Applied Ethical Hacking and Rules of Engagement

40h empirical knowledge of Cyber Security, Penetration Testing, Python Hacking, Kali Linux & Wazuh SIEM on Elastic Stack

4.65 (1301 reviews)
Udemy
platform
English
language
Network & Security
category
Seyed Farshid Miri
instructor
Applied Ethical Hacking and Rules of Engagement
81,760
students
40 hours
content
Sep 2022
last update
$94.99
regular price

What you will learn

40h video Bootcamp, deep-diving into Ethical Hacking and Threat Hunting subjects

4 Courses in 1: #A) Ethical Hacking #B) Threat Hunting #C) Python Hacking Scripting #D) Linux Security Distros

+5h Live Hacking Sessions for Hack the Box CTF (Here you become a hacker)

+15 hours hands-on Ethical hacking incl. Reconnaissance, Exploitation, ٫Network Attacks, Social Engineering, and 5h WebAPP Pentesting

+5 hours Red Teaming, incl. Cobalt Strike Ops and Devs Active Directory Attacks and MITREATT&CK

+5 hours Threat Hunting using Elastic-Stack and Wazuh Manager

Cobalt Strike, Metasploit, Empire, Python, Kali Linux +200 other industry-proven cybersecurity tools

Deploy a complete SIEM with Elastic Stack & Wazuh Manager for real production

Master pentest standards and tools, hacking methods with their standards e.g. MITRE ATT&CK, OWASP, PTES

2 crash courses included: Python3 scripting and Kali Linux

How to perform Web App Attacks such as SQLi, XSS, IDOR, Webshell Upload, Code and Command Injection, and much more

Programming Corporate-Level SIEM Use-Cases & Their Common Mistakes

How to develop scripting Projects, geared towards IT Security

Breach secure systems using client-side & social engineering techniques and tools

How corporate-level IT security solutions are planned & developed

Develop and conduct Red Team engagement using open source and commercial frameworks

Create Malware with Python as well as Cobalt Strike Framework

Master OWASP Top 10 best practices and other security standards

Pentest on servers, web apps, appliances, corporate networks and Active Directory Forests

How to customize your malware agent and make it like windows legitimate traffic and binary

Master log aggregation basic concepts with hands-on practices

Perform various attack technics using automated as well as manual tools

Securely send social engineered & phishing emails disguised as any legitimate email address without authentication

How to perform network attacks and sniff sensitive data such as passwords

Elastic Stack: Elasticsearch, Kibana and Filebeat in action

Master intelligence gathering and reconnaissance using the latest techniques

How to map your targets and create network topologies of your targets

Linux command line (Kali Linux and Parrot OS Security)

How to do lateral movement on secure networks, do privilege escalation and become administrator of the environment

How to do attacks on active directory and get domain admin with different techniques

Advanced nmap techniques and NSE scripts

Master Metasploit framework as your arsenal of exploits

Why take this course?

<<< Welcome to the most complete Ethical Hacking and Threat Hunting course available online, where both topics in offensive security, as well as defensive security, are professionally covered. This course includes two crash courses about Linux and Python as well.>>>


The following seven pillars constitute the foundation of this life-changing course:

######################################################################
1- Ethical Hacking
Learn how to think and act like a hacker and work with various techniques and tools to achieve this goal. As an ethical hacker at the end of this course, you will be able to help your customers mitigate various attack vectors and their corresponding details practically based on various security standards and best practices. Also, you will learn how to execute various ethical hacking phases as Reconnaissance, Scanning, Gaining Access, Maintaining Access, Clearing Tracks, and others.


######################################################################
2- Penetration Testing
Learn how to hack easy to hard real-world simulated virtual machines on HackTheBox Live Hacking! using unique exploits, tactics, and techniques. Learn the art of intrusion with these CTFs (Capture the Flags) which will help you in the future on every real work project.
Also work on pentest methods in web, network, vulnerability assessment workflows, and “Defense in Depth” best practices which will help you hack like black-hat hackers, defend or secure them like security experts and harden your corporate environment against malicious actors.


######################################################################
3- Red-Teaming techniques and tactics

Learn beginner to advanced pentesting techniques. Learn how to think and act like threat actors to stop them at various phases of the attack life cycle.
MITRE ATT&CK Framework: reconnaissance, initial foothold, lateral movement, privilege escalation, command and control, active directory attacks, Linux, and mac os x malware and attack techniques.
Learn scripting languages for the Cobalt Strike Framework and other red-team engagement frameworks to perform development and operations on them.
Learn how to develop your C2 infrastructure to avoid detection by blue teams and SOCs during red team operations.


######################################################################
4- Elastic Stack Wazuh Manager (SIEM)
Learn how to set up a complete SIEM (Security Information and Event Management) using Elastic Stack (formerly ELK Stack) using Wazuh Manager. Also, learn how to ingest various log formats from different log sources such as Linux and Windows servers, Fortigate firewall appliances, and so on. You will learn how to activate different functionalities (capabilities) of the Wazuh manager such as vulnerability monitoring, File Integrity Monitoring, CIS Hardening Benchmark Monitoring, and much more. Also, you will learn how the underlying decoders and rules are programmed to detect an unlimited amount of security events across an enterprise network.


