Register your product to gain access to bonus material or receive a coupon.
Enterprise Penetration Testing and Continuous Monitoring (The Art of Hacking Series) LiveLessons
- Copyright 2018
- Edition: 1st
- Online Video
- ISBN-10: 0-13-485474-8
- ISBN-13: 978-0-13-485474-8
More than 3.5 hours of video instruction to help you learn the skills necessary to perform advanced penetration testing in an enterprise networking environment.
Enterprise Penetration Testing and Continuous Monitoring LiveLessons, part of The Art of Hacking video series, provides step-by-step, real-life complex scenarios of performing security assessments (penetration testing) of enterprise networks using internal/external reconnaissance, social engineering, and network and vulnerability scanning. You also learn how to perform web app testing, internal network testing, privilege escalation, password cracking, and data exfiltration to probe for and mitigate enterprise vulnerabilities. The course concludes with a look at reporting and evaluation methods to ensure that your enterprise environment stays secure from ever-evolving threats and security vulnerabilities.
Get step-by-step guidance so you can learn ethical hacking, penetration testing, and security posture assessment. You also learn the various concepts associated with many different leading-edge offensive security skills in the industry. Full of multimedia tutorials and hands-on demos that users can apply to real-world scenarios, this is a must for anyone interested in pursuing an ethical hacking career or simply keeping abreast of evolving threats to keep your enterprise network secure from vulnerabilities.
* Introduction to enterprise penetration testing and continuous monitoring
* External and internal reconnaissance
* Enterprise social engineering
* Network and vulnerability scanning
* Web app testing
* Internal testing
* Privilege escalation
* Enterprise secrets, post exploitation, and data exfiltration
* Cloud services
* Reporting and continuous evaluation
Learn How To
* Plan, build, and run a Red Team to conduct enterprise hacking
* Probe for enterprise vulnerabilities using passive/active reconnaissance, social engineering, and network and vulnerability scanning
* Target hosts and deploy tools to compromise web apps
* Infiltrate the network, scan vulnerable targets and open-source software, and host a “capture-the-flag” event to identify enterprise vulnerabilities
* Escalate network access privilege using proven methods and tools
* Perform password cracking, compromise network and user credentials, exfiltrate sensitive data, and cover your tracks in the process
* Test cloud services for vulnerabilities
* Conduct reports for penetration testing events and set up a continuous monitoring infrastructure to mitigate ongoing threats
Who Should Take This Course?
* Any network and security professional who is starting a career in ethical hacking and penetration testing
* Individuals preparing for the CompTIA PenTest+, the Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and any other ethical hacking certification
* Any cybersecurity professional who wants to learn the skills required to become a professional ethical hacker or who wants to learn more about general security penetration testing methodologies and concepts
Requires basic knowledge of networking and cybersecurity concepts and technologies.
Lesson 1, "Introduction to Enterprise Penetration Testing and Continuous Monitoring," covers Red Teams and enterprise hacking. This lesson differentiates continuous evaluation of an enterprise security posture using Red Teams from the traditional penetration testing done in a transactional basis. The lesson concludes with a look at how to plan for, fund, and establish the scope and ground rules for Red Team collaboration.
Lesson 2, "External and Internal Reconnaissance," further defines the Red Team environment and then differentiates between passive and active reconnaissance before delving into the techniques and tools for performing reconnaissance, with attention on the legal and moral concerns associated with the continuous monitoring of an enterprise network.
Lesson 3, "Enterprise Social Engineering," reviews different social engineering methodologies, how Red Teams target employees, and the use of open-source social engineering tools.
Lesson 4, "Network and Vulnerability Scanning," reviews different methodologies for performing network and vulnerability scanning, the operational impact of enterprise-wide scanning, and the available open-source and commercial scanning tools. This lesson also covers how enterprises are shifting from transactional penetration testing to deploying Red Teams to perform continuous monitoring.
Lesson 5, "Web App Testing," covers how to target enterprise host and web applications with a focus on several tools to perform web application testing as well as how to perform continuous testing within the enterprise.
Lesson 6, "Internal Testing," reviews techniques to initially get on the network, identify the hosts to target, and establish the scope of the testing.
Lesson 7, "Privilege Escalation," defines privilege escalation and how to achieve it, using several examples facilitated by readily available tools to do so. The lesson concludes with how to understand and perform lateral movement.
Lesson 8, "Enterprise Secrets, Post Exploitation, and Data Exfiltration," focuses on persistent access and post exploitation techniques. The lesson covers how to achieve domain access, compromise user credentials, and implement password cracking and reporting tools, search for sensitive data, and exfiltrate data. Finally, you learn how to cover your tracks to avoid detection, with the end goal of identifying how to respond to these types of attacks so that you can mitigate the vulnerabilities for the enterprise.
Lesson 9, "Cloud Services," reviews the challenges and caveats when performing penetration testing in the enterprise cloud environment, supported by some illustrative case studies.
Lesson 10, "Reporting & Continuous Evaluation," covers the differences between final reports for traditional penetration testing and how enterprise Red Teams report their findings to stakeholders and executives with a focus on continuous monitoring.
About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.
Table of Contents
Lesson 1: Introduction to Enterprise Penetration Testing and Continuous Monitoring
Lesson 2: External and Internal Reconnaissance
Lesson 3: Enterprise Social Engineering
Lesson 4: Network and Vulnerability Scanning
Lesson 5: Web App Testing
Lesson 6: Internal Testing
Lesson 7: Privilege Escalation
Lesson 8: Enterprise Secrets, Post Exploitation, and Data Exfiltration
Lesson 9: Cloud Services
Lesson 10: Reporting & Continuous Evaluation