Welcome to the cyberia on demand offensive penetration testing course. My name's Clint Care and I'll be your tour guide.
Why should you take this course? Well, this course is a very hands on course. I don't want it to be a death by PowerPoint course. I want to demonstrate the techniques that ethical hackers or pen testers are currently using
as well as you getting your hands dirty in labs. We have a bunch of labs in this course and you'll get to put hands on keyboard and demonstrate these hacker concepts yourself
also to harness the hacker mindset. What do I mean by that? Well, if you're like me and you like Lagos or you have kids that like Lagos, um, let's say you get your legos and you're missing a couple pieces. What do you do? How do you think around that problem? That's kind of a hacker mindset in a nutshell, it's the ability to, to look at a problem and figure out ways around the problem or working with the existing conditions that you have,
which may not be ideal but figuring out ways to move laterally or thinking laterally.
Also, I want to talk about pen testing certifications, not the boring multiple choice ones, but the ones we actually have to demonstrate that you're a hacker, that you're a good hacker. And I think these certifications get your foot in the door when it comes time to get a pen testing rule and I can kind of attribute that
to the role I'm in now. I think the osc P was a great way to get my foot in the door um in my current role.
So like I said, this is going to be a very hands on course. You'll get a chance to watch me demonstrate the techniques and then you do it yourself.
Um, and then I think that that is what is going to get your foot in the door, like I said before, when it comes time for you to get into pen testing or perhaps getting uh perhaps you already a pen tester um and you want to kind of hone your skills a little bit better.
So who is this course for? Like I said, maybe you're already a pen tester, Maybe you're beginner pen tester, Intermediate pen tester
who kind of wants to, you know, I talked about the basics of pen testing and then I kind of leap more into the advanced techniques or intermediate intermediate techniques, I should say
in pen testing. So if you're a beginner, you may have some problems following along with some of the concepts, just because I kind of move quickly through the concepts. But if you need to brush up or your intermediate, I think this course would be perfect for you, cybersecurity professionals. That's a very ambiguous term.
But if you already in the industry and you want to learn more about
hacking techniques, this is a good course for you and network administrators. I think the best hackers have that network administrating administration background because as hackers right, we need to basically emulate our model,
our techniques off of what network admins do, right. We want to see what users on the system.
We're gonna look at networking within the system. We have to maybe modify a firewall rule. So kind of what we do is hackers model what network admins do.
So we're talking about these certifications, These hacking certifications. There's a lot of different organizations out there. C E H being E C councils and I want to also point out the fact that yes, it is a multiple choice test, but they've kind of moved also into a hands on version
of the C. E. H. As well, which I think is great. I think any hands on test
is great. So I applaud EC Council for also offering a hands on version of the C. E. H.
He learned security is newer, but I've taken the E whopped and the E. C. P. P. T. Exams and both of those are seven days in an environment to hack and then seven days to write a report. I think that's incredibly realistic and also very beneficial as an employer. If I have someone that I know
uh, is able to hack into a virtual environment and write a good penetration test report
that maybe that someone I want to hire because I know that they have done that before and are certified in doing that.
So if you've taken a sands course, Jack is the organization that you take your test through. Uh, Jack is moving also towards a more hands on version of certification. So if you've taken g pen race recently, it's not only multiple choice questions
but also some VMS that you have to uh load and answer the questions from the VMS.
So capta is known for security plus. I think if you're new to cybersecurity security Plus is the certification for you
camp to also has a pen test Plus, which I think is their version of the C E H. Now there are multiple choice tests or questions in this test but they also have uh demonstration questions where maybe you have to
um rank things or or you know, do you know which steps? 12 and three. What steps come for a 2nd and 3rd.
Um, so that's demonstrating that you have some understanding of the techniques and of course there's the Oh SCP, right. Which is of course the out of, out of all of these is the biggest certification,
foundational certification, offensive security calls it, but I think the one that demonstrates one, not only that you have the skills to be a hacker, but also that you have the hacker mindset as well.
So again, my name is clint care. I was a police officer and federal agent for about 14 years and also a navy reservist before becoming an ethical hacker. And I think you'll see a lot of law enforcement officers
kind of gravitate more towards the forensic side. Right? Not too many law enforcement officers are hackers or become hackers. So
I really enjoyed when I got into cybersecurity and my job as an agent. I really enjoyed the pen testing part of it and decided one day I want to do this full time. I love being an agent. I love serving my country also as as a navy reservist. But I really, really loved pen testing and it was kind of this leap of faith
to get into a role where I can do pen testing. So I'm very fortunate in the fact that I got to be a federal agent. I got to be a law enforcement officer and I also get to in my current role, um, protect people by doing ethical hacking.
I also want to mention if I can go back
this picture of, of the hacker in the hoodie, right? We think of hackers, we think of, you know, this cloaked figure and I wanted to get away from that. I mean, I'm just a normal guy as you can see, uh, and I even have me doing a presentation with a hacker in the background. So that's to say that hackers aren't these shadowy figures,
hackers, are you and me? They're just normal people
that enjoy this challenge this puzzle. You know, I think you'll hear a lot of hackers say, you know, to me, hacking is a puzzle. So I want to kind of get away from this image of of a hacker, he doesn't have gloves on this picture or she, but I want to get away from that stereotype and just show that a hacker can be anybody
and it's a good term.
So I'm learning objectives in this course. We'll start the beginning, will start how to how to install virtual box and how to download the Cali Lennox. Uh Destro of, you know, Lennox. So
we start at the very basics, then we'll talk about a penetration test from, you know, web app pen testing, to network penetration testing. Um So kind of the full gamut there and also equally important is writing a report, right? And like I talked about with the learn and also SCP
writing the report is a vital component of the certification itself.
Um And also like I said, understand the hacker mindset. The people that are very successful in this industry are those that don't have have to follow steps one through five. They can think laterally, they can think around problems and that ability I think is very important when it comes to being a pen tester.
So what should you already have? You should have a solid understanding of TCP I. P. Networking, you should have a reasonable level of understanding of Windows and Lennox.
Maybe you've been a network admin, maybe you have it. Maybe you just know the command line very well. I think that's that's a good baseline here.
You should be familiar with Windows and the Lennox command line like I just said
uh and also some understanding of bash scripting and python scripting as well. It's not imperative but we're talking a lot about exploits scripts here and it's not being a script kiddie and just using medicine Floyd and firing things off from there. But also the fact that you can read scripts and understand what they do.
So we're gonna go through, like I said from from the very beginning of the foundations of success in these tests, these hands on tests um to setting up Cali Lennox and then understanding network protocols. Like I said, we're gonna look at web app pen testing, we're gonna look at buffer overflows, we're gonna look at public exploits and what do I mean by that, I mean
looking at the code of public exploits, modifying that to fit our environment
and then launching attacks from there. Also when you get a shell, what do you do next? And then privilege escalation going from an unprivileged user to a privileged user as well as understanding how to crack passwords and conduct brute force login attacks.
Then we're going to kind of put everything together with a capstone lab that you'll have to do and then I'll kind of close with developing that hacker mindset. Of course, if you've gone all that way through the course, you should have been developed developing that hacker mindset along the way. But I just kind of give you some tips and techniques to harness that
course material. You have your syllabus, you'll have your labs, which I think is very important here, some quizzes and some references that I'll talk about throughout the course.
So thank you for enrolling in this course. A journey of 1000 miles begins with a single step. This is your single step into this journey to get you ready for these hands on pen testing certifications that will either get your foot in the door to become a professional pen tester
or help you become a better professional pen tester if you already are one.