آموزش هک قاقونمند برای گواهینامه شورای EC می باشد که توسط شرکت CBT Nuggets تهیه و در اختیار علاقمندان قرار گرفته است . در این فیلم آموزشی سعی شده تا با نشان دادن و آموزش شیوه های نفوذپذیری هکر ها شما را برای افزایش امنیت سیستم های خود آماده می کند تا شما بتوانید از این طریق با حملات مخرب سایبری که هر روزه در حال انجام می باشد مقابله کنید .مدرس فیلم آموزشی EC Council Certified Ethical Hacker v9.0 ، در این دوره به بیان مباحثی مانند آغاز دوره مقدماتی ، معرفی و آشنایی با هک اخلاقی ، آشنایی با شرایط و انواع هکر ها ، چگونگی مجازی سازی ، آشنایی با ویندوز لینوکس ، شناسایی: بررسی اجمالی ، شناسایی: منابع قدرتمند ، شناسایی ردپاها و اقدامات متقابل ، آشنایی با مهندسی اجتماعی ، بررسی اجمالی اسکن ، نمایش بخش های اسکن ، شمارشگر ها ، پسورد کرک ویندوز ، اصول رمز عبور و شکستن آن در لینوکس ، سیستم هک: ADS و Steganography ، سیستم هک: Keyloggers و Metasploit ، آشنایی با تروجان ، بررسی راه های نفوذ به وب سایت ها: بررسی اجمالی ، بررسی راه های نفوذ به وب سایت ها: نمایش بخش ها و … می پردازد تا شما را از ابتدا با تمامی این روش ها بصورت کامل آشنا نماید .
CBT Nuggets EC Council Certified Ethical Hacker v9.0
English | mp4 | H264 1280×720 | AAC 2 ch | eLearning | System
This Certified Ethical Hacker (CEH) v9.0 video training course teaches you the ethical hacking tools and techniques needed to improve your network’s security posture. CBT Nuggets trainer Keith Barker walks you through building your own practice lab, including using evaluation software, and encourages you to not only watch and enjoy the videos, but practice everything hands-on in your own lab environment. For individuals interested in certification, watching and practicing the techniques taught in this course prepares you for EC-Council Certified Ethical Hacker (CEH) exam. Please visit the EC Council website for their requirements and procedures for taking the exam.
– Networking fundamentals (CompTIA Network+ level of knowledge or better)
– Familiarity with multiple versions of Windows
– Familiarity with Linux is not necessary but recommended
– Familiarity with VMware Workstation
– Knowledge of Networking and Security at the CompTIA Network+ and Security+ levels, or better
– Host running VMware Workstation, that can support 64bit VMs.
– Certified Ethical Hacker v9 (#312-50)
Related Job Functions
– Network/System Administrators/Engineers
– Security officers
– Security professionals
– Site administrators
– Those concerned about the security of the network infrastructure
Keith Barker has been a CBT Nuggets trainer since 2012 and working with networking and security since 1985. Keith holds several security-related certifications including Cisco CCIE Security, Palo Alto CNSE, Check Point CCSA, CISSP and more.
1. Welcome (4 min)
In this Nugget Keith shares you some tips to get the most out of this course.
2. Building a LAB: Concepts (6 min)
Keith provides an overview of how using a Hypervisor, such as VMware Workstation, can provide LAB VM connections to a live network, or an isolated virtualized network.
3. Building a LAB: Networking (9 min)
Keith demonstrates how to configure networking in VMware Workstation, as part of a virtualized lab environment.
4. Deploy a Kali Linux VM (14 min)
Keith demonstrates how to download, deploy, and update a Kali Linux VM as part of a lab test environment.
5. Adding Metasploitable to Your Lab (11 min)
Keith describes and demonstrates downloading and deploying a vulnerable version of Ubuntu Linux, called Metasploitable, to your lab environment.
