Sunday, August 23, 2015

The Complete Wireshark Course: Go from Beginner to Advanced!

Wireshark is much easier to learn when you take this course and try everything you see for yourself! Wireshark is a free open-source packet analyzer that is the number one tool for network analysis, troubleshooting, software and communications protocol development, and related education in networking. Knowing Wireshark gives you the ability to successfully apply for network administrator jobs and easily earn money as a freelancer online because Wireshark is an in demand skill!
Use this course to speed up your learning with Wireshark with hands on tutorials showing you exactly what you can do in Wireshark founded on explanations of basic network terminology, installing Wireshark, and a review of the basic functions. The course begins with the basics and continues to dive deeper allowing you to follow along and try everything you see for yourself!
You should act on your feelings of love, hope, and faith to take this course now if you want to learn a valuable skill to use in your own company or to make money as a freelancer or employee working in a network administration job!
What are the requirements?
Have a computer capable of running wireshark.
Consistent experience with accessing the internet and working online.
What am I going to get from this course?
Over 36 lectures and 5 hours of content!
Use wireshark as an advanced user.
Apply successfully for network admin jobs.
Work as a freelancer using wireshark skills learned in this course.
See how to add a wireshark certificate to your LinkedIn profile!
What is the target audience?
Network administrators looking to build deeper knowledge of wireshark.
Entrepreneurs desiring to learn more about network protocols.
Freelancers wishing to add an in demand skill to their profile.

Learn Hacking using Backtrack 5

Welcome to "Learn Hacking using Backtrack 5". This is a course dedicated to learning the backtrack 5 Linux OS along with many of the tools it comes with. Please note that everything on this course is purely educational and we are not responsible for your actions.
Backtrack Basics: New to Backtrack? What to learn how to get started and learn the basics of hacking? Then this is where you want to start! These videos include how to install backtrack, updating tools, and the protocol to take when taking over a system.
Backtrack Intermediate: For those who want more than the basics. Includes web-based exploitation and the use of backdoors.
Backtrack wireless: That magical piece of technology that gives you access over the air-waves and its vulnerabilities.:
Metasploit is an amazing framework for exploits and updates almost everyday. These videos cover some of the things Metasploit can do, and how to use it.
Tutorials on learning to code your own exploits and other useful things for penetration testing.
What are the requirements?
Internet
A computer which you can format and experiment with
What am I going to get from this course?
Over 27 lectures and 2.5 hours of content!
Learn Backtrack
Learn Nmap
Learn Metasploit
What is the target audience?
Hackers
Web Developers

Kali Linux - Backtrack Evolved

Kali Linux is the latest Linux distribution from Offensive Security, custom-built for the distinct purposes of performing network security audits and forensic investigations. Kali comes fully loaded with hundreds of integrated tools to perform every aspect of a penetration test.
Kali Linux - Backtrack Evolved: A Penetration Tester’s Guide helps you to develop practical and useful professional skills in the information security industry, while simultaneously delivering the high level of excitement and exhilaration that goes hand-in-hand with the world of computer and network hacking.
Cyber-crime is on the rise and information security is becoming more paramount than ever before. A single attack on a company’s network infrastructure can often result in irreparable damage to a company’s assets and/or reputation.
It is no longer sufficient to merely rely on traditional security measures. In order to ensure the security of critical information assets, it is essential to become familiar with the strategies, tactics, and techniques that are used by actual hackers who seek to compromise your network.
Kali Linux - Backtrack Evolved: A Penetration Tester’s Guide will prepare you to enter the world of professional hacking by ensuring that you are well versed with the skills needed and tools used to compromise the security of enterprise networks and information systems.
About the Author
Justin Hutchens currently works as a security consultant and regularly performs penetration tests and security assessments for a wide range of clients. He previously served in the United States Air Force where he worked as an intrusion detection specialist, network vulnerability analyst and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He currently holds a Bachelor’s degree in Information Technology and multiple professional information security certifications, to include CISSP (Certified Information Systems Security Professional), OSCP (Offensive Security Certified Professional), eWPT (eLearnSecurity Web-Application Penetration Tester), GCIH (GIAC Certified Incident Handler), CNDA (Certified Network Defense Architect), CEH (Certified Ethical Hacker), ECSA (EC-Council Certified Security Analyst) and CHFI (Computer Hacking Forensic Investigator).
What are the requirements?
Basic understanding of Linux and TCP/IP will be helpful in understanding the content, it is not essential.
What am I going to get from this course?
Over 40 lectures and 2.5 hours of content!
Many advanced techniques are addressed within this series, but it is still designed to simultaneously accommodate less experienced viewers. The series provides detailed explanations intended to clearly address the underlying processes involved with all tasks performed.
What is the target audience?
Kali Linux - Backtrack Evolved: A Penetration Tester’s Guide is a great choice for anybody interested in information security, penetration testing or ethical hacking. While a basic understanding of Linux and TCP/IP will be helpful in understanding the content, it is not essential.

