Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Certified Professional Ethical Hacker (CPEH)
Course Introduction
Instructor Introduction (2:38)
Course Overview (1:50)
Course Prerequisites (1:54)
Download Resources
Module 1 - Introduction to Ethical Hacking
Introduction to Ethical Hacking (0:11)
Where are We? (0:12)
Overview (0:12)
Module 1 - Quiz
Module 1 - Section 1: What and Why
What is Ethical Hacking? (0:48)
What is Ethical Hacking? Cont... (0:39)
Why Ethical Hacking? (0:20)
Downfalls (0:28)
Module 1 - Section 2: Differences
Items we Cover (0:24)
What is a Penetration Test? (0:42)
White Hat/Red Team (1:16)
Red Team/Security Researcher (1:17)
Differences (0:19)
Task Differences (0:14)
Hacker vs. Ethical Hacker (0:33)
Module 1 - Section 3: Security Definitions
Types of Hackers (1:15)
CIA Triad in Detail (0:47)
Security Definitions (1:18)
Exploit and Vulnerability Lifecycle (1:03)
Zero Day Anyone? (0:39)
Risk Assessment (1:13)
Mile2 Glossary of Terms (0:20)
Module 1 - Section 4: Risk Management
Risk Management Flow (1:18)
What is the Value of an Asset? (1:07)
Risk Based Definitions (0:41)
What is a Threat Source/Agent? (0:54)
What is a Threat? (0:44)
What is a Vulnerability? (0:28)
Examples of Some Vulnerabilities that Are Not Always Obvious (1:04)
What is a Control? (0:35)
What is the Likelihood? (1:01)
What is the Impact? (0:38)
Control Effectiveness (1:02)
Risk Management (1:17)
Reference Documents (2:12)
NIST SP 800-39 Risk Context (0:19)
Purpose of Risk Management (1:00)
Module 1 - Section 5: Methodologies
Options (0:25)
Ethical Hacking Methodologies (0:51)
Penetration Testing Methodologies (0:46)
OSSTMM (1:29)
OSSTMM - The Trifecta (0:29)
OSSTMM Combining Trifecta and 4PP (1:10)
NIST SP-800-115 (1:01)
NIST SP-800-115 Cont... (1:36)
ISSAF Four Phases (0:26)
ISSAF Diagram (1:14)
PTES (0:54)
Methodology for Penetration Testing (3:39)
So Which One? (0:50)
Not Just Tools (0:16)
Module 1 Review (0:05)
Module 2 - Linux Fundamentals
Linux Fundamentals (0:40)
Where are We? (0:18)
Overview (0:30)
Module 2 - Quiz
Module 2 - Section 1: Core Concepts
What is Linux? (1:20)
Linus + Minix = Linux (0:30)
GNU (0:34)
Linux GUI Desktops (0:33)
Top 10 Latest GUI Releases (0:39)
Distributions (1:12)
Resources (0:37)
Module 2 - Section 2: The Shell and other items you need to know
Shell (0:35)
Linux Shell (2:32)
Linux Bash Shell (0:37)
File System Structure (0:51)
File System Structure Cont... (1:46)
File System Structure Cont... (2:42)
Mounting Drives with Linux (0:43)
Tarballs and Zips (1:33)
Compiling Programs in Linux (1:14)
Iptables (1:03)
Iptables (1:06)
IP Forwarding (0:45)
Module 2 - Section 3: Managing Users
Accounts and Groups (0:46)
Password & Shadow File Formats (0:38)
Password & Shadow File Formats Cont... (0:26)
Accounts and Groups (0:32)
User Account Management (0:54)
Changing a User Account Password (0:25)
