ＨｉｄｅＺｅｒｏＯｎｅ

The Complete Ethical Hacker’s Toolkit is a comprehensive learning path offered by EC-Council Learning. This skill path consists of 15 micro courses designed to help you either start or transition into a career in ethical hacking and penetration testing.

Syllabus

Practical Linux for Pentesting & Bug Bounties
Deep Web and Cybersecurity
A Guide to Hands On Network Pentesting
Hands-on Penetration Testing with Netcat
Session Hijacking and Prevention Techniques
Web Hacker’s Toolbox: Tools Used by Successful Hackers
Nmap for Ethical Hacking, Network Security, & Bug Bounties
Foundations of Hacking and Pentesting Android Apps
Hands-on Linux for DevOps & Cloud Engineers
Communication with IoT
Troubleshooting Slow Network with Wireshark
Web Application Security Testing with Google Hacking
Beginners Cryptography Demystified
Jupyter Notebook for Everyone
Mastering Nuclei with Automation for Pentesting & Bug Bounty

The Complete Ethical Hacker’s Toolkit

The Advanced Software Exploitation (ASE) course offers security professionals an opportunity to test and develop their skills like never before. During this course, students will learn to identify common vulnerabilities and then use them to develop exploits for a wide range of software applications, including popular Windows applications, interpreted languages, and Web browsers.

In the first half of the course, attendees will use fuzzing, reverse engineering, and source code auditing, to attack a wide variety of applications (e.g. iTunes, Firefox, Vulnserver, etc.) and then use proven exploitation techniques to develop an exploit for one of the VMs (Windows 7, Windows 8.1 and Windows 10).

Then, in the second half of the course, the focus will shift from classic vulnerabilities to more advanced ones. In this section, students will learn how to escape Java sandbox using a type confusion vulnerability, how to circumvent the ASLR without pointer leaks, and how to use precise heap spraying, just to name a few.

By the end of this course, students will know how to find software vulnerabilities using fuzzing, reverse engineering, and source code auditing, and then how to write their own exploits in Python, JavaScript, or Java.

Syllabus

Fundamentals: Intro
Fundamentals: Stack Buffer Overflow
Fundamentals: Structured Exception Handler Overwrite
File Format Fuzzing: Intro
File Format Fuzzing: The Peach Fuzzer
Network Protocol Fuzzing: Vulnerability Discovery
Network Protocol Fuzzing: Exploitation
Attacking Web Browsers: Vulnerability Discovery
Attacking Web Browsers: Exploitation
Practical Patch Diffing
Exploiting vulnerabilities in the Oracle JVM: Vulnerability Discovery

Exploiting vulnerabilities in the Oracle JVM: Exploitation

Advanced Windows exploitation

Conclusion

Ptrace Security – Advanced Software Exploitation

With all the cybersecurity systems we have developed, we still aren’t immune enough from one of the biggest cybersecurity threats. Users are easier to hack than computers and only one human mistake can ruin even the most advanced cybersecurity system. That’s why we created the course “Social Engineering & Phishing Mastery” which uncovers tactics and techniques known as social engineering. You’ll learn how attackers gather information on their targets and what information available online is useful for them. You’ll find out how to secure Red Team infrastructure, prepare an efficient payload, and bypass security solutions. All of that working with publicly available tools deployed by scammers every day. Outthinking attackers is just one part of this course. You’ll also cover best practices for reporting and discover how to use what you’ve learned on this course to protect the cybersecurity infrastructure of your company or organization.

After investing in cybersecurity to protect their systems and data from the possibility of a cyberattack, many companies want to make sure their security countermeasures are effective by conducting a penetration test. But who can they trust to evaluate the effectiveness of security countermeasures? Considering the oft-quoted statistic that around 80% of all cyberattacks are the result of human error, it’s not surprising many people believe that the success of a penetration test lies largely in the skill and experience of the testers. Now, you have the opportunity to prove that you have the skills and experience they need when you complete our advanced cybersecurity training: “Infrastructure Pentesting: Hackers Perspective or Notes From the Field.” This advanced training, which requires a foundational understanding of Powercat and Inveigh tools, is a recorded training extracted from our AWSC 2020 edition. In less than three hours, this training based on real-world scenarios will equip you with the skills and know-how to conduct effective pentest and vulnerability management. We highly recommend this advanced training to penetration testers and any cybersecurity expert eager to develop their skill set and advance their career.

In a world where identity theft is rampant and data breaches occur constantly, protecting identity has become the new security perimeter for Azure and other cloud technologies. Effective pentesting needs to identify all types of possible attacks so any weak links in the infrastructure can be rectified or eliminated. Most large companies have already migrated or are planning to migrate to the cloud, and it is highly likely many small and medium companies will follow suit. These companies will need effective pentesting to ensure their cloud or hybrid IT infrastructure is secure without exposed points of entry as easy targets for cyberattackers. You can be in high demand for your penetration testing skills when you complete our advanced cybersecurity training: “Deep Dive into Penetration Testing on Azure and Other Cloud Technologies.” This short and intensive training is a recorded training extracted from our AWSC 2020 edition. In just a little over two hours, you’ll learn advanced pentesting techniques through real-world case studies, demos, and examples. You don’t need to worry about spending long time on learning new skills — this advanced training is compressed to the size of the byte and intensive. You are guaranteed to walk away with actionable insights you can implement right away to boost your career. We highly recommend this advanced training to Penetration Testers, Security Administrators, Security Consultant and any cybersecurity expert eager to develop their skill set and advance their career.

Syllabus

1. Cloud Cyber Kill Chain
2. Recon: Examples
3. Intrusion / exploitation : Typical Points of Entry, Metadata endpoint
4. SSRF demo
5. Persistence: Examples
6. Privilege escalation: Co-location attacks, Examples, Azure shell

CQURE – Deep Dive into Penetration Testing on Azure and Other Cloud Technologies