Ethical Hacker: Account Creation

Ethical Hacker: Account Creation

• discover the key concepts covered in this course
• recognize account creation concepts
• describe and implement MAC, DAC, and RBAC
• describe ABAC and its advantages over standard access control
• design access control and account management processes
• summarize the key concepts covered in this course

Account management and access control are fundamental to security, and it's vital to understand these technologies as an ethical hacker. Explore account creation concepts, standard access control models, attribute-based access control, and how to design account and access control.

Ethical Hacker: Hacking Techniques

Ethical Hacker: Hacking Techniques

• discover the key concepts covered in this course
• describe SQL injection and variations
• execute basic SQL Injection
• describe cross-site scripting
• describe malware threats
• recognize and describe types of malware
• implement an innocuous virus in penetration testing
• recognize types of DoS and associated counter measures
• describe how steganography works
• use common steganography tools
• recall the basics of Metasploit
• execute basic Metasploit commands
• use common Windows hacking techniques
• summarize the key concepts covered in this course

Ultimately, ethical hacking is about hacking, so the ethical hacker must have some hands-on hacking skills. Explore fundamental hacking techniques, including SQL injection, cross-site scripting, malware, using viruses, DoS attacks, steganography, using Metasploit, and Windows hacking.

Ethical Hacker: Incident Response

Ethical Hacker: Incident Response

• discover the key concepts covered in this course
• describe incident response concepts
• properly classify and describe different types of incidents
• create a response plan for physical incidents
• create a response plan for cyber incidents
• describe and apply basic incident response forensics includikng evidence handling and basic techniques
• apply basic incident response forensics including imaging a drive and basic legal standards
• conduct recovery and remediation activities
• conduct an after action review of incident response
• summarize the key concepts covered in this course

Ethical hacking is a means to avoid incidents and to discover them before they are realized. Often, ethical hacking is part of the response to an incident, so an understanding of incident handling is important for the ethical hacker. Explore the foundational concepts of incident response, including incident classification, recovery and remediation, and after action review.

Ethical Hacker: Risk Assessment

Ethical Hacker: Risk Assessment

• discover the key concepts covered in this course
• calculate risk levels in a quantitative manner
• identify and implement specific responses to risk
• assess security vulnerabilities using CVSS
• utilize the CIA triangle and the McCumber cube to assess risks and threats
• apply risk management standards according to NIST 800-37
• evaluate security in accordance with ISO/IEC 18045
• describe the COBIT 5 standard
• describe and use DREAD, PASTA, and other risk models
• summarize the key concepts covered in this course

Ultimately, ethical hacking is about testing the risk level an organization has. In order to perform effective, professional ethical hacking, a knowledge of risk is essential. Explore risk assessment concepts, including risk calculations, responses, and models. Discover how to use the Common Vulnerability Scoring System and how to apply risk management concepts and evaluate risk in accordance with common standards.

Ethical Hacker: Scanning

Ethical Hacker: Scanning

• discover the key concepts covered in this course
• describe NMAP and how it can be used
• use NMAP to scan a target system or network
• use OWASP ZAP to scan a target web site
• use Vega to scan a target web site
• describe the Shodan search engine, its purpose and usage, and the role it plays in ethical hacking and penetration testing
• use Shodan to gather information about vulnerabilities
• use multiple informational web sites to gain information about a target
• apply specialized Google searches to find information for ethical hacking
• summarize the key concepts covered in this course

One of the early stages in ethical hacking is reconnaissance of the target. Explore various scanning tools and techniques used in ethical hacking, including NMAP, OWASP ZAP, Vega, Shodan, and specialized Google searches.

Ethical Hacker: Secure Technology & Applications

Ethical Hacker: Secure Technology & Applications

• discover the key concepts covered in this course
• describe security devices and how they relate to ethical hacking
• correctly deploy firewall solutions and describe their relevance to ethical hacking
• describe the usage of SIEM and deploy SIEM systems
• describe and utilize IDS/IPS and describe its relation to ethical hacking
• describe antivirus concepts and implement an AV strategy
• configure the firewall in Windows 10 and Windows Server 2019
• configure Windows Defender
• implement basic Snort IDS
• summarize the key concepts covered in this course

Security devices and software are the technical aspect of security. An ethical hacker must be familiar with security technology in order to effectively conduct tests of the target organization's network. Explore security device and software concepts, firewall types and usage, SIEM systems, IDS/IPS, antivirus strategies, Windows Firewall, and how to implement Snort.

