Course Overview

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
>> Welcome to the Cybrary on
00:00
demand offensive penetration testing course.
00:00
My name is Clint Kehr and I'll be your tour guide.
00:00
Why should you take this course?
00:00
Well, this course is a very hands-on course.
00:00
I don't want it to be a death by PowerPoint course.
00:00
I want to demonstrate the techniques
00:00
that ethical hackers or pen testers are
00:00
currently using as well as
00:00
you getting your hands dirty in labs.
00:00
We have a bunch of labs in this course
00:00
and you'll get to put
00:00
hands-on keyboard and demonstrate
00:00
these hacker concepts yourself.
00:00
Also to harness the hacker mindset,
00:00
what do I mean by that?
00:00
Well, if you're like me and you like
00:00
LEGOs or you have kids that like LEGOs,
00:00
let's say you get your LEGOs
00:00
and you're missing a couple of pieces.
00:00
What do you do? How do you think around that problem?
00:00
That's the hacker mindset in a nutshell,
00:00
is the ability to look at a problem and
00:00
figure out ways around the problem or
00:00
working with the existing conditions
00:00
that you have which may not be
00:00
ideal but figuring out ways to
00:00
move laterally or thinking laterally.
00:00
Also, I want to talk about pen testing certifications,
00:00
not the boring multiple choice ones,
00:00
but the ones we actually have to
00:00
demonstrate that you're a good hacker.
00:00
These certifications get your foot in
00:00
the door when it comes time to get a pen testing role,
00:00
and I can attribute that to the role I'm in now.
00:00
The OSEP was a great way
00:00
to get my foot in the door in my current role.
00:00
Like I said, this is going to be a very hands-on course.
00:00
You'll get a chance to
00:00
watch me demonstrate the techniques
00:00
and then you do it yourself,
00:00
and then I think that,
00:00
that is what is going to get your foot in the door
00:00
like I said before when it comes
00:00
time for you to get into pen testing or
00:00
perhaps you're already a pen tester,
00:00
and you want to hone your skills a little bit better.
00:00
Who is this course for?
00:00
Maybe you're already a pen tester or
00:00
maybe you're a beginner;
00:00
a pen tester or intermediate pen tester.
00:00
I talk some about the basics of
00:00
pen testing and then I leap more into
00:00
the advanced techniques or
00:00
intermediate techniques I should say in pen testing.
00:00
If you're a beginner you may have
00:00
some problems following along with some of
00:00
the concepts just because
00:00
I move quickly through the concepts.
00:00
But if you need to brush up or your
00:00
intermediate this course would be perfect for you.
00:00
Cybersecurity professional is a very ambiguous term,
00:00
but if you're already in the industry and you want to
00:00
learn more about hacking
00:00
techniques this is a good course for
00:00
you and network administrators.
00:00
The best hackers have
00:00
that network administration background
00:00
because as hackers we need to
00:00
basically emulate our model,
00:00
or techniques off of what network admins do.
00:00
We want to see what users that are on the system,
00:00
we're going to look at networking within the system,
00:00
we have to maybe modify a firewall rule.
00:00
What we do as hackers model what network admins do.
00:00
[NOISE] When we're talking about these certifications,
00:00
these hacking certifications, there's a lot of
00:00
different organizations out there, CEH being EC-Councils.
00:00
I want to also point out the fact that yes,
00:00
it is a multiple choice test,
00:00
but they've moved also into
00:00
a hands-on version of the CEH as well which is great.
00:00
Any hands-on test is great.
00:00
I applaud EC-Council for
00:00
also offering a hands-on version of the CEH.
00:00
ELearnSecurity is newer, but I've taken the eWPT and
00:00
the eCPPT exams and both of those are
00:00
seven days in an environment
00:00
to hack and then seven days to write a report.
00:00
That's incredibly realistic and also very beneficial.
00:00
As an employer if I have someone that I
00:00
know is able to hack into
00:00
a virtual environment and write
00:00
a good penetration test report maybe that
00:00
someone I want to hire because
00:00
I know that they have done that
00:00
before and are certified in doing that.
00:00
If you've taken a SANS course,
00:00
GIAC is the organization that you take your test through.
00:00
GIAC is moving also towards
00:00
a more hands-on version of certification,
00:00
so if you've taken GPEN
00:00
recently it's not only multiple choice questions but
00:00
also some VMs that you have
00:00
to load and answer the questions from the VMs.
00:00
CompTIA is known for Security+.
00:00
If you're new to cybersecurity,
00:00
Security+ is the certification for you.
00:00
CompTIA also has PenTest+
00:00
which is their version of the CEH.
00:00
Now there are multiple choice tests
00:00
or questions in this test,
00:00
but they also have demonstration
00:00
questions where maybe you have
00:00
to rank things or do which Steps 1,
00:00
2, and 3, what steps come first, second, and third.
00:00
That is demonstrating that you have
00:00
some understanding of the techniques.
00:00
Of course there's the OSEP which is of
00:00
course out of all of these is the biggest certification;
00:00
foundational certification Offensive Security calls it,
00:00
but the one that demonstrates one,
00:00
not only that you have the skills to be
00:00
a hacker but also that you have
00:00
the hacker mindset as well.
