, HTTPS (22:34)
Frequently Asked Questions
When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 30 days and we will give you a full refund.