6. Adding Windows to Your Lab (14 min)
Keith demonstrates how to document and verify the Windows computers you may want to include as part of your lab. These may include both physical and/or virtual machines.
7. Configure a Static IP on Kali (5 min)
Keith demonstrates one method of configuring a static IPv4 address on the Kali Linux Virtual Machine (VM).
8. Windows Evaluations (7 min)
Keith describes and demonstrates how you can get evaluation versions of popular Windows products for use in your lab. It is strongly recommended that you build your own lab, so you can practice and follow along as you build your skills.
9. Deploy Windows 8.1 (15 min)
Keith demonstrates the installation and configuration of Windows 8.1 within VMware Workstation. For an evaluation license of Windows, please refer to the Nugget titled: Windows Evaluations.
10. Deploy Windows 2012 (11 min)
Keith demonstrates the installation and configuration of Windows 2012 Server within VMware Workstation. For an evaluation license of Windows, please refer to the Nugget titled: Windows Evaluations.
11. Deploy Windows 10 (7 min)
Keith demonstrates the installation and configuration of Windows 10 within VMware Workstation. For an evaluation license of Windows, please refer to the Nugget titled: Windows Evaluations.
12. Deploy Windows 2016 (7 min)
Keith demonstrates the installation and configuration of Windows 2016 within VMware Workstation. For an evaluation license of Windows, please refer to the Nugget titled: Windows Evaluations.
13. Ethics and Hacking (10 min)
Keith describes several classes of hackers, and explains how studying and following the code of ethics can assist you in keeping out of trouble.
14. Hacking Vocabulary (6 min)
Keith walks you through valuable hacking terms to build your hacking vocabulary.
15. InfoSec Concepts (5 min)
Understanding the concepts of Information Security (InfoSec) can assist in looking for vulnerabilities and weakness in systems as part of ethical hacking.
16. Attack Categories, Types, and Vectors (5 min)
In preparation for the demonstration of many attack tools, it is important to be familiar with the categories, types, and vectors that are associated with attacks. In this Nugget, Keith provides an overview of the categories, types, and vectors that are often used in attacks.
17. 5 Phases of Hacking (5 min)
Keith describes a 5-phase model for hacking.
18. Footprinting and Reconnaissance Concepts (11 min)
Keith describes the ideas behind footprinting, what information might be collected, and methods for collecting that information. Demonstrations of some of the tools used for collection are in the Nuggets that follow.
19. Search Engine Tools (8 min)
Keith reviews and demonstrates some search engine tools that can be used in passive footprinting of a target.
20. Hacking using Google (12 min)
Keith describes and demonstrates using additional operators within Google, for the purpose of gaining more footprinting information regarding targets. Please download the NuggetLab files, and do the homework Keith assigns in this Nugget.
21. Website Recon Tools (13 min)
Keith demonstrates tools as examples of what can be used to extract data directly from a target’s website.
22. Metagoofil Metadata Tool (3 min)
Keith describes and demonstrates the use of Metagoofil to collect and extract metadata from pdf docs and other publicly available files, as well as how to create a report about a target company.
23. Email Headers for Footprinting (5 min)
Keith demonstrates EmailTrackerPro, which is an example of a tool that can extract reconnaissance information from email headers.
24. Using WHOIS for Recon (4 min)
Keith demonstrates using WHOIS in the command line, online services, as well as an application running on a PC.
25. DNS Tools (12 min)
Keith demonstrates using Command Line Interface (CLI) and Graphical User Interface (GUI) tools to extract information from Domain Name System (DNS).
26. Network Scanning Overview (3 min)
Keith describes the main objective and concepts for performing direct network scanning, as part of the second phase of hacking.
27. Network Scanning Methodology (9 min)
Keith shares the 8-step network scanning methodology.
28. Port Discovery (11 min)
Keith discusses and demonstrates the discovery of open ports, along with a few methods for finding them.
