Course Overview
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Difficulty
Intermediate
Video Transcription
00:00
>> Welcome to the Cybrary on
00:00
demand offensive penetration testing course.
00:00
My name is Clint Kehr and I'll be your tour guide.
00:00
Why should you take this course?
00:00
Well, this course is a very hands-on course.
00:00
I don't want it to be a death by PowerPoint course.
00:00
I want to demonstrate the techniques
00:00
that ethical hackers or pen testers are
00:00
currently using as well as
00:00
you getting your hands dirty in labs.
00:00
We have a bunch of labs in this course
00:00
and you'll get to put
00:00
hands-on keyboard and demonstrate
00:00
these hacker concepts yourself.
00:00
Also to harness the hacker mindset,
00:00
what do I mean by that?
00:00
Well, if you're like me and you like
00:00
LEGOs or you have kids that like LEGOs,
00:00
let's say you get your LEGOs
00:00
and you're missing a couple of pieces.
00:00
What do you do? How do you think around that problem?
00:00
That's the hacker mindset in a nutshell,
00:00
is the ability to look at a problem and
00:00
figure out ways around the problem or
00:00
working with the existing conditions
00:00
that you have which may not be
00:00
ideal but figuring out ways to
00:00
move laterally or thinking laterally.
00:00
Also, I want to talk about pen testing certifications,
00:00
not the boring multiple choice ones,
00:00
but the ones we actually have to
00:00
demonstrate that you're a good hacker.
00:00
These certifications get your foot in
00:00
the door when it comes time to get a pen testing role,
00:00
and I can attribute that to the role I'm in now.
00:00
The OSEP was a great way
00:00
to get my foot in the door in my current role.
00:00
Like I said, this is going to be a very hands-on course.
00:00
You'll get a chance to
00:00
watch me demonstrate the techniques
00:00
and then you do it yourself,
00:00
and then I think that,
00:00
that is what is going to get your foot in the door
00:00
like I said before when it comes
00:00
time for you to get into pen testing or
00:00
perhaps you're already a pen tester,
00:00
and you want to hone your skills a little bit better.
00:00
Who is this course for?
00:00
Maybe you're already a pen tester or
00:00
maybe you're a beginner;
00:00
a pen tester or intermediate pen tester.
00:00
I talk some about the basics of
00:00
pen testing and then I leap more into
00:00
the advanced techniques or
00:00
intermediate techniques I should say in pen testing.
00:00
If you're a beginner you may have
00:00
some problems following along with some of
00:00
the concepts just because
00:00
I move quickly through the concepts.
00:00
But if you need to brush up or your
00:00
intermediate this course would be perfect for you.
00:00
Cybersecurity professional is a very ambiguous term,
00:00
but if you're already in the industry and you want to
00:00
learn more about hacking
00:00
techniques this is a good course for
00:00
you and network administrators.
00:00
The best hackers have
00:00
that network administration background
00:00
because as hackers we need to
00:00
basically emulate our model,
00:00
or techniques off of what network admins do.
00:00
We want to see what users that are on the system,
00:00
we're going to look at networking within the system,
00:00
we have to maybe modify a firewall rule.
00:00
What we do as hackers model what network admins do.
00:00
[NOISE] When we're talking about these certifications,
00:00
these hacking certifications, there's a lot of
00:00
different organizations out there, CEH being EC-Councils.
00:00
I want to also point out the fact that yes,
00:00
it is a multiple choice test,
00:00
but they've moved also into
00:00
a hands-on version of the CEH as well which is great.
00:00
Any hands-on test is great.
00:00
I applaud EC-Council for
00:00
also offering a hands-on version of the CEH.
00:00
ELearnSecurity is newer, but I've taken the eWPT and
00:00
the eCPPT exams and both of those are
00:00
seven days in an environment
00:00
to hack and then seven days to write a report.
00:00
That's incredibly realistic and also very beneficial.
00:00
As an employer if I have someone that I
00:00
know is able to hack into
00:00
a virtual environment and write
00:00
a good penetration test report maybe that
00:00
someone I want to hire because
00:00
I know that they have done that
00:00
before and are certified in doing that.
00:00
If you've taken a SANS course,
00:00
GIAC is the organization that you take your test through.
00:00
GIAC is moving also towards
00:00
a more hands-on version of certification,
00:00
so if you've taken GPEN
00:00
recently it's not only multiple choice questions but
00:00
also some VMs that you have
00:00
to load and answer the questions from the VMs.
00:00
CompTIA is known for Security+.
00:00
If you're new to cybersecurity,
00:00
Security+ is the certification for you.
00:00
CompTIA also has PenTest+
00:00
which is their version of the CEH.
00:00
Now there are multiple choice tests
00:00
or questions in this test,
00:00
but they also have demonstration
00:00
questions where maybe you have
00:00
to rank things or do which Steps 1,
00:00
2, and 3, what steps come first, second, and third.
00:00
That is demonstrating that you have
00:00
some understanding of the techniques.
00:00
Of course there's the OSEP which is of
00:00
course out of all of these is the biggest certification;
00:00
foundational certification Offensive Security calls it,
00:00
but the one that demonstrates one,
00:00
not only that you have the skills to be
00:00
a hacker but also that you have
00:00
the hacker mindset as well.
