Building a Security Toolbox E-Learning

Organizations spend money on security controls to protect company assets, but how do they know those
assets are protected from hackers? One way is to use the same tools that hackers use and perform securitytest known as penetration testing or ethical hacking.
In this course collection, explore the purpose of security tools, including their history and the response tomodern attacks. Take a look at open-source intelligence tools used to collect information from online
sources. Next, investigate the purpose and importance of ethical hacking. Finally, examine the value of
building a security toolbox, the different categories of tools, and how to obtain appropriate security tools.
Courses (20 hour +):

This Learning Kit with more than 20 hours of learning is divided into three tracks:

Course content

SecOps Tool Landscape: Intro to Security Tools (SecTools)

Course: 1 Hour, 32 Minutes

• Course Overview
• Security Tools (SecTools)
• Categories of Security Tools
• Using Open-source Intelligence (OSINT) Tools
• Using a Password Cracker
• Security Tools Toolbox
• Ethical Hacking
• The Importance of Ethical Hacking
• Performing a Vulnerability Scan
• Using an Exploitation Tool
• The SecTools Environment
• How to Choose the Correct Security Tools
• Course Summary

SecOps Tool Landscape: The Kali Linux Security Platform

Course: 1 Hour, 22 Minutes

• Course Overview
• Kali Linux Features
• The Value of Kali Linux
• Reasons Not to Use Kali Linux
• Downloading Kali Linux
• Installing Kali Linux on a Virtual Machine
• Exploring the Kali Linux User Interface and Tools
• Installing Additional Tools in Kali Linux
• Performing a Port Scan Using Nmap
• Compromising a System with Hydra
• Performing a SQL Injection Attack Using sqlmap
• Cracking Passwords with Ophcrack
• Course Summary

SecOps Tools and 2021 Security Incidents: Microsoft Exchange Server Data Breach

Course: 1 Hour, 14 Minutes

• Course Overview
• Background of the MS Exchange Server Data Breach
• MS Exchange Server Data Breach Discovery
• How the Attack Was Disclosed Publicly
• What Was Compromised
• Tools for Detecting the Exploit
• Detecting Exploits Using Nmap
• Using Test-ProxyLogon.ps1 to Detect Vulnerability
• Using Metasploit to Exploit Vulnerability
• Patches and the Post-attack Response
• Course Summary

SecOps Tools and 2021 Security Incidents: Facebook Data Breach

Course: 54 Minutes

• Course Overview
• Background of the Facebook Data Breach
• How the Data Breach Was Discovered
• The Role of the Contact Importer Flaw
• The Use of Brute Forcing Tools
• Generating a Phone List Using Crunch
• Creating and Running a Web Scraper
• Phishing for Facebook Login Credentials
• Response: Facebook and the Cybersecurity Community
• Fallout from the Data Breach
• Course Summary

SecOps Tools and 2021 Security Incidents: Colonial Pipeline

Course: 1 Hour, 15 Minutes

• Course Overview
• Background of the Colonial Pipeline Breach
• Colonial Pipeline Breach Discovery
• DarkSide Ransomware
• Intelligence Gathering
• Credential Harvesting
• Identifying Phishing and OSINT Tools
• Gathering OSINT Using Maltego CE
• Gathering OSINT Using theHarvester
• Conducting a Phishing Attack Using SET
• Conducting a Phishing Attack Using Zphisher
• Colonial Pipeline Response
• Colonial Pipeline Fallout
• Course Summary

SecOps Tools and 2021 Security Incidents: JBS Ransomware Attack

Course: 1 Hour, 1 Minute

• Course Overview
• Background of the JBS Ransomware Attack
• Attack Discovery
• REvil Ransomware
• Vulnerability Scanning and Data Exfiltration Tools
• Scanning Domains Using Fierce
• Scanning for Vulnerabilities Using Nmap
• Scanning for Vulnerabilities Using Metasploit
• Exfiltrating Data From a Compromised Server
• JBS Ransomware Attack Recovery
• JBS Ransomware Attack Fallout
• Course Summary

SecOps Tools and 2021 Security Incidents: Kaseya Ransomware Attack

Course: 57 Minutes

• Course Overview
• Background of the Kaseya Ransomware Attack
• Kaseya Ransomware Attack Discovery
• Kaseya at the Center of a Supply Chain
• Tools Used for the Kaseya Ransomware Attack
• Detecting Privilege Escalation Vulnerabilities
• Evading Microsoft Defender Protection
• Extracting Credentials Using Mimikatz
• Kaseya Ransomware Attack Response
• Kaseya Ransomware Attack Fallout
• Course Summary

SecOps Tools and 2021 Security Incidents: Log4Shell Exploit

Course: 1 Hour, 4 Minutes

• Course Overview
• Background of the Attack
• Attack Discovery
• Log4j Detection and Exploitation Tools
• Scanning for Log4Shell with Metasploit
• Scanning for Log4Shell with Targeted Scan Tools
• Configuring and Running Netcat Listener
• Distributing Files with Python Web Server
• Exploiting Log4Shell to Get a Reverse Shell
• Patches and Response
• Log4j Fallout
• Course Summary

