Mak Hacking & Cyber Security

Free on-line Certified Ethical Hacking (CEH) course from Logical Security

This is great information at a great price. Shon is very serious about security and this is worth your time if you are also serious.

http://www.logicalsecurity.com/resources/resources_videos.html

Logical Security is a training and consulting company owned by Shon Harris. It is offering a free on-line Certified Ethical Hacking (CEH) course. The course is around 25 hours in length and contains demos and labs along with lecture to ensure the material is taught in a practical manner.

The following outlines the topics and material that is covered within this course:
Ethical Hacking and Penetration Testing

In this section, we will be going over the Introduction to Ethical Hacking and Penetration Testing Methodologies, Security Testing, and Building a Test System.
Footprinting and Reconnaissance

In this section, we will be going through Discovery/Verification, by digging in deep into Gathering of Information, through Corporate Information/Internet Presence, Googling for Passwords, Social Engineering, Networking, and Telephony Attack Types.

TCP/IP Basics and Scanning
In this section, we will be going through the basics of TCP/IP, Ping Sweeps, and Port Scanning.

Enumeration and Verification
In this section, we will be going through Operating System Identification, SNMP, Finger, SMTP, NetBIOS, CIFS/SMB, SID to Account-Name Resolution, LDAP/Active Directory, and GUI Tools.

Hacking and Defending Wireless/Modems
In this section, we will be going through attacking Wireless Systems, reconnaissance, and finishing up with defense countermeasures. This will all you to be able to build a better network design, secure your access points, and understand immerging technologies. This section also covers attacking modems, reconnaissance through these methods, and defenses.

Hacking and Defending Web Servers
In this section, we will cover the subject of attacking and defending web servers. We will be going through Web Servers in General (HTTP/URL/SSL), Apache Web Servers (Functionality, Attacking, and Defending), Microsoft Internet Information Server (Functionality/Security Features, Attacking, and Defending), then finishing up with Web Server Vulnerability Assessment.

Hacking and Defending Web Applications
In this section, we will cover the subject of attacking and defending web application servers. Securing web applications and services comes down to secure coding practices, good authentication routines, and patching management. In this section, we will cover best practice methods for preventing input validation attacks as well as SQL injection attacks. In addition to these coding best practices, we will discuss issuing secure cookies, and adding a third authentication factor to web applications to prevent brute-force attacks.

Sniffers and Session Hijacking
In this section, we will cover the subject of Sniffers (Packet Capturing), both Passive and Active; and Session Hijacking methodology and tools.

Hacking and Defending Windows Systems
In this section, we will cover critical operating system components, obtaining credentials, system attacks, and hiding tracks in Hacking Windows Systems. Then we will show you how to defend the Windows Systems, by hardening the systems, strong authentication, password auditing, and file permissions.

Hacking and Defending Unix Systems
In this section, we will cover password, buffer overflow, race condition, format string, and file system attacks, along with hiding tracks on Hacking Unix/Linux systems. After showing you these attacks, we will guide you through defending the Unix/Linux systems, by hardening the systems (Boot Loader Passwords, Strong Password Policies, Single Sign-On Technologies, Tight File Permissions, removing unnecessary services, and hardening scripts), and by using encryption and VPNs on defending the Unix/Linux systems.

Rootkits, Backdoors, Trojans and Tunnels
In this section, we cover various malicious tools that attackers use to exploit your networks and maintain access. This will be completed through Rootkits (LRK, Windows NT, AFX Rootkit, and Prevention), Backdoors (netcat, VNC, and Prevention/Detection), Trojans (Back Orifice, NetBus, SubSeven, and Prevention/Detection), and Tunnels (Loki, Q-2.4, and Prevention/Detection).

Denial of Service and Botnets
In this section, we will cover the subject of attacking and defending systems from Denial-of-Service (DoS) attacks and botnets. DoS attacks can have a devastating impact on the target organization or individual system. We will also breakdown what a DoS attack is and what reasons are often behind someone using such an attack. We will also discuss the types of DoS attacks that exist and their outcomes, as well as how attackers can mask their IPs by spoofing the source address.

Automated Penetration Testing Tools
In this section, we will be covering Automated Penetration and Testing Tools as in Core Impact, Canvas, and Metasploit.

Intrusion Detection Systems
In this section, we will be covering Intrusion Detection Systems (IDSs), starting with an introduction to IDSs, introduction to Snort, and attacking an IDS. Attacking an IDS has a few separate steps, to include Detection, Eluding, and Testing.

Firewalls
In this section, we will be covering Firewalls. We will be going through firewall types and architectures, IPTables/Netfilters, and exploiting of firewalls.

Honeypots and Honeynets
In this section, we will cover the subject of attacking and defending networks through the use of honeypots and honeynets. This will be accomplished by going through the background, types and categories, and implementing of Honeypots. All types of Honeypots will be discussed, along with implementing of a Honeypot, and finishing up with legal considerations of honeypot implementation.

Ethics and Legal Issues
In this section, we will be covering the Ethical, Proper Ethical Disclosure of Bugs/Vulnerabilities, and Legal Issues of Ethical Hacking and Penetration Testing.

The course is taught by Mike Lester, who is the main instructor for Logical Security.
Anyone is eligible to take the course for free, which is located at:

http://www.logicalsecurity.com/resources/resources_videos.html