29. Network Scanning Tools (3 min)
Keith assigns videos 13, 31, and 32 on the topics of Nmap, Scapy, and hping3, from the Penetration Testing with Linux Tools course.
30. Stealth Idle Scanning (10 min)
Keith describes and demonstrates how an idle scan can be used to determine open ports on a host, without direct interaction with that host from the attacker’s IP address.
31. OS and Application Fingerprinting (10 min)
Knowing the specifics for the versions and flavors of an operating system and/or applications running on a host can lead to knowing which vulnerabilities may exist on that host. In this Nugget, Keith explains and demonstrates techniques, including banner grabbing, which can be used to collect that data.
32. Vulnerability Scanning (8 min)
Having a tool that can identify a system’s potential vulnerabilities is useful both to the network engineer and to the hacker. Keith demonstrates an example of a popular vulnerability assessment tool named Nessus. Practice what you learn in these Nuggets in your own home lab!
33. Network Mapping Tools (5 min)
Having a utility that can dynamically create network topology diagrams can be useful for both the administrator and the hacker. Keith demonstrates a tool from Solarwinds called the Network Topology Mapper.
34. Proxy Servers (8 min)
Proxy services can be use to hide the attacker’s address. In this Nugget, Keith explains how proxies can be chained together to increase the effectiveness of disguising the attacker.
35. Using Public Proxy Services (6 min)
Using Internet-based proxy services is as easy as the tools that allow it. Keith demonstrates an example of how to use an Internet proxy.
36. Enumeration Concepts (5 min)
Keith describes what enumeration does and typical protocols used to provide that information.
37. NetBIOS Enumeration (11 min)
Keith demonstrates gathering details provided through NetBIOS.
38. SNMP Enumeration Concepts (10 min)
Keith discusses some of the security weaknesses in Simple Network Management Protocol (SNMP), and demonstrates the preparation of the lab environment for SNMP enumeration.
39. SNMP Enumeration Tools (10 min)
Using the many tools for SNMP enumeration can be very useful for a hacker. In this Nugget, Keith demonstrates several GUI and CLI tools for extracting information from devices on the network.
40. LDAP Enumeration Concepts (5 min)
Keith describes some defaults used by Lightweight Directory Access Control (LDAP), and demonstrates preparing the lab 2012 server to support it.
41. LDAP Enumeration Example (7 min)
In this Nugget, Keith demonstrates JXplorer, an LDAP enumeration tool.
42. NTP Enumeration (7 min)
Keith describes and demonstrates tools that can be used for learning more information about the network and topology using Network Time Protocol (NTP).
43. SMTP Enumeration (8 min)
Keith describes and demonstrates tools that can be used to perform enumeration leveraging the Simple Mail Transfer Protocol (SMTP).
44. System Hacking Overview (9 min)
Keith introduces the phases for “System Hacking,” along with the goals and some of the tools used to accomplish those goals.
45. Password Cracking Concepts (10 min)
Keith provides an overview of methods that can be used to compromise passwords on a system.
46. Password Attack Example: MITM and Sniffing (13 min)
In this Nugget, Keith explains and demonstrates using Cain and Able to discover passwords that are sent in plain text.
47. Rainbow Crack Lab Setup (8 min)
Keith walks you through modifying the lab and downloading tools in preparation for dumping the SAM database, generating a rainbow table and cracking a password.
48. Rainbow Crack Demonstration (8 min)
Keith demonstrates dumping the SAM database, creating a rainbow table, and then cracking a password.
49. Password Reset Hacking (8 min)
Keith explains and demonstrates booting from a CD to reset the password of a user account on a Windows system.
50. DHCP Starvation (10 min)
Keith demonstrates how to perform a DHCP starvation attack, which could be used prior to implementing a rogue DHCP server. The attacker’s DHCP server could then contain malicious options for the client, such as the attacker’s IP address as default gateway and DNS server.