00:00
Again, my name is Clint Kehr.
00:00
I was a police officer and federal agent for
00:00
about 14 years and
00:00
also a navy reservist before becoming an ethical hacker.
00:00
You'll see a lot of
00:00
law enforcement officers gravitate
00:00
more towards the forensic side,
00:00
not too many law enforcement officers
00:00
are hackers or become hackers.
00:00
I really enjoyed when I got into cybersecurity
00:00
and my job as an agent
00:00
I really enjoyed the pen testing part of it,
00:00
and decided one day I want to do this full-time.
00:00
I loved being an agent, I loved serving
00:00
my country also as a navy reservist but I really
00:00
loved pen testing and it was this leap of faith into
00:00
the industry to get into
00:00
a role where I can do pen testing.
00:00
I'm very fortunate and the fact
00:00
that I got to be a federal agent,
00:00
I got to be law enforcement officer,
00:00
and I also get to,
00:00
in my current role,
00:00
protect people by doing ethical hacking.
00:00
I also want to mention if I can go
00:00
back this picture of the hacker in a hoodie.
00:00
When we think of hackers, we think
00:00
of this cloaked figure.
00:00
I wanted to get away from that.
00:00
I'm just a normal guy as you can see.
00:00
I even have me doing
00:00
a presentation with a hacker in the background.
00:00
That's to say that hackers aren't these shadowy figures,
00:00
hackers are you and me.
00:00
They're just normal people
00:00
that enjoy this challenge, this puzzle.
00:00
You'll hear a lot of hackers
00:00
say to me hacking is a puzzle.
00:00
I want to get away from this image of a hacker.
00:00
He doesn't have gloves on this picture or she,
00:00
but I want to get away from that stereotype and just
00:00
show that a hacker can be anybody and it's a good term.
00:00
Our learning objectives in
00:00
this course we'll start at the beginning.
00:00
We'll start at how to install
00:00
VirtualBox and how to download the Kali Linux,
00:00
the distro of Linux,
00:00
so we start at the very basics.
00:00
Then we'll talk about a penetration test
00:00
from web app pen testing to network penetration testing,
00:00
so the full gamut there,
00:00
and also equally important is writing a report.
00:00
Like I talked about with eLearn and also OSEP writing
00:00
the report is a vital component
00:00
of the certification itself.
00:00
Also understanding the hacker mindset.
00:00
The people that are very successful in this industry
00:00
are those that don't have to follow Steps 1 through 5.
00:00
They can think laterally,
00:00
they can think around problems,
00:00
and that ability is very
00:00
important when it comes to being a pen tester.
00:00
What should you already have?
00:00
You should already have a solid understanding
00:00
of TCP/IP networking.
00:00
You should have a reasonable level
00:00
of understanding of Windows and Linux.
00:00
Maybe you've been a network admin,
00:00
maybe you haven't, maybe you just
00:00
know the command-line very well.
00:00
That's a good baseline here.
00:00
You should be familiar with Windows and
00:00
the Linux command-line like I just said and
00:00
also some understanding of Bash
00:00
scripting and Python scripting as well.
00:00
It's not imperative,
00:00
but we're talking a lot about exploits scripts here.
00:00
It's not being a script kiddie and just
00:00
using Metasploit and firing things off
00:00
from there but also the fact that
00:00
you can read scripts and understand what they do.
00:00
[NOISE] We're going to
00:00
go through from the very beginning of the foundations
00:00
of success in these hands-on tests
00:00
to setting up Kali Linux and
00:00
then understanding network protocols.
00:00
Like I said we're going to looking at web
00:00
app pen testing,
00:00
we're going to at buffer overflows,
00:00
we're going to look at the public exploits.
00:00
What do I mean by that?
00:00
I mean looking at the code of public exploits,
00:00
modifying that to fit our environment,
00:00
and then launching attacks from there.
00:00
Also, when you get a shell,
00:00
what do you do next?
00:00
Then privilege escalation,
00:00
going from an unprivileged user to a privileged user,
00:00
as well as understanding how to crack passwords
00:00
and conduct brute force login attacks.
00:00
Then we're going to put everything together with
00:00
a capstone lab that you'll have to do,
00:00
and then I'll close with developing that hacker mindset.
00:00
Of course, if you've gone all
00:00
the way through the course you should have
00:00
been developing that hacker mindset along the way,
00:00
but I'll just give you
00:00
some tips and techniques to harness [NOISE] that.
00:00
Course material, you have your syllabus,
00:00
you'll have your labs which are very important here,
00:00
some quizzes, and some
00:00
references that I'll talk about
00:00
throughout [NOISE] the course.
00:00
Thank you for enrolling in this course.
00:00
A journey of a thousand miles begins with a single step.
00:00
This is your single step into
00:00
this journey to get you ready for
00:00
these hands-on pen testing certifications
00:00
that will either get your foot in the door to
00:00
become a professional pen tester or help you
00:00
become a better professional pen tester
00:00
if you already are one.
Up Next
Understanding the Penetration Test Report
Penetration Test Report Demo
Note Taking and Mind Mapping
Finding Resources to Prepare for the Offensive Penetration Testing
Setting up the Kali Linux VM
Instructed By
Similar Content
