Requirements for the Course

• Basic IT knowledge
• Good Internet Connectivity
• Time and Motivation to become world class InformationSecurity Engineer.

Description

Welcome to this course on Practical Ethical Hacking.  To enjoy this course, you need nothing but a positive attitude and a Motivation to learn.  No prior knowledge is required.

In this course, you will learn the practical side of ethical hacking.  In this course, we will focus only on tools and topics that will make you successful as an ethical hacker.  The course is incredibly hands on and will cover many foundational topics.

In this course, we will cover:

1. Ethical Hacker’s Day.  What does an ethical hacker do on a day to day basis?  How much can he or she make? 
2. Skills for a Ethical Hacker  An ethical hacker is only as good as the skills and the knowledge. This section will cover the overall skill set a hacker should have. Further right attitude is covered.
3. Networking and Linux Skills.  This section focuses on the concepts of computer networking and Linux.  We will discuss common ports and protocols, the OSI model, subnetting, and even walk through a network build with using Cisco CLI. Further in the linux section we go with the basics of linux covering shell scripting.
4. Introductory Python.  Most ethical hackers are proficient in a programming language.  This section will introduce you to one of the most commonly used languages among ethical hackers, Python.  You’ll learn the ins and outs of Python 3 and by the end, you’ll be building your own port scanner and writing exploits in Python.
5. Hacking Methodology. This section overviews the five stages of hacking, which we will dive deeper into as the course progresses.
6. Reconnaissance and Information Gathering.  You’ll learn how to dig up information on a client using open source intelligence.  Better yet, you’ll learn how to extract breached credentials from databases to perform credential stuffing attacks, hunt down subdomains during client engagements, and gather information with Burp Suite.
7. Scanning and Enumeration.  One of the most important topics in ethical hacking is the art of enumeration.  You’ll learn how to hunt down open ports, research for potential vulnerabilities, and learn an assortment of tools needed to perform quality enumeration.
8. Exploitation Basics.  Here, you’ll exploit your first machine!  We’ll learn how to use Metasploit to gain access to machines, how to perform manual exploitation using coding, perform brute force and password spraying attacks, and much more.
9. Exploit Development.  This section discusses the topics of buffer overflows.  You will manually write your own code to exploit a vulnerable program and dive deep into registers to understand how overflows work.  This section includes custom script writing with Python 3.
10. Active Directory.  Did you know that 95% of the Fortune 1000 companies run Active Directory in their environments?  Due to this, Active Directory penetration testing is one of the most important topics you should learn and one of the least taught.  The Active Directory portion of the course focuses on several topics.  You will build out your own Active Directory lab and learn how to exploit it.  Attacks include, but are not limited to: LLMNR poisoning, SMB relays, IPv6 DNS takeovers, pass-the-hash/pass-the-password, token impersonation, kerberoasting, GPP attacks, golden ticket attacks, and much more.  You’ll also learn important tools like mimikatz, Bloodhound, and PowerView.  This is not a section to miss!
11. Post Exploitation.  The fourth and fifth stages of ethical hacking are covered here.  What do we do once we have exploited a machine?  How do we transfer files?  How do we pivot?  What are the best practices for maintaining access and cleaning up?
12. Web Application Penetration Testing.  In this section, we revisit the art of enumeration and are introduced to several new tools that will make the process easier.  You will also learn how to automate these tools utilize Bash scripting.  After the enumeration section, the course dives into the OWASP Top 10.  We will discuss attacks and defenses for each of the top 10 and perform walkthroughs using a vulnerable web applications.  Topics include: SQL Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control, Security Misconfigurations, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, and Insufficient Logging and Monitoring
13. Wireless Attacks.  Here, you will learn how to perform wireless attacks against WPA2 and compromise a wireless network in under 5 minutes.
14. Legal Documentation and Report Writing.  A topic that is hardly ever covered, we will dive into the legal documents you may encounter as a penetration tester, including Statements of Work, Rules of Engagement, Non-Disclosure Agreements, and Master Service Agreements.  We will also discuss report writing.  You will be provided a sample report as well as walked through a report from an actual client assessment.
15. Career Advice.  The course wraps up with career advice and tips for finding a job in the field.