Root Account (0:46)
Linux and Unix Permissions (0:39)
Linux and Unix Permissions Cont... (1:32)
Linux and Unix Permissions Cont... (0:34)
Linux and Unix Permissions Cont... (1:35)
Module 2 - Section 4: Basic Commands
Network Config (1:02)
Where is my C:\ Drive? (0:55)
Mounting CD (0:32)
Manage Directories and Files (1:39)
Module 2 Review (0:35)
Module 3 - Protocols
Protocols (0:59)
Overview (0:12)
Where are We? (0:11)
Module 3 - Quiz
Module 3 - Section 1: Network Models
Network Models (1:13)
OSI Model (1:21)
Layer 7: Application (1:23)
Layer 6: Presentation (0:52)
Layer 5: Session (1:24)
Layer 4: Transport (2:12)
Layer 3: Network (1:53)
Layer 2: Data Link (1:23)
Layer 1: Physical (1:31)
TCP/IP (1:01)
Layer 4: Application Layer (0:41)
Layer 3: Transport Layer (0:35)
Layer 2: Internet Layer (0:36)
Layer 1: Network Interface Layer (0:48)
OSI/TCP IP (0:39)
Module 3 - Section 2: Protocols & Services
Protocols at Each OSI Model Layer (0:55)
Ports and Protocols (3:15)
TCP vs UDP (3:14)
TCP Packet Content (3:52)
UDP Packet Content (0:40)
Three Way Handshake (1:05)
TCP Flags (2:00)
ARP (1:35)
ARP Process (2:35)
ICMP (2:17)
ICMP Messages (1:57)
DNS (2:10)
DNS Insecurities (1:02)
SNMP (2:27)
SNMP Insecurities (0:50)
SMTP (1:27)
SMTP Insecurities (1:25)
LDAP (0:43)
LDAP Insecurities (0:55)
Services to Consider (0:53)
Module 3 Review (0:20)
Module 4 - Cryptography
Cryptography (0:58)
Where are We? (0:26)
Overview (0:29)
Module 4 - Quiz
Module 4 - Section 1: Understanding Cryptography
Cryptographic Definitions (0:56)
Cryptographic Definitions Cont... (1:15)
A Few More Definitions (0:21)
Cryptography Usage (1:10)
Types of Cryptographic Algorithms (0:46)
Encryption/Decryption Methods (2:20)
Module 4 - Section 2: Symmetric Encryption
Symmetric Cryptography - Use of Secret Keys (1:40)
Symmetric Encryption (0:40)
Symmetric Keys (1:03)
Stream Cipher & Block Cipher (0:33)
Symmetric Cipher - Stream Cipher (0:47)
XOR Encryption Process (1:24)
Stream Cipher Modes (1:05)
Strength of a Stream Cipher (1:26)
Symmetric Cipher - Block Cipher (0:24)
S-Boxes Used in Block Ciphers (0:47)
Block Cipher Modes (0:17)
Block Ciphers - ECB (0:28)
Block Cipher - CBC (0:40)
CBC Mode (0:43)
Block Cipher Modes - CFB and OFB (1:05)
CTR Mode (0:37)
Symmetric Algorithms - DES (0:36)
Evolution of 3DES (1:30)
Symmetric Cipher - AES (1:02)
Other Symmetric Algorithms (0:28)
Module 4 - Section 3: Asymmetric Encryption
Asymmetric Cryptography (2:14)
Asymmetric Encryption (0:17)
When to Use Which Key? (1:42)
Asymmetric (0:04)
Key Exchange (1:01)
Diffie-Hellman (0:31)
Asymmetric Algorithm - RSA (1:05)
Asymmetric Algorithms - El Gamal and ECC (0:41)
Public Key Cryptography Advantages (1:12)
Asymmetric Algorithm Disadvantages (0:47)
Symmetric versus Asymmetric (0:33)
Example of Hybrid Cryptography (1:31)
Digital Signatures (0:35)
Digital Signature (0:34)