######################################################################
5- Threat Hunting (Blue-Teaming)
There is a complete section for threat hunting where you put what you've learned into work and run attacks such as Spawn Session and Process Injection, ShellShock, MSHTA, Brute-Force, Mimikatz, and so on from your Parrot OS and detect them with your SIEM tool that you've set up and completely configured during the course. During this section, you get familiar with how different IoC (Indication of Compromise) will appear in your SIEM tool.


######################################################################
6- Python Scripting for Security
Learn how to create scripts and programs to do what you want whenever you are required to, from small scripts that are needed during pentest to more sophisticated ones during Red Team Ops. there is a crash course about Python basics included in this course to promote you in this must-know language field.


######################################################################
7- Linux (Kali Linux and Parrot OS)
Linux runs the world, especially when it comes to the cybersecurity world. There is a crash course about Linux basics in this course. However, during this course and after many hours of exciting hands-on practices on the different offensive and defensive security methods you will become a Linux expert at the level of a cybersecurity expert. You will learn Kali Linux and Parrot OS as the main Linux distros used in this course.


######################################################################
######################################################################

Here is an overview of the main content of the course:

  • Sections 1 to 3 are for introduction and preparation. Here you set up your offensive lab and will learn the basics of Linux to get prepared for the ethical hacking sections. You will also install Kali Linux and Microsoft Visual Studio Code as your main IDE (Integrated development environment). Then you move on to create your vulnerable labs such as dvwa, bwapp, webgoat, and so on. Also, you will do your first capture-the-flag (CTF) and create your HTB (HackTheBox dot com) account if you haven't before.

  • You will start your professional white hat hacking training from sections 4 to 10. Here you will learn a broad range of hacking tools, attack vectors, technics, and procedures. They start from Reconnaissance, enumeration, vulnerability scanning to exploitation, post-exploitation, password cracking. You will continue with network attacks (wired and wireless), social engineering attacks, Web applications attacks (OWASP Top 10), and much more.

  • You'll take your second crash course in Python in section 11. Here you learn Python geared towards IT Security and Hacking purposes.

  • Now you have earned all the requirements, a professional hacker needs in the pentesting battlefield. In section 12, you get to know the interesting world of CTFs (Capture the Flags), especially on HackTheBox dot com and will hack 8 machines:
    3 Easy machines: BLUE, DEVEL, NETMON
    4 Medium: SNIPER, MANGO, BLUNDER, POPCORN
    1 Hard: CONTROL
    By the end of this section, you are an ethical hacker who feels incredibly confident with penetration testing in different hacking scenarios.

  • Everything is standardized in modern times. Giving a break to practical hacking, in section 13 you will learn the must-know security standards such as MITRE, OWASP, PTES, OSSTMM and their terminologies as well as methodologies in the IT Security field.

  • We did everything up to here to be a great Red Teamer, here you learn how to use all that practical ethical hacking techniques along with MITRE ATT&CK Tactics, Techniques, and Procedures to conduct a comprehensive Red Teaming assessment on your customers. In section 14 you will learn how to work based on various MITRE TTPs with a powerful Red Teaming Framework. You will also learn how to customize your C2 to be like what you want and also learn how to do various operations with it.

  • More than half of today's APTs (Advanced Persistent Threats) are experts on active directory attacks and you as an ethical hacker or Red Teamer should also know how to do that and report vulnerabilities to your customers. In section 15 you will learn how to configure AD, create a vulnerable AD lab and perform some of the most important attacks in this category. Having this category of attacks in a separated section is because of the importance and amount of common attacks by APTs on this module in the victim’s environment.

  • In section 16 we tried to cover every tactic, its corresponding technique, and also the procedures behind it standardized by MITRE ATT&CK all in one. We will study most of the operations done by threat actors and APTs. Their TTPs are covered line by line and in near future, with some updates, we are going to practice every technique after its explanations. Also, most of these TTPs are covered during the course without knowing what category of TTPs it is. It is really important to stick to MITRE ATT&CK and that’s why we put a small section on it.

  • Up to section 17, you finished your pythonic offensive security with all possible aspects. Now you are a professional and ethical hacker. From this section on, you start your defensive security journey, where the focus is mainly on defense against offensive technics and tactics you've learned up until here. In this section, you learn terminologies and methodologies such as "Defense in Depth" on the defensive side, where the SIEM tool is in the center of attention.

  • In section 18 you start building up your fully customized Linux-based and 100% open source SIEM tool using Elastic-Stack and Wazuh Manager (The Open Source Security Platform). In this section, you set up Wazuh Manager Server, Open Distro for Elasticsearch, Filebeat, and Kibana.