00:00
Again, my name is Clint Kehr.
00:00
I was a police officer and federal agent for
00:00
about 14 years and
00:00
also a navy reservist before becoming an ethical hacker.
00:00
You'll see a lot of
00:00
law enforcement officers gravitate
00:00
more towards the forensic side,
00:00
not too many law enforcement officers
00:00
are hackers or become hackers.
00:00
I really enjoyed when I got into cybersecurity
00:00
and my job as an agent
00:00
I really enjoyed the pen testing part of it,
00:00
and decided one day I want to do this full-time.
00:00
I loved being an agent, I loved serving
00:00
my country also as a navy reservist but I really
00:00
loved pen testing and it was this leap of faith into
00:00
the industry to get into
00:00
a role where I can do pen testing.
00:00
I'm very fortunate and the fact
00:00
that I got to be a federal agent,
00:00
I got to be law enforcement officer,
00:00
and I also get to,
00:00
in my current role,
00:00
protect people by doing ethical hacking.
00:00
I also want to mention if I can go
00:00
back this picture of the hacker in a hoodie.
00:00
When we think of hackers, we think
00:00
of this cloaked figure.
00:00
I wanted to get away from that.
00:00
I'm just a normal guy as you can see.
00:00
I even have me doing
00:00
a presentation with a hacker in the background.
00:00
That's to say that hackers aren't these shadowy figures,
00:00
hackers are you and me.
00:00
They're just normal people
00:00
that enjoy this challenge, this puzzle.
00:00
You'll hear a lot of hackers
00:00
say to me hacking is a puzzle.
00:00
I want to get away from this image of a hacker.
00:00
He doesn't have gloves on this picture or she,
00:00
but I want to get away from that stereotype and just
00:00
show that a hacker can be anybody and it's a good term.
00:00
Our learning objectives in
00:00
this course we'll start at the beginning.
00:00
We'll start at how to install
00:00
VirtualBox and how to download the Kali Linux,
00:00
the distro of Linux,
00:00
so we start at the very basics.
00:00
Then we'll talk about a penetration test
00:00
from web app pen testing to network penetration testing,
00:00
so the full gamut there,
00:00
and also equally important is writing a report.
00:00
Like I talked about with eLearn and also OSEP writing
00:00
the report is a vital component
00:00
of the certification itself.
00:00
Also understanding the hacker mindset.
00:00
The people that are very successful in this industry
00:00
are those that don't have to follow Steps 1 through 5.
00:00
They can think laterally,
00:00
they can think around problems,
00:00
and that ability is very
00:00
important when it comes to being a pen tester.
00:00
What should you already have?
00:00
You should already have a solid understanding
00:00
of TCP/IP networking.
00:00
You should have a reasonable level
00:00
of understanding of Windows and Linux.
00:00
Maybe you've been a network admin,
00:00
maybe you haven't, maybe you just
00:00
know the command-line very well.
00:00
That's a good baseline here.
00:00
You should be familiar with Windows and
00:00
the Linux command-line like I just said and
00:00
also some understanding of Bash
00:00
scripting and Python scripting as well.
00:00
It's not imperative,
00:00
but we're talking a lot about exploits scripts here.
00:00
It's not being a script kiddie and just
00:00
using Metasploit and firing things off
00:00
from there but also the fact that
00:00
you can read scripts and understand what they do.
00:00
[NOISE] We're going to
00:00
go through from the very beginning of the foundations
00:00
of success in these hands-on tests
00:00
to setting up Kali Linux and
00:00
then understanding network protocols.
00:00
Like I said we're going to looking at web
00:00
app pen testing,
00:00
we're going to at buffer overflows,
00:00
we're going to look at the public exploits.
00:00
What do I mean by that?
00:00
I mean looking at the code of public exploits,
00:00
modifying that to fit our environment,
00:00
and then launching attacks from there.
00:00
Also, when you get a shell,
00:00
what do you do next?
00:00
Then privilege escalation,
00:00
going from an unprivileged user to a privileged user,
00:00
as well as understanding how to crack passwords
00:00
and conduct brute force login attacks.
00:00
Then we're going to put everything together with
00:00
a capstone lab that you'll have to do,
00:00
and then I'll close with developing that hacker mindset.
00:00
Of course, if you've gone all
00:00
the way through the course you should have
00:00
been developing that hacker mindset along the way,
00:00
but I'll just give you
00:00
some tips and techniques to harness [NOISE] that.
00:00
Course material, you have your syllabus,
00:00
you'll have your labs which are very important here,
00:00
some quizzes, and some
00:00
references that I'll talk about
00:00
throughout [NOISE] the course.
00:00
Thank you for enrolling in this course.
00:00
A journey of a thousand miles begins with a single step.
00:00
This is your single step into
00:00
this journey to get you ready for
00:00
these hands-on pen testing certifications
00:00
that will either get your foot in the door to
00:00
become a professional pen tester or help you
00:00
become a better professional pen tester
00:00
if you already are one.
Up Next