Module 4 - Section 4: Hashing
Hashing Algorithms (1:22)
Protecting the Integrity of Data (1:21)
Data Integrity Mechanisms (1:02)
Security Issues in Hashing (1:23)
Simple MAC (0:42)
Weakness in Using Only Hash Algorithms (0:20)
HMAC - Sender (0:25)
HMAC - Receiver (0:06)
QKD (0:56)
QKD Cont... (0:09)
Module 4 - Section 5: Cryptography in Use
Link versus End-to-End Encryption (0:53)
End-to-End Encryption (0:25)
Network Layer Protection (1:08)
IPSec Key Management (0:54)
IPSec Handshaking Process (0:56)
SAs in Use (1:00)
IPSec is a Suite of Protocols (1:19)
IPSec Datagrams (1:25)
SSL/TLS Hybrid Encryption (1:52)
SSH Security Protocol (1:29)
E-mail Standards (0:51)
Encrypted Message (0:20)
Secure E-mail Standard (0:39)
Module 4 - Section 6: Crypto Attacks
Theoretical Cryptanalysis (1:44)
Theoretical Cryptanalysis Cont... (1:08)
Theoretical Cryptanalysis Cont... (1:08)
Birthday Attack (1:23)
Example of a Birthday Attack (1:25)
Applied Cryptanalysis (1:40)
Applied Cryptanalysis Cont... (0:40)
Applied Cryptanalysis Cont... (1:10)
Applied Cryptanalysis Cont... (1:25)
Module 4 Review (0:35)
Module 5 - Password Cracking
Password Cracking (1:02)
Where are We? (0:23)
Overview (0:12)
Module 5 - Quiz
Module 5 - Section 1: What and Why
Why it is kind of a no brainer! (0:35)
Password Cracking Strategy (5:24)
Password Cracking Strategy Cont... (0:54)
Password Cracking Strategy Cont... (1:37)
Cracking Techniques (3:07)
Module 5 - Section 2: Attacks and Tools of the Trade
Password Guessing (1:25)
Password Cracking LM/NTLM Hashes (2:53)
Syskey Encryption (1:08)
Rainbow Tables (2:09)
GPU and/or CPU for Password Cracking (2:04)
Cain and Abel's Cracking Methods (1:04)
Rainbow Tables Limitations (1:06)
Password Salting (1:11)
Password Salting Cont... (0:47)
NTPASSWD: Hash Insertion Attack (1:54)
Password Sniffing (1:31)
Mimikatz (1:10)
A Few other Common Tools (0:52)
Module 5 - Section 3: Countermeasures
Implement General Password Policies that Work! (3:54)
Consider Something Better (1:51)
Understand the Windows Authentication Protocols (3:42)
Security Items to Consider (1:40)
Security Items to Consider Cont... (1:07)
Module 5 Review (0:10)
Module 6 - Malware
Malware (0:47)
Where are We? (0:39)
Overview (0:17)
Module 6 - Quiz
Module 6 - Section 1: DOS & DDOS
Denial of Service (0:29)
Distributed Denial of Service (1:44)
Distributed Denial of Service Cont... (0:30)
Denial of Service Impact (1:12)
DoS Attack Symptoms (1:48)
Digital Attack Map: A Global Threat Visualization (0:53)
DoS Attack Methods (7:11)
BOTNET (0:50)
Botnet Ecosystem (1:55)
BOTNET Propagation (0:39)
BOTNET Tools (0:28)
DoS/DDoS Attack Tools (0:40)
High Orbit Ion Canon (HOIC) (0:38)
DoS Attack Detection (2:03)
DoS Detection - Activity Profiling (0:50)
DoS Detection Sequential Change Point Detection (0:28)
DoS Detection - Wavelet Analysis (1:09)
DoS/DDoS Countermeasures (3:12)
