Curso avanzado de Hacking Ético y Ciberseguridad

Curso avanzado de Hacking Ético y Ciberseguridad

Welcome to this advanced course on Ethical Hacking and Cybersecurity. My name is Santiago Hernández and I will be your instructor throughout this training program.

This course is aimed at all those people who have basic knowledge of Ethical Hacking and Cybersecurity and want to take their bases to the next level, understanding from scratch the most important Ethical Hacking techniques used in a professional environment.

Course Description

The course is designed so that the student's learning is incremental. Starting with the fundamentals of many security technologies and Ethical Hacking techniques, and continuing until we reach some of the more advanced techniques that we can use in a professional Security Audit or Ethical Hacking in a large organization.

Regarding the course content, we will begin by establishing and customizing our learning environment and work tools, among which are Kali Linux, CherryTree, Powerlevel10k... In addition, we will see in detail fundamental technologies in professional environments, such as AWS (Amazon's cloud) , and we will see the security implications they have.

We will continue talking about advanced information recognition techniques, paying special attention to the evasion of security tools that we can find in a real environment. Subsequently, we will introduce in detail the Ethical Hacking techniques of Active Directory environments, a technology that is implemented in the vast majority of large companies worldwide.

Next, Hacking techniques related to access to credentials and lateral movements within the infrastructure of an organization will be presented, which will give way to the next topic, where some of the most relevant techniques and tools for creating Bugs will be introduced. Bounty and Professional Ethical Hacking of web applications. Finally, we will end by talking about defense detection and evasion techniques in real and advanced post-exploitation environments.

After completing this course you will have all the necessary knowledge to carry out a professional Security Audit or Ethical Hacking in a large organization. Furthermore, if your interest is in the field of defensive Cybersecurity, with this course you will be able to obtain all the necessary intuitions you need to know the most used attack techniques today and design effective defenses for them.

Course syllabus

The course is made up of more than 120 classes. Below is a very summarized index of the syllabus and some of the techniques/tools that will be presented throughout the course:

1. Welcome to the course
2. Preparation of the learning environment: Kali Linux, CherryTree, Powerlevel10k…
3. Advanced information collection: VulnHub, Snort, Nmap, Advanced scans with Nmap, Defense evasion with Nmap, Naabu, Masscan…
4. Ethical Hacking in Active Directory environments – Part 1: Introduction to Active Directory, Objects in AD, PowerView, SAM Enumeration, NTDS Enumeration, Impacket, BloodHound, Rpcclient, Ldapsearch, pywerview, jxplorer…
5. Ethical Hacking in Active Directory environments – Part 2: Exploitation of vulnerable ACLs, DCSync exploitation, Rubeus, Kerberos operation, Enumeration with Kerberos, AS-REQ Roasting, AS-REP Roasting, Kerberoasting…
6. Access to credentials and lateral movements: lsass and SAM Dump, Pass The Hash, Over Pass The Hash, Pass The Key, Pass The Ticket, ASK-TGT, Kerberos Golden Ticket, Kerberos Silver Ticket, NTLM Roasting, LLMNR Poisoning, SMB Relay…
7. Advanced hacking of web applications and bug bounty: Subfinder, Sublist3r, WhatWeb, Dirbuster, Gobuster, Seclists, OWASP ZAP, Nikto, Skipfish, Nuclei, Fuzzing, ffuf, Commix, Changeme, Gitleaks, CyberChef…
8. Detection and evasion of defenses: Halberd, wafw00f, WAF evasion, antivirus evasion with C#, Real-time protection evasion, GreatSCT, TheFatRat, Veil Framework, Shellter…
9. Ethical Hacking and Advanced Post-exploitation: Port Forwarding, Pivoting, Netcat Port-Pivot Relay, Local Tunneling, Ngrok, LocalTunnel, File Transfer…
10. Ethical Hacking in real environments (Amazon Web Services): cloud network infrastructure, cloud computing and security, cloud information collection, auditing internal infrastructure…
11. Farewell to the course