At the end of this course, you will have a deep understanding of external and internal network penetration testing, wireless penetration testing, and web application penetration testing.  All lessons taught are from a real-world experience and what has been encountered on actual engagements in the field.

Note: This course has been created for educational purposes only.  All attacks shown were done so with given permission.  Please do not attack a host unless you have permission to do so.

Youtube had given so many opportunities to learn for all of us. I am not sure it’s right to say that recent past youtube had been the number one place to learn new things. There is so much content created on youtube it’s so hard to keep track. I saw a tweet from The Cyber Mentor listing down so many interesting youtube channels fill with things to learn,

First will start the list with pen-testing,

1. Null Byte Channel

https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g

I selected a nice video from the channel which might interest you,

2. The Cyber Mentor Channel

This channel provides loads of resources including a 15-hour network penetration testing course ( seriously ) which values a lot. Particularly this channel makes more sense with the modern pentesting scope of a red teamer. Highly recommended.

Dr. Lakmal Rupasinghe

Cyber Security Researcher | Digital Nomad | Machine Learning Enthusiast

Youtube: https://bit.ly/3a8EAZP

Udemy Course: https://bit.ly/2XtbMbB

Even though you are good at many things, there is a day where you need to face the “interview”. After getting a degree, qualifications, skills, knowledge and etc. when the day comes its all different ball game. Once you master it you get through. If not even though you are the best you get filtered to the bin.

I found some useful resources which makes the process easier. Lets look at them,

and next i found this great article @ this link. and i extracted the following from the article,

1. What online resources do you use to help you do your job? 

Most IT workers turn to websites such as StackExchange or Github when they need help with something. Serious professionals will have their own selection of websites, online communities, social media feeds and other resources specific to their interests. The answer to this question will give you an indication of how engaged the candidate is with the broader IT world. 

2. How do you keep your technology skills current? 

Tech professionals work hard to keep their knowledge base current by reading blogs and forums, taking online courses, joining hackathons and plugging away at personal IT projects. This tech interview question can help you gauge the candidate’s enthusiasm for the profession, as well as open up a conversation about professional development. 

3. Pretend I’m not a tech person. Can you explain [a relevant technology] in simple terms?

IT plays a crucial role in almost every company, so the ability to communicate with non-technical people is a must. You can assess candidates’ communication skills with this interview question. Do they avoid obscure acronyms and jargon? How well can they break down a complicated process? Try asking a few “dumb” follow-up questions to get a sense of how they’d interact with non-tech colleagues. 

4. What qualities do you think are most important in a developer [or another relevant position]? 

A question like this can reveal how the interviewee feels about the position and what they think they would bring to it. Some people may focus on IT certifications and technical abilities, while others may talk more about problem solving, attention to detail, communication and other general job skills. Look for candidates who give a nice balance of both. 

5. What three words would your friends use to describe you? 

The answer can clue you in to a candidate’s personality trait that may not be readily apparent through their resume or traditional interview questions. It also gives insight into how the individual perceives themselves and the role they’re applying for. For example, if their answer focuses on their creative side but the position is very analytical in nature, the job may not be a good fit.

6. Can you tell me about a time when things didn’t go the way you wanted at work, such as a project that failed or being passed over for a promotion? 

Everyone deals with professional setbacks at some point in their career. What you want to know is how people handled — and what they learned from — those situations. The best employees are resilient, using setbacks as a springboard toward positive changes. So listen to not only the problem they mention, but also what they did after the disappointment. 

7. What are your favorite and least favorite technology products, and why? 

In addition to learning whether prospective employees like the hardware, operating system and software your company uses, this tech interview question helps you evaluate enthusiasm and knowledge. Do candidates become animated when discussing the advantages and disadvantages of certain tools? Do they admire solid engineering, sleek design, intuitive user experience or another aspect of good technology? 