Botnet Countermeasures (2:21)
Advanced DoS/DDoS Protection Tools (0:55)
Advanced DDoS Protection Methods (1:19)
Module 6 - Section 2: Viruses and Worms
What is a Virus? (0:52)
How it works (0:41)
What they do (1:39)
Types of Viruses (1:27)
Types of Viruses Cont... (0:58)
Types of Viruses Cont... (1:39)
Types of Viruses Cont... (1:36)
Types of Viruses Cont... (1:15)
Stealth Strategies (2:33)
How do you get Infected? (3:16)
DNS Changer Virus (0:43)
Melissa Virus (1:01)
Worms (0:50)
How bad is it? (0:29)
Storm Worm (0:55)
Stuxnet (0:58)
conficker (0:34)
Module 6 - Section 3: Trojans & Backdoors
Trojans and Backdoors (2:06)
Distributing Malware (1:12)
Malware Capabilities (1:21)
Trojan Types (0:50)
Netcat (1:29)
Netcat Switches (1:11)
Remote Access Trojan (RAT) Components (1:52)
Meet Zberb (0:30)
Executable Wrappers (0:40)
Avoiding Detection (1:02)
REFUD (0:52)
Today's Wrappers (0:23)
Malware Countermeasures (1:34)
Malware Reference: www.BleepingComputer.com (0:27)
Monitoring Autostart Methods (1:00)
Port Monitoring Software (0:49)
File Protection Software (0:52)
SigCheck (1:15)
Hardware-based Malware Detectors (0:37)
User Education (0:51)
Module 6 - Section 4: Ransomware
Ransomware (0:59)
Famous Ransomware (1:19)
Famous Ransomware Cont... (0:24)
Ransomware and Cryptocurrency (0:42)
Module 6 Review (0:19)
Module 7 - Security Devices
Security Devices (0:34)
Where are We? (0:28)
Overview (0:09)
Module 7 - Quiz
Module 7 - Section 1: Basic Security Elements
Introduction (1:10)
Switching and Routing (3:12)
Switch Security (4:37)
Router Security (1:53)
Router Security Cont... (4:19)
VLAN (1:51)
VLAN Cont... (3:16)
Proxy, NAT, PAT (4:44)
Module 7 - Section 2: Security Appliances
Firewall (1:32)
Next Generation Firewall (2:16)
DMZ (1:25)
IDS (1:25)
IDS Cont... (1:11)
IPS (1:07)
IPS Cont... (1:10)
SIEM (1:06)
SIEM Capabilities (1:49)
Module 7 Review (0:27)
Module 8 - Information Gathering - Reconnaissance-Passive (External Only)
Information Gathering - Reconnaissance-Passive (External Only) (1:07)
Where are We? (0:34)
Overview (0:12)
Module 8 - Quiz
Module 8 - Section 1: What are we looking for?
What is it? (1:10)
Open-Source Intelligence (OSINT) (4:07)
Why do we do it? (1:13)
What do we want? (2:01)
What do we want? Cont... (1:11)
What do we want? Cont... (4:15)
What do we want? Cont... (1:08)
Module 8 - Section 2: Where/How do we find this information?
Where? (1:23)
Where Do We Find This Information? (0:28)
Domain Name Registration (2:46)
WHOIS (2:44)
DNS Databases (2:16)
Using Nslookup (0:53)
Username Searches (0:59)
eMail Address Searches (1:06)
People Search Engines (3:06)
Business Search Engines (1:10)
Web Server Info Tool: Netcraft (2:37)
Internet Archive: The WayBack Machine (3:09)
Job Postings (1:05)
Blogs & Forums (1:00)
Shodan (4:54)
Google Hacking (4:24)
GHDB (3:07)
Module 8 - Section 3: Are there tools to help?