Exploring SecOps Tools: Web Application Hardening via Burp Suite

Course: 1 Hour, 25 Minutes

• Course Overview
• Burp Suite
• Burp Suite Solutions
• DevSecOps Software
• Burp Suite Limitations
• Installing Burp Suite
• Navigating the Burp Suite User Interface
• Performing API Security Testing with Burp Suite
• Scanning a Website for Vulnerabilities
• Course Summary

Exploring SecOps Tools: Network Scanning Using Nmap

Course: 58 Minutes

• Course Overview
• The History of Network Mapper (Nmap)
• Nmap Features
• Nmap Limitations
• Installing Nmap
• Performing an Nmap TCP Connect Scan
• Performing an Nmap Stealth Scan
• Performing an Nmap Inverse TCP Scan
• Performing an Nmap ACK Scans
• Course Summary

Exploring SecOps Tools: Network Packet Manipulation Using Wireshark

Course: 59 Minutes

• Course Overview
• Wireshark Network Packet Analyzer
• Common Wireshark Use Cases
• Wireshark Limitations
• Installing Wireshark
• Filtering Network Traffic Using Wireshark
• Baselining in Wireshark
• Creating Rules in Wireshark
• Tunneling Remotely Using Wireshark
• Course Summary

Exploring SecOps Tools: Penetration Testing Using Metasploit Framework

Course: 1 Hour, 8 Minutes

• Course Overview
• Getting Started with Metasploit
• Metasploit Modules
• Metasploit Advantages and Disadvantages
• Installing Metasploit
• Discovery Scans
• Working With Modules, Exploits, and Payloads
• Exploring Common Metasploit Commands
• Attacking Systems Using Metasploit
• Course Summary

Exploring SecOps Tools: Using the Aircrack-ng Suite of Tools

Course: 1 Hour, 1 Minute

• Course Overview
• Aircrack-ng Suite of Tools
• Components of Aircrack-ng
• Aircrack-ng Alternatives
• Installing Aircrack-ng
• Driver Installation
• Using Aircrack-ng
• Cracking Passwords
• Aircrack-ng Common Options
• Course Summary

Exploring SecOps Tools: Port Scanning with Netcat

Course: 1 Hour, 4 Minutes

• Course Overview
• The Netcat Utility
• Installing Netcat
• Common Netcat Options
• Performing Basic Netcat Operations
• Netcat Penetration Testing Features
• Executing Basic Netcat Commands
• Performing Port Scans with Netcat Commands
• Using TCP Server and Client Commands
• Course Summary

Exploring SecOps Tools: Securing Passwords with hashcat

Course: 1 Hour, 9 Minutes

• Course Overview
• hashcat Suite of Tools
• hashcat Features
• Password Hashes
• Core Attack Modes
• Installing hashcat
• Cracking Passwords with hashcat
• Attacking with Rules and Toggling
• Password Cracking Systems
• Demonstrating WPA2 Vulnerabilities
• Course Summary

Exploring SecOps Tools: SQL Injection Testing Using sqlmap

Course: 48 Minutes

• Course Overview
• History of sqlmap
• sqlmap Features
• sqlmap Use Cases
• sqlmap and SQL Injection Techniques
• Installing sqlmap
• sqlmap Dependencies
• Performing SQL Injection
• Bypassing Credentials
• Course Summary

Exploring SecOps Tools: Digital Forensic Collection with Autopsy

Course: 48 Minutes

• Course Overview
• Autopsy Forensics
• Autopsy Features
• Autopsy Input Formats and Reporting
• Installing Autopsy
• Autopsy Add-on Modules
• Configuring Autopsy
• Creating a Case in Autopsy
• Adding Data Sources in Autopsy
• Course Summary

Exploring SecOps Tools: Using the Social-Engineer Toolkit

Course: 57 Minutes

• Course Overview
• Social-Engineer Toolkit (SET)
• Social-Engineer Toolkit Features
• Social-Engineer Toolkit Attack Vectors
• Installing the Social-Engineer Toolkit
• Using the SET Spear Phishing Module
• Utilizing Website Attack Vectors
• Performing a Credential Harvester Attack
• Course Summary

SecOps Tools: The Role of AI in SecOps

Course: 1 Hour, 9 Minutes

• Course Overview
• Artificial Intelligence
• The History of Artificial Intelligence
• Artificial Intelligence Benefits
• Components of Artificial Intelligence
• The Application of Artificial Intelligence
• Common Artificial Intelligence Principles
• Security Threats Facing Artificial Intelligence
• Artificial Intelligence and SecOps
• Artificial Intelligence SecOps Tools
• Machine Learning Tools
• Course Summary

Assessment:

• Final Exam: SecOps Tools Proficienc