51. Remote Access (15 min)
Keith demonstrates how an application that is run on the victim’s computer can provide remote access for the attacker. This Nugget also demonstrates how tools can modify file attributes, in an attempt to cover the attacker’s tracks.
52. Spyware (9 min)
Keith describes and demonstrates how damaging Malware, including Spyware, can be on a system.
53. NTFS Alternate Data Streams Exploit (9 min)
Keith discusses and demonstrates how the NTFS Alternate Data Streams (ADS) can be abused by an attacker to hide malicious content.
54. Steganography with OpenPuff (7 min)
Keith describes and demonstrates how the art of hiding a file, within another file (A.K.A. Steganography) can be used to hide files.
55. Steganography with SNOW (5 min)
Keith demonstrates using the application of SNOW to hide secret messages as whitespace in a simple text document.
56. Covering Tracks (7 min)
In this Nugget Keith describes and demonstrates how an attacker may manipulate auditing and log files, in an attempt to be undetected.
57. Malware Overview (10 min)
In this video Keith talks with you about the functions, types and methods for installation, that Malware can use.
58. Trojan Overview (10 min)
In this Nugget Keith describes and demonstrates the concepts and use of trojan software.
59. Creating a Trojan (11 min)
Keith demonstrates using the Social Engineering Toolkit (SET) to create, run and verify a trojan.
60. Virus Overview (13 min)
Keith discusses the characteristics, stages, and types of viruses.
61. Virus Creation (8 min)
Keith demonstrates how to create a virus.
62. Detecting Malware (17 min)
Keith describes where and how to look when investigating malicious software that may be installed on your system.
63. Malware Analysis (10 min)
Keith describes and demonstrates some methods to analyze Malware.
64. Hash File Verification (8 min)
Keith demonstrates how to verify the data integrity of a downloaded file by performing a verification of the hash.
65. Sniffing Overview (12 min)
Keith discusses some of the concepts, types, and methods used to “sniff” a computer network.
66. CAM Table Attack and Port Security (10 min)
Keith demonstrates a Content Addressable Memory (CAM) table attack on a Layer 2 switch, along with how to protect against it using port security on the switch.
67. DHCP Snooping (14 min)
Keith describes the problem of a malicious DHCP server, and how to solve it using DHCP snooping, which is a feature on a layer 2 Cisco switch.
68. Dynamic ARP Inspection (DAI) (14 min)
Keith describes and demonstrates the use of Dynamic ARP Inspection (DAI) on a Cisco switch to prevent ARP poisoning.
69. Social Engineering (15 min)
Keith discusses several methods, techniques, and phases used in social engineering, one of the most effective ways to compromise a system.
70. Denial of Service (DoS) Attacks (19 min)
Keith describes several methods and categories of both Denial of Service (DoS) and Distributed DoS (DDoS) attacks.
71. Session Hijacking (18 min)
In this Nugget, Keith discusses methods and techniques used for Session Hijacking.
72. Hacking Web Servers (10 min)
Keith discusses and demonstrates hacking a web server.
73. Buffer Overflow (13 min)
In this Nugget Keith describes the concepts, risks and countermeasures regarding Buffer Overflow attacks.
74. OWASP Broken Web Application Project (13 min)
Keith demonstrates how OWASP’s Broken Web Application VM can be downloaded and used to both learn about, and get hands-on experience with, the top web application security risks on the Internet today.
75. Shellshock (6 min)
In this Nugget Keith describes the shellshock bash shell vulnerability.
76. SQL Introduction (9 min)
Keith describes a few of the fundamentals of Structured Query Language (SQL). Knowing this will assist you in better understanding the SQL Injection attack that we address in the next Nugget.
77. SQL Injection (16 min)
Keith discusses several methods and types of SQL Injection attacks.
78. Web App Vulnerabilities: WordPress (10 min)
Keith demonstrates enumeration and password cracking against WordPress, a popular Blogging Web Application.