Maltego - Clear Leader (0:47)
Maltego - Clear Leader Cont... (0:53)
Recon-ng (0:55)
Recon-ng Cont... (0:25)
theharvester (0:43)
Firecat/Kromcat (1:36)
Module 8 Review (0:26)
Module 9 - Social Engineering
Social Engineering (1:07)
Where are We? (0:52)
Overview (0:15)
Module 9 - Quiz
Module 9 - Section 1: Social Engineering Types
Vulnerable Human Behavior (2:19)
Organization Vulnerabilities (1:21)
Human Based Social Engineering (2:17)
Human Based Social Engineering Cont... (5:24)
Social Engineering Techniques (4:10)
Social Engineering Gaps (2:55)
Computer Based Social Engineering (4:51)
Social Network Lookup http://namechk.com/ (0:29)
Impact of Social Engineering (0:55)
Social Media Protection (2:03)
Identity Theft and PII (1:04)
Identity Theft and PII Protection (1:45)
Identity Theft and PII Protection Cont... (1:07)
Module 9 - Section 2: Phishing Scams
Phishing (1:20)
Spear Phishing (1:36)
Whaling Attacks (1:06)
Recent Successful Whaling Attacks (0:15)
Whaling Mitigation (1:29)
Phishing Protection (1:34)
Module 9 Review (0:20)
Module 10 - Reconnaissance-Active Scanning-Enumeration
Reconnaissance-Active Scanning-Enumeration (0:31)
Where are We? (0:34)
Overview (0:30)
Module 10 - Quiz
Module 10 - Section 1: What are we looking for?
Where are we in the Process? (1:17)
What is it? (0:57)
What are we looking for? (0:56)
Methods of Obtaining Information (1:09)
Physical Access (1:25)
Social Access Covered in Module 9 (0:52)
Module 10 - Section 2: Port Scanning
Introduction to Port Scanning (1:08)
Which Services use which Ports? (2:27)
Legalities (0:39)
Port Scan Tips (1:04)
Port Scans Should Reveal… (1:11)
Comparison of Models (1:25)
Types of Scans (0:15)
TCP/IP Suite (1:13)
TCP Flags (0:18)
TCP 3-Way Handshake (0:57)
TCP Connect Port Scan (0:44)
Half-open Scan (SynScan) (1:06)
Firewalled Ports (0:51)
UDP versus TCP (0:22)
UDP Port Scan (1:09)
Module 10 - Section 3: Are there tools to help?
Popular Port Scanning Tools (1:04)
Stealth Online Ping (0:28)
Online Tools (1:28)
Fing & Fing Mobile (1:09)
Solarwinds Port Scanner (0:22)
Hping3 (0:57)
Hping3 Cont... (0:55)
P0f (0:24)
NMAP: Is the Host online? (2:03)
ICMP Disabled? (0:20)
NMAP TCP Connect Scan (1:11)
NMAP (0:44)
Tool Practice: TCP Half-open & Ping Scan (0:45)
NMAP Service Version Detection (0:30)
Additional NMAP Scans (1:11)
Saving NMAP Results (1:21)
NMAP UDP Scans (0:38)
Module 10 - Section 4: Banner Grabbing
Introduction (1:33)
Why Banner Grabbing? (0:27)
Banner Grabbing Tools (0:22)
Banner Grabbing Tools - ID Serve (0:27)
Banner Grabbing Tools - Netcraft (0:22)
Banner Grabbing Tools - Netcat (0:26)
Banner Grabbing Tools - Telnet (0:34)
Practice: Banner Grabbing with Telnet (0:46)
Banner Grabbing Tools - NMAP (2:19)
Module 10 - Section 5: Enumeration
Enumeration (0:36)
Services to Enumerate: (1:20)
SNMP (1:10)
LDAP (0:47)
NTP (2:17)
SMTP (1:11)
DNS (0:34)
Module 10 Review (0:40)
Module 11 - Vulnerability Assessment
Vulnerability Assessment (0:45)
Where are We? (0:25)
Overview (0:09)
Module 11 - Quiz
Module 11 - Section 1: What is a Vulnerability Assessment?