Hacking Academy: METASPLOIT - Penetration Tests from Scratch

Learn the most popular pentesting framework: METASPLOIT.
If you are thinking about IT Security seriously - you have to get to know Metasploit. Learn how to use it, conduct attacks, find vulnerabilities and patch them.
Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit.
First complete training explained from scratch. You will see on step-by-step presentations what to do. IT Security Adacemy Expert will explain how it works and how to use Metasploit.
Take you IT Security knowledge on the next level.
What are the requirements?
General IT Knowledge
Knowledge on the level of IT Security Beginner Training
No programming skills needed
Good to know how to use Linux/Unix OS
What am I going to get from this course?
Over 9 lectures and 3 hours of content!
Learn how to use Metasploit framework
How to conduct penetrating tests on databases and applications
Learn how to conduct attacks and test vulnerabilities
How to take control over working computer machines
What is the target audience?
Future Pentesters
IT Security Professionals
IT Security Hobbists
Graduates of our IT Security Beginner Training
Graduates of our IT Security Professional Training
Programmers

BackTrack 5 Wireless Penetration Testing

Armed with the essentials, you will learn how to conduct a host of cutting edge wireless attacks. You will learn how to execute attacks such as WLAN packet sniffing, revealing hidden SSIDs, open authentication by defeating MAC address filters, bypassing shared authentication, cracking WEP and WPA/WPA2 encryption.
In addition to documenting the essentials of wireless penetration testing, we will also discuss setting up rogue APs and wireless evil twins, client-based WEP cracking attacks, wireless infrastructure-based attacks, WPS PIN brute force attacks, denial of service (DoS) attacks, eavesdropping and session hijacking, EAP-based enterprise wireless hacking; and much more. Coverage also includes various countermeasures to protect wireless networks against these types of attacks, in order to help bolster the wireless security of any given network.
About the Author
Farrukh Haroon Farhat is an information security professional with over 8 years of experience. He currently works as a Security Analyst in IBM’s Global Technology Services (GTS) division. As a member of the Managed Security Services (MSS) operations team, Farrukh works with multi-vendor network security technologies, helping customers improve their security posture. He's previously worked as the IT Security Manager for an emerging telecom operator based in the Middle East. He has also delivered various professional trainings related to Information Security and Networking. Farrukh hold’s various industry certifications such as CISSP, CISA, CCIE Security (#20184), JNCIE-Security (#91) et al. He actively contributes to various online communities related to network security like Cisco Netpro. As a result of his contribution to Cisco’s official support community, he was awarded the ‘Cisco Designated VIP (Security)’ accreditation in 2011.
What are the requirements?
The course assumes that you already know the basics of wireless networks and can operate at least one Linux distribution.
Designed as a practical video tutorial with step-by-step instructions to teach you about Wireless Penetration Testing, the course has been designed to ensure that topics are presented in a gradual manner, allowing you to grasp the information that's being presented before moving on to more advanced topics.
What am I going to get from this course?
Over 35 lectures and 3.5 hours of content!
Crack WEP, WPA, WPA2, WPS, EAP/Radius based wireless networks
Creating a practice lab for wireless penetrating testing purposes
Sniff out and analyze wireless packets from the air
Penetrate wireless networks based on the enterprise versions of WPA and WPA2
Attack the WLAN infrastructure itself using DoS attacks, Fake APs, and other techniques
What is the target audience?
This course is aimed at security professionals and IT professionals who want to learn about wireless penetration testing using the BackTrack Linux security distribution.

Advanced Penetration Testing for Highly-Secured Environments

Advanced Penetration Testing for Highly-Secured Environments will teach you how to effectively secure any environment and harden your system and network configurations. You will be able to get into the attacker’s mindset of how they target systems on a network and the overwhelming threats they pose, thereby exploiting their vulnerabilities to create a step-by-step virtual lab to protect your system.
The goal of the Advanced Penetration Testing for Highly-Secured Environments video course is to first prepare and then challenge your skills and ability to perform a full penetration test against a fictional business company. It is packed with examples that enforce enumeration, exploitation, post-exploitation, writing reports skills, and more.
To start off you will get to know the differences between penetration testing and vulnerability assessments through a structured process of starting a penetration test and finishing it with a detailed report.
If you are looking to advance in the IT security field, through advanced exploitation techniques and strategies, then this video course is for you.
About the Author
Aaron Johns currently works for Intrasect Technologies as an IT Specialist. He provides support for over 160 clients. His work roles include maintaining business networks and security policies to increase operational efficiencies and reduce costs.
Aaron also publishes videos and books for Packt Publishing, one of the most prolific and fast-growing tech book publishers in the world. He has also filmed several independent videos.
Aaron started broadcasting YouTube videos in 2007. In 2009, he was offered a partnership with YouTube. He has provided security awareness to over 1.2 million viewers and 6,300 subscribers. As of today, Aaron still serves as a Technology Partner for YouTube. He is also in partnership with Symantec Corporation and Check Point Software Technologies Ltd. You'll also find Aaron as a guest or interviewed as a security professional on several YouTube videos and podcasts.
What are the requirements?
This video course takes a progressive approach by first unraveling advanced security techniques and then applying these techniques in a fictional environment. It is thoroughly educational and gives users the opportunity to test their skills.
What am I going to get from this course?
Over 40 lectures and 3 hours of content!
Learn information gathering/Footprinting techniques and enumeration techniques
See how to gain both physical and remote access to secured systems
Navigate through the command prompt and Linux terminal along with the Backtrack 5 R3 Linux operating system
Understand the Metasploit Framework, Social-Engineering Toolkit, Nmap, Zenmap, and more
Learn how to deal with client-side exploitation attacks and advanced techniques to bypass firewalls, IDS, and IPS systems
Create a virtual penetration testing lab
Discover the usage of all the security tools
Generate a full, detailed penetration testing report
What is the target audience?
The Advanced Penetration Testing for Highly-Secured Environments video course is aimed at both newcomers and experienced professionals who wish to gain hands-on experience of advanced penetration testing. You will need elemental IT skills and concepts, knowledge of common network protocols such as TCP/IP, and a basic understanding of penetration testing.