8. What are the benefits and the drawbacks of working in an Agile environment? 

Most IT teams have adopted some form of Agile — currently the favored SDLC methodology — which means lots of quick meetings and a steady stream of feedback from fellow team members. A candidate’s answer to this question can tell you not only their level of understanding of this popular environment, but also their attitudes toward collaboration and communication. 

9. How do you think further technology advances will impact your job? 

Advances in technologies continue to change most IT roles. How aware of that is the candidate you’re interviewing? Do they know, for example, that automated testing is a major part of DevOps, which allows for faster development cycles and quicker deployment? A candidate may talk about the automation tools they use or the challenges of working with machine learning and big data. They may also discuss AI projects they hope to work on. This question is a good way to start a conversation about trends and advancements in the field, and it will also give you insight into how the candidate perceives their role over the long term. 

10. Tell me about a tech project you’ve worked on in your spare time. 

You want to hire an IT professional who devotes their personal time to side projects. Why? These are people who are driven and curious, which, in turn, keeps their skill set fresh. Ask how they stay motivated, what interests them about the project and what their ultimate goal is. If they can demo a website or app they’ve built, all the better. 

11. What was the last presentation you gave? 

Today’s tech workers can’t be lone wolves. They have to discuss changes with teammates, coordinate with other departments, advocate for platforms they prefer and much more. While not everyone has to love public speaking, your new hire should be able to conduct research, put together a solid presentation and persuade stakeholders why X is better than Y. 

12. What are the qualities of a successful team or project leader? 

Always be on the lookout for leaders, even when you’re not hiring for a management position. The nature of IT work means individuals will frequently have to take responsibility for delivering projects, and this requires leadership skills such as organization, motivation, positivity, delegation and communication. 

13. Are you comfortable working remotely or on a flexible schedule? 

Many candidates seek workplace benefits such as telecommuting, flextime and a BYOD (bring your own device) policy. Asking this interview question serves as a reminder to candidates that the company offers such perks. It’s also a good way of identifying those who might not be a good fit.

14. What would you hope to achieve in the first six months after being hired? 

The answer to this tech interview question depends on the role. A developer, for example, may hope to have developed a small project during that time, while a tech manager may want to have analyzed internal processes. A candidate’s response will give you insights into their overall understanding of the position. If their goals and ambitions don’t match the job description, this may not be the right position for them. 

15. What kind of work environment suits you best? 

This question can help you assess whether a candidate will thrive within your organizational culture. It may also open up a dialogue with the interviewee about how your culture operates. Is your office high pressure and deadline driven or do people work at their own pace? Are all goals defined by the manager or do you sometimes let team members set their own priorities as long as they serve the overall departmental mission? Both you and the candidate should emerge from the interview with a sense of whether you’re right for each other. 

16. How do you manage your work-life balance? 

With on-call duties and multiple pressing deadlines, some tech workers struggle with the always-on, workaholic culture of this field. While you want dedicated team members, you should also seek employees who know how to relax and take care of themselves. Burnout is a very real problem in IT, and top performers have good strategies in place to prevent that. As a follow up to their answer, you could talk about how your company supports a healthy work-life balance — something that can be very tempting for candidates with multiple offers. 

17. Why do you want to work for us? 

Individuals who truly want the job will have done their research and be able to talk about your company’s values, products and services, and approach to technology. If they can’t articulate at least a few reasons your company would be a good match for their skills and ambitions, then they haven’t done their due diligence to properly prepare for the interview — an interview red flag for hiring managers. 

Remember to allow time at the end of the interview for candidates to ask you questions. This is not only beneficial to applicants — it also clues you in to what matters to them. For instance, you may reconsider your interest in a prospect if they seem overly concerned about salary and vacation accrual during the first interview. Or you may be impressed when someone asks questions that demonstrate their business acumen and thorough understanding of your company’s strengths and weaknesses.