Review from CSP+ (1:03)
What is a Vulnerability Assessment (VA)? (1:47)
Benefits of a Vulnerability Assessment (2:59)
Types of Vulnerability Assessments (2:10)
How do we know about Vulnerabilities? (3:36)
Typical Vulnerability Assessment Process (2:11)
Module 11 - Section 2: Tools of the Trade
Choosing the Right Tool (1:36)
Different Types of Tools (1:46)
The List (1:50)
Network Based Tools Comparison (0:54)
Application Based Tools Comparison (0:22)
Module 11 - Section 3: Testing Internal/External Systems
It starts here! (1:50)
Enumeration (1:31)
Detection (1:12)
Additional Details (2:16)
Easily Exploitable Vulnerabilities (0:44)
Module 11 Review (0:43)
Module 12 - Network Attacks
Network Attacks (0:20)
Where are We? (0:39)
Overview (0:04)
Module 12 - Quiz
Module 12 - Section 1: Sniffing Techniques
Packet Sniffers (0:46)
Example Packet Sniffers (0:36)
Tool: Pcap & WinPcap (0:34)
Tool: Wireshark (0:45)
TCP Stream Re-assembling (0:42)
tcpdump & windump (0:50)
TCP Dump Examples (0:54)
Sniffer Detection using Cain & Abel (0:51)
Passive Sniffing (0:55)
Active Sniffing (1:34)
Active Sniffing Methods (2:43)
Switch Table Flooding (0:46)
ARP Cache Poisoning (1:26)
ARP Normal Operation (1:18)
ARP Cache Poisoning (1:38)
Technique: ARP Cache Poisoning (Linux) (0:47)
MAC Spoofing (0:44)
DNS Poisoning (1:18)
Source Routing (1:22)
Advertise Bogus Routes (0:41)
Rogue DHCP (1:43)
Tool: Cain and Abel (0:53)
Ettercap (0:20)
Linux Tool Set: Dsniff Suite (0:59)
What is DNS Spoofing? (1:08)
Tools: DNS Spoofing (0:58)
Breaking SSL Traffic (1:53)
Breaking SSL Traffic Cont... (0:53)
URL Obfuscation (2:11)
Intercepting VoIP (2:20)
Countermeasures (0:51)
Countermeasures Cont... (0:32)
Countermeasures for Sniffing (0:49)
Module 12 - Section 2: Hijacking
Session Hijacking (1:32)
Session Hijacking Cont... (1:29)
Contributors to Session Hijacking (2:02)
Impact of Session Hijacking (1:10)
Session Hijacking Techniques (0:48)
Brute Force Attack (0:37)
Stealing and Calculating Session IDs (0:51)
Session Hijacking Process (1:07)
Types of Session Hijacking (1:31)
Application-level Session Hijacking (1:08)
Predicting Session Token (1:05)
Man-in-the-Middle Attacks (0:45)
Client-side Attacks (0:58)
Man-in-the-Browser Attacks (1:02)
Session Sniffing (0:54)
Cross-site Script Attacks (0:57)
Network-level Session Hijacking (0:28)
TCP/IP Hijacking (1:11)
Session Hijacking Tools (1:04)
Burp Suite (0:35)
Session Hijacking Tools (0:32)
Protecting against Session Hijacking (2:01)
Protecting against Session Hijacking Cont... (0:31)
Protecting against Session Hijacking Cont... (0:59)
Protecting against Session Hijacking - Web Users (1:13)
Module 12 Review (0:11)
Module 13 - Hacking Servers
Hacking Servers (1:07)
Where are We? (0:34)
Overview (0:19)
Module 13 - Quiz
Module 13 - Section 1: Servers, what are they good for?
Servers, what are they good for? (1:10)
Know the OS (4:38)
Know How it is Used (3:43)
Find the Exploit (1:10)
Module 13 - Section 2: What is an Exploit?