Tuesday, February 3, 2015

Best Practice deployment SSL / TLS

Share transfer of useful articles on how to properly deploy SSL / TLS on your site. Today - the theory, the second (practical) part will be after launch.

introduction

SSL / TLS is deceptively seems simple technology. It is simple to deploy, and then it just works, without providing an adequate level of security. But the main problem lies in the fact that SSL / TLS are not easy to deploy. To TLS provides the necessary security, system administrators and developers should make an extra effort to set up their own servers and application development.

In 2009, Qualys SSL Labs began work with SSL. They wanted to understand how to use TLS, and to remedy the lack of easy-to-use tools TLS, as well as their documentation. With global research use TLS, as well as through online assessment tools Qualys SSL Labs has made some of its goals. But the lack of documentation is still making itself felt. This document is a step towards addressing this problem.

1. The private key and certificate

The quality of protection provided by TLS depends entirely on the secret key, laying the groundwork security, and a certificate of authenticity that tells the server to its visitors.

1.1 Use a 2048-bit private keys

Use a 2048-bit RSA and 256-bit ECDSA private key for all your servers. The keys of this strength are safe and will remain safe for a significant period of time. If you have a 1024-bit RSA keys, you should replace them with stronger keys as soon as possible.

1.2 Protection of the private key

Treat your private keys as an important asset, providing access to the lowest possible group of employees. Recommended action:

• Generate private keys and certificate requests (CSRs) on a trusted computer. Some offer a CA key generation and CSRs for you, but it is impractical.

• Use password protection for private keys, to prevent compromise in cases where they are stored on the backup system. Password protection for the private key does not work on the production server, because an attacker can get the keys from the process of memory. There are hardware devices that can protect the secret key, even if the server is compromised, but they are expensive and thus, only justified in organizations with high security requirements.

• After the compromise revoke old certificates and generate new keys.

• Update certificates every year and always with the new private key.

1.3 Ensure coverage of all used domain names

Make sure that your certificates cover all the domain names that you want to use on the site. For example, you have a primary domain www.example.com, but you are also using a domain www.example.net. Your goal - to avoid warnings about invalid certificates, which will confuse your users and weaken their confidence.

Even when the server is configured, only one domain name, you need to keep in mind that you can not control how users come to your site or any links to his point. In most cases, you should make sure that the certificate works with and without WWW (for example, for example.com and www.example.com). Secure Web server must have a certificate that is valid for each configured domain name. Certificates for the entire domain (Wildcard) have the advantage, but should be avoided if their use is to provide the private key large group of people, such as system administrators to different organizations. Also, keep in mind that Wildcard certificates can be used by attackers to transmit vulnerability from one web site to all other sites that use the same certificate.

1.4. Purchase certificates from a trusted Certification Authority

Choose a reputable certification authority (CA), who take care of their business and security. Consider the following criteria when choosing CA:

Related to safety

All CA pass regular audits (otherwise they would not have the right to act as a CA), but some are more serious about security than others. Find out which one is better in this respect is not easy, but one way is to study the history of their security incidents and to identify how they react to compromise and security incidents and whether they studied their mistakes.
The main activity

CA, in which the issue of certificates is the main activity, will lose business if they do something horribly wrong, and they probably will not be neglected division of certificates, pursuing potentially more lucrative opportunities elsewhere.

services offered

As a minimum, the selected CA should provide support for Certificate Revocation List (CRL) and Protocol OCSP.

Tools for managing certificates

If you need a large number of certificates, select the CA that will give you good tools to manage them.

support

Select the CA that provides good support when you need it.

1.5. Use reliable algorithms to sign the certificate

Security certificate depends on the length and strength of the private key used by the hash function. Today, most of the certificates used algorithm SHA1, which is considered weak.

You need to immediately replace all of your certificates using the algorithm SHA1, if they expire after 2015.