79. Wireless Hacking (18 min)
Keith discusses wireless fundamentals, hacking, and best practices for WiFi.
80. Using an Android VM (4 min)
Keith walks you through adding a Virtual Machine (VM) of an Android device to the lab network.
81. Malware for Mobile (11 min)
Keith demonstrates creating and deploying a malicious app for the Android operating system.
82. Mobile Device Risks and Best Practices (13 min)
Keith discusses security risks that are common to mobile devices, and some steps that can be taken to improve their security.
83. Firewall Evasion (19 min)
Keith describes firewall methodologies, topologies, and how a hacker may evade the controls implemented in a firewall.
84. Firewall ACL Example (15 min)
Keith walks through the process of how Access Control Lists (ACLs) can be used as a technical control on networking devices, such as a firewall.
85. NAT and PAT fundamentals (11 min)
Keith discusses Network Address Translation (NAT) and Port Address Translation (PAT). Understanding how NAT and PAT can hide the internal and DMZ addresses from the Internet is useful for securing the network.
86. IDS/IPS Evasion (17 min)
Keith provides an overview of how Intrusion Detection/Prevention Systems operate, and how attackers can attempt to bypass them.
87. Honeypots (12 min)
Keith describes and demonstrates the use of a Honeypot on a network.
88. Cloud Computing (23 min)
Keith describes cloud services including security concerns.
89. CIA: Confidentiality, Integrity, and Availability (3 min)
Keith discusses some key factors regarding information security.
90. Policies (9 min)
Keith discusses the policies that are created by senior management, and how they govern the use of controls in a system.
91. Quantifying Risk (6 min)
Keith explores methods and formulas that can be used when calculating risk.
92. Separation of Duties (13 min)
Keith discusses the administrative control known as Separation of Duties.
93. Symmetrical Encryption Concepts (14 min)
Keith discusses methods and use cases for symmetrical encryption.
94. Asymmetrical Encryption Concepts (16 min)
Keith discusses encryption technologies that use an asymmetrical key pair for cryptography.
95. Control Types (11 min)
Keith explores various control types used to assist in protecting information systems and sensitive data.
96. Multifactor Authentication (12 min)
Keith discusses the 3 different factors categories and several examples of biometric authentication.
97. Centralized Identity Management (13 min)
Maintaining thousands of user accounts is no small feat. In this Nugget, Keith explains several options for performing centralized user identity management.
98. Kerberos and Single Sign On (SSO) (17 min)
Keith explores the methods that Microsoft’s Active Directory uses Kerberos for Single Sign On (SSO). Methods to improve the security of a SSO system are also included in this Nugget.
99. Backups and Media Management (9 min)
Keith discusses backups with an eye toward having reliable methods to restore data, as well as protecting the data that is backed up.
100. Operations Security Controls (14 min)
Keith provides explanations and examples of control types used in operational security, along with their functions.
101. Physical Security Controls (11 min)
Keith describes several physical security controls that can be used by a company for their security or bypassed by the hacker to evade the security measures.
102. Incident Response (12 min)
Keith explores several items that should be part of an incident response plan.
103. VPNs (21 min)
Keith describes the types and technologies used for virtual private networking.
104. Disaster Recovery Planning (13 min)
Keith discusses the concepts of disaster recovery (DR) and business continuity (BC).
105. Pen Testing Tips (10 min)
Keith shares a few recommendations to help keep you out of trouble when performing penetration testing.
106. Useful Tools (11 min)
Keith points out a few categories, and demonstrates examples of a few useful tools in network and system analysis, as well as hacking.
107. Case Study (21 min)
Keith introduces and reviews several security-related concepts regarding apps, policies, and IDS/IPS.
108. Additional Resources and Exam Prep (8 min)
In this Nugget Keith shares with you some additional resources that can be used to improve your skills and knowledge, as well as where to go for the latest requirements regarding certification from EC-Council.