Course Syllabus Penetration Testing and Ethical Hacking Course Description and Goals Course Description: Our Penetration Testing and Ethical Hacking course will introduce you to a variety of attack types, including password cracking, DDoS, SQL injection, session hijacking, social engineering, and other hacking techniques. The course also covers an introduction to ethical hacking concepts, as well as web server and web application hacking. There are optional labs for this ethical hacking course that help students gain the hands-on hacking skills necessary to be successful on the job. Connect with Our Instructor: Bill Price bill.price@wavatech.com Recommended Target Audience: Built for those who want to move into pentesting or blue teaming fields; Ideal for those who want to learn how to protect your network from malicious hackers by exploiting networks. Recommended Course Prerequisites: Recommended for individuals that have a minimum of two years of professional experience and information security or a related field; Have a fundamental understanding of networking and operating systems. Course Goals: By the end of this course, learners should be able to: ❏ Understand the mindset of a hacker. ❏ To properly assess the strength of an organization’s cybersecurity posture. ❏ To be able to gather information, perform scanning and enumeration, and show how an adversary could hack into your systems. ❏ To be able to utilize the tools and utilities taught in this course to ethically gain information, determine vulnerabilities, and exploit weaknesses in an organization’s security posture. ❏ To confidently assist in the obtaining of pentest certifications, blue teaming and ethical hacking roles. Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 1 Optional Labs: These labs are inluded to help you practice what you learn. You will still earn a certificate of completion regardless of whether or not you complete the labs. ● Lesson 1.6: Ethical Hacking Concepts ● Lesson 2.4: Footprinting & Reconnaissance - Part 1 ● Lesson 2.5: Footprinting & Reconnaissance - Part 2 ● Lesson 3.4: Network Resource Discovery Methods - Part 1 ● Lesson 3.5: Network Resource Discovery Methods - Part 2 ● Lesson 4.4: NetBIOS, SNMP & LDAP Network Enumeration ● Lesson 4.5: NTP, DNS & Other Network Enumeration Techniques & Countermeasures ● Lesson 5.3: Vulnerability Assessment Tools and Techniques ● Lesson 6.4: System Hacking & Manipulation ● Lesson 7.5: Implementing Malware Concepts ● Lesson 8.2: Network Sniffing Techniques & Attacks ● Lesson 9.2: Social Engineering Exploits ● Lesson 10.2: Denial of Services Techniques & Attacks ● Lesson 11.3: Session Hijacking Implementation & Prevention ● Lesson 13.2: Compromising Web Servers ● Lesson 13.3: Web Application Exploitation Concepts ● Lesson 14.2: Web Application Exploitation Attacks - Part 1 ● Lesson 14.3: Web Application Exploitation Attacks - Part 2 ● Lesson 15.2: Compromising SQL Injection Attacks ● Lesson 16.2: Exploiting Wireless Vulnerabilities ● Lesson 17.2: Compromising & Exploiting Mobile Devices ● Lesson 18.3: Compromising IoT & OT Platforms ● Lesson 19.2: Introduction to Cloud Computing Vulnerabilities ● Lesson 20.3: Cryptographic Concepts, Implementation & Detection Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 2 Course Quick Outline Module 1 | Introduction to Ethical Hacking Lesson 1.1: Learn, Practice, Prove Lesson 1.2: Welcome to the Penetration Testing and Ethical Hacking Certification Prep program! Lesson 1.3: Course Introduction Lesson 1.4: Information Security Overview Lesson 1.5: Cyber Kill Chain Concepts Lesson 1.6: Hacking and Ethical Hacking Concepts Lesson 1.7: Ethical Hacking Concepts [lab] Lesson 1.8: Information Security Controls, Laws, and Standards Module 2 | Footprinting and Reconnaissance Lesson 2.1: Footprinting Concepts Lesson 2.2: Footprinting Through Different Services Lesson 2.3: Network Footprinting Lesson 2.4: Footprinting & Reconnaissance - Part 1 [lab] Lesson 2.5: Footprinting & Reconnaissance - Part 2 [lab] Module 3 | Scanning Networks Lesson 3.1: Network Scanning Concepts Lesson 3.2: Host, Port, and Service Discovery Lesson 3.3: OS Discovery, Scanning Beyond IDS and Firewall Lesson 3.4: Network Resource Discovery Methods - Part 1 [lab] Lesson 3.5: Network Resource Discovery Methods - Part 2 [lab] Module 4 | Enumeration Lesson 4.1: Enumeration Concepts Lesson 4.2: NetBIOS Enumeration and SNMP Enumeration Lesson 4.3: LDAP, NTP, NFS, SMTP, and DNS Enumeration Lesson 4.4: NetBIOS, SNMP & LDAP Network Enumeration [lab] Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 3 Lesson 4.5: NTP, DNS & Other Network Enumeration Techniques & Countermeasures [lab] Module 5 | Vulnerability Analysis Lesson 5.1: Vulnerability Assessment Concepts Lesson 5.2: Vulnerability Assessment Solutions and Tools Lesson 5.3: Vulnerability Assessment Tools and Techniques [lab] Module 6 | System Hacking Lesson 6.1: System Hacking Concepts, Gaining Access, and Cracking Passwords Lesson 6.2: Vulnerability Exploitation and Escalating Privileges Lesson 6.3: Maintaining Access, Executing Applications, Hiding Files, and Clearing Logs Lesson 6.4: System Hacking & Manipulation [lab] Module 7 | Malware Threats Lesson 7.1: Malware Concepts Lesson 7.2: APT and Trojans Lesson 7.3: Virus and Worms Lesson 7.4: Malware Analysis and Countermeasures Lesson 7.5: Implementing Malware Concepts [lab] Module 8 | Sniffing Lesson 8.1: Sniffing Lesson 8.2: Network Sniffing Techniques & Attacks [lab] Module 9 | Social Engineering Lesson 9.1: Social Engineering Lesson 9.2: Social Engineering Exploits [lab] Module 10 | Denial-of-Service Lesson 10.1: DoS/DDoS Lesson 10.2: Denial of Services Techniques & Attacks [lab] Lesson 10.3: Study Break Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 4 Module 11 | Session Hijacking Lesson 11.1: Session Hijacking Lesson 11.2: Session Hijacking Countermeasures Lesson 11.3: Session Hijacking Implementation & Prevention [lab] Module 12 | Evading IDS, Firewalls, and Honeypots Lesson 12.1: Evading IDS, Firewalls, and Honeypots Module 13 | Hacking Web Servers Lesson 13.1: Webserver Concepts, Attacks, Attack Methodology, and Countermeasures Lesson 13.2: Compromising Web Servers [lab] Lesson 13.3: Web Application Exploitation Concepts [lab] Module 14 | Hacking Web Applications Lesson 14.1: Hacking Web Applications Lesson 14.2: Web Application Exploitation Attacks - Part 1 [lab] Lesson 14.3: Web Application Exploitation Attacks - Part 2 [lab] Module 15 | SQL Injection Lesson 15.1: SQL Injection Lesson 15.2: Compromising SQL Injection Attacks [lab] Module 16 | Hacking Wireless Networks Lesson 16.1: Hacking Wireless Networks Lesson 16.2: Exploiting Wireless Vulnerabilities [lab] Module 17 | Hacking Mobile Platforms Lesson 17.1: Hacking Mobile Platforms Lesson 17.2: Compromising & Exploiting Mobile Devices [lab] Module 18 | IoT and OT Hacking Lesson 18.1: IoT Hacking Lesson 18.2: OT Hacking Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 5 Lesson 18.3: Compromising IoT & OT Platforms [lab] Module 19 | Cloud Computing Lesson 19.1: Cloud Computing Hacking Lesson 19.2: Introduction to Cloud Computing Vulnerabilities [lab] Module 20 | Cryptography Lesson 20.1: Cryptography Lesson 20.2: Encryption and Cryptographic Attacks Lesson 20.3: Cryptographic Concepts, Implementation & Detection [lab] Lesson 20.4: Penetration Testing and Ethical Hacking Practice Test Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 6 Course Extended Outline Module 1 | Introduction to Ethical Hacking The student will learn the basics of Information Security, security controls, and laws and standards that are important to the ethical hacker. The student will also learn the ethical hacking methodology and get introduced to two hacking models The Cyber Kill Chain and The Mitre ATT&ck Matrix. Module 2 | Footprinting and Reconnaissance The Footprinting and Reconnaissance module introduces the student to the process of gaining information about the target using various sources. Some of the topics cover: ● Techniques and tools in footprinting and reconnaissance ● Website footprinting ● Footprinting through social network sites ● The critical pre-attack phase of the ethical hacking process ● DNS footprinting ● Countermeasure Module 3 | Scanning Networks This module will instruct the student on network scanning methods of obtaining network information about hosts, ports, etc. and running services by scanning the networks and their ports. Some of the topics covered are: ● Network scanning techniques and countermeasures ● Scanning tools and techniques ● Scanning beyond IDS and firewall ● Banner grabbing Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 7 Module 4 | Enumeration The enumeration module explores gathering information further by initiating active connections with the target systems. Through these active connections, direct queries are generated to gain more information to help identify the system’s attack points. Module 5 | Vulnerability Analysis Vulnerability Analysis module includes discovering weaknesses in an environment, any design flaws, and other security concerns that can cause an Operating System, application, or website to be misused. Module 6 | System Hacking The System Hacking module will instruct the student on the methodological approach of system hacking, bypassing access controls and policies by cracking passwords or social engineering attacks that will enable an attacker to access the system. Module 7 | Malware Threats In this module, the student will learn the basic concept of malware and the components used in malware and its analysis. The student will also learn different types of malware, including viruses, worms, trojans, ransomware, botnet, Adware, Spyware, Rootkits, and Fileless malware. You will get a basic overview of Trojan construction kits. Module 8 | Sniffing In this module, the student will learn the concepts of Sniffing and monitoring different types of traffic, either protected or unprotected. Using sniffing, the student will understand how an attacker can gain information that might be helpful for further attacks and can cause trouble for the victim. Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 8 Module 9 | Social Engineering In this module, the student will learn the non-technical method of obtaining information - Social Engineering. Social engineering techniques are used to manipulate people into performing actions or sharing confidential information and, when used by an outsider, gets them sensitive information. Module 10 | Denial-of-Service This module focuses on Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks. It includes an explanation of different DoS and DDoS attacks, attacking techniques, the concept of Botnets, attacking tools, and countermeasures and strategies used for defending against these attacks. Module 11 | Session Hijacking In this module, the student will learn the hijacking of sessions by intercepting the communication between hosts - Session Hijacking. The student will further learn the types of attacks used with session hijacking, such as a "Man-in-the-Middle" attack. Module 12 | Evading IDS, Firewalls, and Honeypots In this module, the student will learn the techniques used by attackers to evade detection in a network. The module will provide the student with an in-depth look at how IDS/IPS systems, firewalls, and honeypots operate, how to evade them, and, more importantly, countermeasures to protect a network from attackers. Module 13 | Hacking Web Servers This module will discuss web server vulnerabilities, techniques and tools for attacking them, and mitigation methods. Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 9 Module 14 | Hacking Web Applications This module will introduce the student to web applications, their architecture, how to footprint these applications, attack methods and techniques, and how to secure them. Module 15 | SQL Injection This module covers Structured Query Language (SQL) Injection. SQL Injection is a popular and complex method of attack on web services, applications, and databases. By the end of this module, the student will understand SQL injection types, methodology, and defense techniques. Module 16 | Hacking Wireless Networks This module will discuss the concept of wireless networks, threats and vulnerabilities, attacks on wireless technologies, and some defense techniques. Module 17 | Hacking Mobile Platforms In this module, the student will the vulnerabilities of the iOS and Android mobile operating systems, different SMS and Bluetooth attacks, rooting and jailbreaking methods and tools, threats of BYOD, and the types of tools attackers use. Module 18 | IoT and OT Hacking This module provides an overview to the student of the IoT and OT architecture, attack types, and countermeasures to protect against attacks. Module 19 | Cloud Computing In this module, the student will get an overview of different cloud deployment models, different types of cloud computing, serverless computing, and will get an overview of container technologies. Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 10 Module 20 | Cryptography In this module, the student will learn concepts and methods of carrying out encryption and hashing to protect the integrity of data. The student will learn about different tools used to create encryption algorithms and hashes, along with the techniques used to study cryptography. Brought to you by: Develop your team with the fastest growing catalog in the cybersecurity industry. Enterprise-grade workforce development management, advanced training features and detailed skill gap and competency analytics. 11