What is an Exploit? (1:49)
Exploit Development (5:05)
Exploit Development Cont... (1:00)
Module 13 - Section 3: Tools of the Trade
Exploit-db (0:58)
Search Exploit-db (0:28)
Metasploit (0:52)
Metasploit Cont... (0:33)
Understanding Metasploit (3:36)
Hands on Metasploit (0:48)
Core Impact (0:59)
SaintExploit at a Glance (1:53)
Module 13 - Section 4: Testing Internal/External Systems
It starts here! (1:16)
External Systems (1:29)
Outside of Possible Evasion Techniques (4:17)
Internal Systems (2:46)
Inside out Possible Evasion Techniques (4:10)
Client-Side Attacks (1:50)
Physical Access Attacks (2:12)
Module 13 Review (0:40)
Module 14 - Assessing and Hacking Web Technologies
Assessing and Hacking Web Technologies (0:09)
Where are We? (0:48)
Overview (0:21)
Module 14 - Quiz
Module 14 - Section 1: OWASP Top 10
OWASP Top 10 (0:26)
A1 - Injection (1:35)
A2 - Broken Authentication (2:50)
A3 - Sensitive Data Exposure (1:26)
A4 - XML External Entities (XXE) (1:34)
A5 - Broken Access Control (1:15)
A6 - Security Misconfiguration (2:13)
A7 - Cross-Site Scripting (2:48)
A8 - Insecure Deserialization (1:50)
A9 - Using Components with Known Vulnerabilities (2:01)
A10 - Insufficient Logging and Monitoring (1:34)
Module 14 - Section 2: SQL Injection
Introduction (0:31)
SQL Injection Attack Characters (1:36)
SQL Injection Methodology (1:45)
SQL Injection Attacks (0:38)
Types of SQL Injection (0:15)
Blind SQL Injection (1:45)
Simple SQL Injection Attack (2:54)
Union & Error Based SQL Injection (2:02)
SQL Injection Tools (3:04)
SQL Injection Tools Cont... (0:39)
SQL Injection Tools Cont... (0:28)
SQL Injection Detection Tool (0:41)
SQL Injection Detection Tool Cont... (0:17)
SQL Injection Detection Tool Cont... (0:30)
SQL Injection Detection Tool Cont... (0:11)
Module 14 - Section 3: XSS
Cross-Site Scripting (XSS/CSS) (0:39)
Introduction to Cross-Site Scripting (0:33)
Type of XSS (0:35)
Stored XSS or Persistent/Type I (1:16)
Reflected XSS (Non-Persistent or Type II) (0:57)
DOM Based XSS (Type-0) (0:29)
Server XSS (0:42)
Client XSS (0:54)
XSS Types in the Matrix (0:33)
Test for XSS Vulnerability (0:17)
Code Review (1:39)
Web Application Security Scanners (0:34)
Testing (0:58)
Module 14 Review (0:04)
Module 15 - Hacking Wireless Networks
Hacking Wireless Networks (0:46)
Where are We? (0:37)
Overview (0:41)
Module 15 - Quiz
Module 15 - Section 1: Wireless Technologies
802.11 Wireless Background Information (0:40)
Wireless LAN (WLAN) (0:37)
Standards Comparison (1:33)
Basic Items SSID (Service Set Identity) (0:48)
Basic Items MAC Filtering (1:13)
Encryption Protocols (0:29)
Wireless Security Wired Equivalent Privacy (1:51)
WEP (1:37)
WEP Weak IV Packets (0:51)
WEP Weaknesses (0:50)
Wireless Security Wi-Fi Protected Access (0:55)
How WPA Improves on WEP (0:59)
Temporal Key Integrity Protocol (TKIP) (1:06)
WPA (TKIP Flow Chart) (1:19)
The WPA MIC Vulnerability (1:03)
WPA-PSK Encryption (1:05)
Wireless Security 802.11i - WPA2 (0:21)
Wireless Security 802.11i - WPA2 Cont... (0:52)
WPA and WPA2 Mode Types (0:35)
WPA2 (AES Encryption) (2:24)
4-Way Handshake AES-CCMP - WPA2 (0:43)
WPA2 Weaknesses (0:56)
Wireless Security WPA3 (1:28)
WPA3 Improvements (0:47)
WPA3 Improvements Cont... (0:40)
WPA3 Improvements Cont... (0:58)
