White Hat Hacking Fundamentals

احسان نیک‌آور

• مقدماتی
• مسیر قرمز
• ۸ درس

دربارۀ این دوره

مخاطبان

• علاقه‌مندان به ارزیابی امنیت/تست نفوذ/تیم قرمز
• افراد علاقه‌مند به فعالیت در زمینه‌ی Bug Bounty
• کارشناسان فعال در زمینه‌ی فناوری اطلاعات
• مدیران فنی شرکت‌ها و سازمان‌ها

پیش‌نیازها

• تسلط بر مبانی شبکه‌های کامپیوتری
• آشنایی با پروتکل‌های پرکاربرد TCP/IP
• آشنایی با مفاهیم ابتدایی سرویس‌های تحت وب
• آشنایی با مفاهیم ابتدایی امنیت سایبری نیز توصیه می‌شود

• Introduction to Penetration Testing or White Hat Hacking
  • Security Assessment Overview
  • Types of Security Assessment
    • Vulnerability Assessment
    • Penetration Test
    • RedTeam Operations
  • Lifecycle of a Penetration Test
  • Information Security Terminology
    • White Hat Hacker
    • Black Hat Hacker
    • Users and Malicious Users
    • Root or Administrator
    • Privileges
    • Security through Obscurity
    • Attack
    • Privilege Escalation
    • Denial of Service
    • Remote Code Execution
    • Shell Code
• Information Gathering and Footprinting
  • Introduction
  • Open Web Information Gathering
  • Google Hacking
  • Email Harvesting
  • Leak Databases
  • DNS Enumeration
  • Port Scanning In-Depth
  • Well-known Protocol Enumeration (SMB, SMTP, SNMP, HTTP, etc.)
  • Spotting a Firewall
  • Shodan and Censys In-Depth
• Vulnerability Assessment
  • What is Vulnerability?
    • Common Types of Vulnerabilities
    • What is Vulnerability Assessment?
    • What is Vulnerability Risk?
    • Vulnerability Score
  • Vulnerability Scanning with Nmap
  • Vulnerability Scanning with OpenVAS
  • Vulnerability Scanning with Nessus
  • Vulnerability Scanning with Nexpose
  • Vulnerability Scanning with Acunetix
  • Vulnerability Scanning with MobSF
  • Vulnerability Validation
  • From Vulnerability to Exploit
• Web Attacks
  • Web Attacks Overview
  • HTTP Protocol Anatomy
  • Web Server Fingerprinting
  • Web Application Assessment Tools
  • Exploiting Misconfigured HTTP Verbs
  • Directories and File Enumeration
  • File Inclusion Vulnerabilities
  • Cross-Site Scripting
  • SQL Injections
• SYSTEM ATTACKS
  • Malwares
  • Initialize Access Methods
  • Exploit Client Applications
  • Empire and Koadic
  • UAC Exploitation
  • Privilege Escalation
  • Dumping Credentials
  • Bypassing Antivirus Software
  • Password Attacks
  • Port Redirection and Tunneling
• NETWORK ATTACKS
  • Authentication Cracking
  • Windows Shares and Null Sessions
  • Remote Exploits
  • Sniffing and MITM Attacks
  • Metasploit
  • Metasploit Overview
  • Metasploit Architecture
  • Interfaces
  • Basic Commands
  • Discovery Scans
  • Vulnerability Scan and Validation
  • Exploit Known Vulnerabilities
  • Post-Exploitation
  • Generate a Report
• Writing a Standard Penetration Test Report
  • Why Report is Important?
  • Report Format
  • A Sample Penetration Testing Report

گواهینامه‌ی دوره