Ethical Hacker: Security Standards

Ethical Hacker: Security Standards

• discover the key concepts covered in this course
• describe secure software concepts
• properly apply filtering and data validation
• apply the NSA-IAM to ethical hacking to plan, execute, and report on your ethical hacking project
• apply the PTES to ethical hacking to plan, execute, and report on your ethical hacking project
• describe PCI-DSS standards and integrate them into ethical hacking
• describe and implement ISO 27001
• interpret and apply NIST 800-12
• employ NIST 800-26 standards to manage IT security
• describe NIST 800-14 security protocols
• summarize the key concepts covered in this course

Ethical hacking is not just random hacking attempts. It is a systematic testing of the target's security. For that reason, an understanding of security standards and formal testing methodologies is critical. Examine key security standards including penetration testing standards.

Final Exam: Ethical Hacker

Final Exam: Ethical Hacker

• apply basic incident response forensics including imaging a drive and basic legal standards
• apply risk management standards according to NIST 800-37
• apply the NSA-IAM to ethical hacking to plan, execute, and report on your ethical hacking project
• apply the PTES to ethical hacking to plan, execute, and report on your ethical hacking project
• assess security vulnerabilities using CVSS
• calculate risk levels in a quantitative manner
• conduct an after-action review of incident response
• conduct recovery and remediation activities
• configure the firewall in Windows 10 and Windows Server 2019
• configure Windows Defender
• correctly deploy firewall solutions and describe their relevance to ethical hacking
• create a response plan for cyber incidents
• create a response plan for physical incidents
• describe ABAC and its advantages over standard access control
• describe and apply basic incident response forensics including evidence handling and basic techniques
• describe and implement ISO 27001
• describe and implement MAC, DAC, and RBAC
• describe and use DREAD, PASTA, and other risk models
• describe antivirus concepts and implement an AV strategy
• describe cross-site scripting
• describe how steganography works
• describe IDS/IPS and describe its relation to ethical hacking
• describe incident response concepts
• describe malware threats
• describe NIST 800-14 security protocols
• describe NMAP and how it can be used
• describe PCI-DSS standards and integrate them into ethical hacking
• describe secure software concepts
• describe security devices and how they relate to ethical hacking
• describe SQL injection and variations
• describe the COBIT 5 standard
• describe the Shodan search engine, its purpose and usage, and the role it plays in ethical hacking and penetration testing
• describe the usage of SIEM and deploy SIEM systems
• describe types of malware
• design access control and account management processes
• employ NIST 800-26 standards to manage IT security
• evaluate security in accordance with ISO/IEC 18045
• execute basic Metasploit commands
• execute basic SQL Injection
• identify and implement specific responses to risk
• implement basic Snort IDS
• interpret and apply NIST 800-12
• properly apply filtering and data validation
• properly classify and describe different types of incidents
• recall the basics of Metasploit
• recognize account creation concepts
• recognize NMAP and how it can be used
• recognize SQL injection and variations
• recognize types of DoS and associated countermeasures
• recognize types of malware
• use common steganography tools
• use common Windows hacking techniques
• use multiple informational web sites to gain information about a target
• use NMAP to scan a target system or network
• use OWASP ZAP to scan a target web site
• use Shodan to gather information about vulnerabilities
• use Vega to scan a target web site
• use web sites to gain information about a target
• utilize IDS/IPS and describe its relation to ethical hacking
• utilize the CIA triangle and the McCumber cube to assess risks and threats

Final Exam: Ethical Hacker will test your knowledge and application of the topics presented throughout the Ethical Hacker track of the Skillsoft Aspire Penetration Tester to SecOps Engineer Journey.