Wi-Fi Protected Setup (1:03)
Authentication (0:22)
Open Authentication (0:53)
Shared Key Authentication (0:59)
EAP Authentication (1:25)
MAC Address Authentication (0:47)
Bluetooth (1:01)
Bluetooth Cont... (1:29)
Bluetooth Protocol Stack (2:01)
The Pairing Process (1:16)
Basics of Bluetooth Security (1:26)
Basics of Bluetooth Security Cont... (0:49)
Bluetooth Security (1:05)
Module 15 - Section 2: Mobile and IoT Technologies
Overview of Smartphones Communication (3:36)
Risks and Threats Mobile Devices (1:04)
Risks and Threats Mobile Devices Cont... (0:51)
IoT Risks and Threats (1:49)
Module 15 - Section 3: Various Tools Used
Wireless Hardware Needed (0:42)
Aircrack-ng Suite Used for both WEP and WPA (1:05)
Airodump-ng Used for both WEP and WPA (0:37)
Aireplay Used for both WEP and WPA (1:01)
Aircrack-ng Used for both WEP and WPA (0:56)
Wesside-ng Used for both WEP and WPA (0:43)
Kismet (0:25)
Wireshark (0:31)
coWPAtty (0:39)
NetStumbler: This Product has not been updated in some time (0:24)
Other Notable Tools (0:43)
Bluetooth Equipment (0:34)
Bluetooth Tools (1:06)
Bluetooth Tools Cont... (0:26)
Module 15 - Section 4: Hacking Techniques
DOS: Deauth/Disassociation Attack (1:37)
Attacking WEP (0:46)
Attacking WPA (0:18)
Attacking WPA2 (0:59)
Attacking WPA2 via Linux/Android (0:38)
Attacking WPA2 via Linux/Android Cont... (0:24)
Recon: Bluetooth (0:43)
Attacking Bluetooth (0:54)
Bypassing Smartphone Security (3:12)
Module 15 - Section 5: Countermeasures
Umm, Patching? (0:40)
Require Network Authentication 802.1X: EAP Types (0:29)
Comparing 802.1X Authentication Methods (1:20)
EAP/TLS Deployment (1:24)
Wireless Intrusion Detection (1:00)
Mobile/IoT Areas to Consider (1:15)
Mobile/IoT Device Security (1:46)
Mobile/IoT Device Security Cont... (1:28)
Mobile/IoT Application Security (3:41)
Mobile/IoT Application Security Cont... (1:03)
Mobile Device Connections to Secure (1:28)
Hardening the Devices (2:30)
Is IoT Any Different? (0:40)
Security Areas that Apply to IoT (2:09)
General Hardening Recommendations for IoT (0:59)
Implement IoT Standards (0:38)
Mobile Deployment Models (1:29)
BYOD Issues/Concerns (2:34)
Mobile/IoT Initial Recommendations (1:11)
Develop Internal Policies (0:56)
Module 15 Review (0:39)
Module 16 - Maintaining Access and Covering Tracks
Maintaining Access and Covering Tracks (1:25)
Where are We? (0:11)
Overview (0:07)
Module 16 - Quiz
Module 16 - Section 1: Maintaining Access
Back Doors (1:51)
Covert Channel (2:07)
Encrypted Tunnel Notes (2:07)
Backdoor via Rootkits (2:21)
Rootkits - Not as many today (1:04)
Netcat - Still Here and Still Works (1:07)
Netcat Switches (1:39)
Netcat as a Listener (0:29)
Meterpreter - Very Widely Used Today (0:41)
Meterpreter in Use (1:13)
Leverage PowerShell for Backdoors! (0:38)
Module 16 - Section 2: Covering Tracks
What and Why (2:45)
Clearing Event Logs (1:09)
Clearing Event Logs Cont... (0:36)
Hiding Files with NTFS Alternate Data Streams (4:31)
What is Steganography? (1:39)
Steganography Tools - There are many! (1:14)
Shedding Files Left Behind (1:44)
More Anonymous Software (1:22)
Anonymous Internet Access (1:16)
Anonymous Browsing (0:31)
Leaving No Local Trace (1:54)
Module 16 Review (0:32)
Trojans and Backdoors
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock