Share Description
You will learn the skills required to be a successful Ethical Hacker. Learn how to identify and exploit vulnerabilities and weaknesses in various systems, create and carry out a penetration testing plan, and report on test findings using valid evidence.
Syllabus:
Course 1: Intro to Ethical Hacking
Vulnerability Management
- Configure, launch and manage vulnerability scans
- Calculate risk scores and assign risk ratings
- Prioritize vulnerabilities and manage response efforts
System Auditing
- Interpret test scopes to conduct assessments
- Perform information gathering
- Research vulnerabilities and validate the exploits
- Write a report to communicate audit results
Application Auditing
- Audit web applications using OWASP WSTG
- Use semi-automated tools to increase efficiency and accuracy
- Use fully-automated tools to test specific vulnerabilities and products Need Help? Speak with an Advisor: www.udacity.com/advisor Ethical Hacker | 4 LEARNING OUTCOMES
Social Engineering
- Understand techniques attackers use to exploit employees
- Conduct a phishing simulation
- Create malware to use in test attacks
- Design a simulated landing page to use in social engineering tests
Open-source Intelligence
- Uncover information leakage
- Use exploratory link analysis to find information and establish links
- Analyze data relationships to develop conclusions
Project : Audit ExampleCorp
You will be in charge of a full-fledged security audit of a fictitious company called ExampleCorp in this project. This project necessitates hands-on experience with all major aspects of ethical hacking, such as vulnerability management, hacking systems and applications, social engineering, and open-source intelligence.You will demonstrate vulnerability chaining, exploit code modification, documentation use to learn new tests, and effective report writing.
Course 2: Penetration Testing & Red Teaming Operations
Reconnaissance
- Identify the appropriate tool for a given phase of reconnaissance
- Identify IP addresses belonging to a company using public DNS
- Identify various web frameworks and content management systems
- Conduct passive, active and physical reconnaissance
- Document the discovery, mapping and reconnaissance phase of red teaming
Scanning & Research
- Use common tools for network service scanning to map open ports, network services and associated versions
- Extend the basic web application scanning to grab banners and find vulnerabilities in available services
- Capture command usage, explain the usage, and provide results with screenshots and findings
- Use software version discoveries to find common vulnerabilities and exposures (CVEs), MAP CVE to available exploit code • Identify the appropriate database to conduct vulnerability research Need Help? Speak with an Advisor: www.udacity.com/advisor Ethical Hacker | 6 LEARNING OUTCOMES
Gaining Access
- Use Python, SQL query and other languages to run exploit code
- Conduct web application and on-premise software attacks
- Conduct password attacks
- Conduct phishing and social engineering attacks
- Exploit software vulnerabilities
Maintaining Access
- Learn advanced persistent threat techniques
- Maintain access through persistent connection
- Traverse subnets by pivoting
- Avoid IPS by obfuscating backdoor connection
- Uncover root account passwords and conduct privilege escalation
Cover Tracks & Reporting
- Learn techniques on covering tracks after exploitation
- Clear logs on Windows and Linux targets
- Deploy toolkits to automate log clearing
- Assess digital footprints on the network and remove or hide them
- Draft and update a pen test report
- Draft non-technical executive summaries
Project: Red Teaming Operations
You will use and implement modern penetration tester and red teamer methodologies on PJBank CISO's virtual operations in this project. You will demonstrate your ability to apply all of the skills you learned throughout the course while maintaining clear and concise documentation and testing efforts in order to produce a report in a timely manner.The reporting process will demonstrate your understanding of security testing's business applications.