  • Then in section 19, you move on to endpoints such as Windows and Linux Servers, Windows 10, and Fortigate firewall appliance, to integrate these different log sources into your ELK-Stack SIEM server. Also, you will learn how you can roll out authenticated Wazuh agents on a network of Windows machines using Domain GPOs in an automated form.

  • Section 20 covers index management in Elasticsearch where the life cycle of the indexes will be managed. In this lecture, you will learn how to manage your accumulated alerts in your Elastic Stack to improve your server disks and storage.

  • In section 21 you will extend your configured SIEM with its capabilities such as File Integrity Monitoring (FIM), Linux Syscalls monitoring, Enterprise continuous vulnerability monitoring, CIS Hardening Benchmarks (SCA), Windows Defender, and Sysinternals Sysmon Eventchannel.

  • How one can create new alerts out of ingested logs in Wazuh Manager is the topic of section 22. In this section, you will learn how decoders and rules are constructed behind the scenes and how you can create your own custom decoders and rules for your own requirements.

  • And finally, you will finish this course with hunting IoCs (threat hunting) in your fully customized SIEM. In section 23, you will run some of the attacks you have learned during the course such as Mimikatz, HTA, Brute Force, etc. from your Cobalt Strike on your Parrot OS against your endpoints (Wazuh agents) and you will examine generated alerts for these specific security events.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer:

  • This course is created for educational purposes only, all the attacks are launched in our own lab or against online Lab systems that are legally permitted to run tests against them.

  • This course is totally a product of the two instructors of this course and no other organization is associated with it. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANISATION IS INVOLVED.


Screenshots

Applied Ethical Hacking and Rules of Engagement - Screenshot_01Applied Ethical Hacking and Rules of Engagement - Screenshot_02Applied Ethical Hacking and Rules of Engagement - Screenshot_03Applied Ethical Hacking and Rules of Engagement - Screenshot_04

Reviews

Arvind
February 19, 2023
Just started, So far it's looking good. But what i want to ask is that - is this course updated ? And will it keep updating for all the changes and software / website modifications which happens and will be up to date ? If yes then i would love to give 5 stars..
Paya
January 11, 2023
One of the best courses available on this platform, keep up the good work. Hope I can finish this soon.
SOC
November 11, 2022
Best course i have ever seen which covers every aspect of the cyber security Offensive and Defensive Side.. great course man. Easy to understand and appropriated how much effort you have put to create this course. Recommend for everyone for biggners also..
Lakmal
September 7, 2022
Great course. It has been covered most of areas belongs to cyber security which I'm looking for. Thanks for creating such a wonderful course.
Mohammad
September 2, 2022
Mamnon Aghay Miri, Be Jorat Mitonam Begam Yeki Az Behtarin Doreha Dakhl Site Udemy Hast. Aval Nemidonestam Ke Irani Hastid, Vali Khob Be Esmeton Shak Kardam ! :-) Parcham Iran o Irani ro Bala Bordin , Omidvaram Balatar Bebinmaeton. Mamnon Babat Hamechi :)
Dianna
August 14, 2022
Outstanding course, I highly recommend this course to anyone willing to learn and work in cyber security jobs.
Delver
August 12, 2022
The course, descriptions and content are impeccable. It's great for me that I'm starting in this matter. Keep on doing this great work
Jamie
August 2, 2022
There is a LOT of information and it's delivered right on the edge of my ability to absorb it. Its very interesting and explained well but leaves a gap where you need to research to find out the rest. Makes sense though, not every exploit/angle can be explained.
Blandyne
July 19, 2022
This course is interesting, but the guy confuses too much and doesn't go into more detail, he doesn't answer questions, I just keep it to have a working model.
Vinay
July 15, 2022
Before I started this course I rate myself above beginner but after completing this today I rate myself above intermediate. This course increases your knowledge and way of learning in a whole new level. The content is designed for beginners to advance including red & blue teaming tools with practical knowledge. Thank you Instructor.
A.
July 14, 2022
I liked : Python crash course Linux crash course Web attacks Red teaming concepts I hope there would be a volume2 for this course with focus on redteaming only.
Keith
June 23, 2022
Seyed Miri is an amazing instructor. I am slowly and methodically consuming every tidbit of knowledge from this course. Such a great course. I can't say enough good things about it. So well put together.
Peyman
June 13, 2022
Best ethical hacking course. You learn : 1. Web hacking 2. Network hacking 3. Python programming 4. Red teaming continue on the good job.
Samuel
May 8, 2022
So far this course has delivered. Such great content. The explanations and demos are priceless!! Thank you!
William
March 1, 2022
yes .... Lots of information. Very thorough , intelligent but down to earth teacher. Impressive WHicks

Charts

Price

Applied Ethical Hacking and Rules of Engagement - Price chart

Rating

Applied Ethical Hacking and Rules of Engagement - Ratings chart

Enrollment distribution

Applied Ethical Hacking and Rules of Engagement - Distribution chart

Related Topics

Cybersécurité
Piratage éthique
Network Security
Python Hacking
3683734
udemy ID
12/5/2020
course created date
5/2/2021
course indexed date
Bot
course submited by