CEH v11: App Layer Attacks, Botnets & DoS Countermeasures

CEH v11: App Layer Attacks, Botnets & DoS Countermeasures

• identify the type of module used by SlowLoris
• recognize how to perform a SlowLoris attack
• recognize the tool to perform a denial-of-service attack against a web application
• identify common uses of a botnet
• identify why hackers take control of a number of systems
• recognize how to see common botnet locations
• recognize detection methods for denial-of-service attacks
• recognize strategies for handling denial of service attacks
• recognize tools used to protect against DoS attacks

The application layer is another prime target for Denial of Service attacks. In this course, you'll explore common application layer DoS attacks like SlowLoris, the Reddit Hug of Death, and UDP app-layer attacks. With botnet traffic making up about 25% of all Internet traffic, they are a real cause for concern. You'll also learn about bots and botnets, including their purpose and common ways they are proliferated. Since Denial of Service attacks can cause so much havoc, you need to do all you can to defend against them. Finally, you'll explore commonly deployed DoS and DDoS defensive countermeasures, tools, and strategies. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Buffer Overflows, Privilege Escalation & System Access

CEH v11: Buffer Overflows, Privilege Escalation & System Access

• identify tools that can be used to find or exploit a buffer overflow
• recognize technologies that can help protect against buffer overflows
• recognize the basic concepts behind a buffer overflow exploit
• describe privilege escalation terminology
• identify techniques that can be used to protect against exploits that could allow an attacker to gain full administrative level access via privilege escalation
• recognize techniques that can obtain privilege escalation
• use privilege escalation techniques on a Linux system to find files that could provide access via suid/guid
• identify tools used to maintain access over a compromise target system
• recognize how to defend against an attacker maintaining or getting access over a compromised system
• work with tools and techniques that can be used to help you maintain access over a compromised target system

Buffer overflows can be one of the more mysterious and difficult techniques to understand and employ, but when successful they can be highly useful when gaining access to target systems. In this course, you'll explore the basic concepts behind buffer overflows, as well as some useful protections against them and how to develop and deploy them in a test environment. Next, you'll examine common privilege escalation techniques, for both Windows and Linux operating systems, that can help you obtain full administrative access. Once you've fully compromised a host, you're going to want to hang on to that access for a long as possible. Finally, you'll learn about tools and techniques that will help you maintain access over a compromised target system. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: CEH Hacking Methodology & Windows Authentication

CEH v11: CEH Hacking Methodology & Windows Authentication

• describe the CEH Hacking Methodology
• describe the goals of the CEH Hacking Methodology
• describe the Windows authentication process
• identify the Windows authentication methods
• work with the Windows SAM authentication method

When it comes to ethical hacking, repeatable successful tactics and processes are the name of the game. In this course, you'll explore the CEH Hacking Methodology to understand each of its phases and goals. You'll also learn about Windows authentication methods and the process behind them. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Cyber Kill Chain, TTPs, Behaviors & Threat Hunting

CEH v11: Cyber Kill Chain, TTPs, Behaviors & Threat Hunting

• define the actions of a hacker in terms of the phases of the Cyber Kill Chain
• identify the functionality of the Cyber Kill Chain
• recognize the seven phases of the Cyber Kill Chain
• identify how threats relate to the Tactics, Techniques, and Procedures (TTPs)
• recognize how Procedures are used to better understand threat actors
• identify the behavioral pattern used by threat actors to exfiltrate data or lock access to data
• identify threat actor behavioral patterns that are not normal on the network
• recognize behavioral patterns of threat actors
• recognize threat actor behavioral patterns that are outside normal user activity
• describe threat hunting and how a threat hunter investigates a system
• distinguish the Indicators of Compromise (IoC) category related to threat hunting activities
• identify the types of Indicators of Compromise (IoC) related to threat hunting activities

If you know how most threat actors and groups attack their targets, you'll be better equipped to defend against those attacks. In this course, you'll explore the seven phases of the Cyber Kill Chain, which aims to guide defenders in their understanding of commonly used attack strategies. Next, you'll learn how tactics, techniques, and procedures can help you better understand the threats your organization faces. You'll move on to examine behavioral patterns typical with today's threat actors and Advanced Persistent Threats. The average time it takes to detect a breach is around 200 days, which is why threat hunting has become a standard security practice. To complete this course, you'll explore threat hunting and its usefulness, as well as the concept of Indicators of compromise. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Cybersecurity Basics, Attacks & Information Warfare

CEH v11: Cybersecurity Basics, Attacks & Information Warfare

• recognize the EC-Council certification process for Certified Ethical Hacker v11
• identify the elements of cyber security
• recognize the security control used to validate integrity
• identify the motivation for an attacker to plant ransomware on a system
• recognize the different motivations for an attacker
• recognize the different types of motivations for attacks
• identify the type of attack that involves the attacker interacting with the target system
• recognize the attack type that involves the attacker attacking the supplier of a company
• recognize the different types of attacks
• identify the forms of information warfare
• identify the information warfare strategies
• recognize the information warfare type that involves prevention communication between systems

Building a strong foundation of knowledge is crucial to becoming an effective cybersecurity professional. In this course, you'll build that foundational knowledge by exploring the five core elements of cybersecurity. You'll examine how classifying what motivates an attacker to attack a network or system can go a long way into figuring out how to best protect systems and networks. Next, you'll explore the many types of attacks that threat actors use to gain access to systems and sensitive data. Finally, you'll learn about information warfare, including its categories and strategies. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: DoS, DDoS, Volumetric & Protocol Attacks

CEH v11: DoS, DDoS, Volumetric & Protocol Attacks

• identify the tools used to perform a denial-of-service attack
• identify the types of denial of service (DoS) attacks
• identify a command to perform a ping of death attack
• recognize the command to issue to perform a UDP flood attack
• recognize the different volumetric attack types
• identify the command to perform a SYN flood attack
• identify the different types of DoS attacks
• recognize the different types of flood attacks

Denial of Service attacks can be very disruptive to an organization both monetarily and reputationally. In this course, you'll explore Denial of Service and Distributed Denial of Service attacks, as well as common DoS techniques and categories and common tools used to perform them. Next, you'll examine volumetric DoS attacks, which are one of the more common types deployed by attackers. These include UDP flood, Ping of Death, Smurf, and Pulse Wave. Finally, you'll learn about protocol-based DoS attacks, including SYN floods, ACK floods, and fragmentation attacks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Fileless Malware, Malware Analysis & Countermeasures

CEH v11: Fileless Malware, Malware Analysis & Countermeasures

• describe how to obfuscate commands to avoid detection
• describe the different classifications of fileless malware
• describe the fileless malware infection process
• identifying the steps of the fileless malware infection process
• identify the fileless malware classification types
• configure or build a malware test environment
• describe how to find or prevent malware using sheep dipping
• identify tools and techniques for doing malware analysis
• recognize common malware analysis techniques
• identity malware countermeasures such as logging, monitoring, backups, and blocking that can make a system more resilient to malware attacks
• recognize malware countermeasures that can empower you to create a system that is much more resilient to malware attacks

The most common way for anti-virus programs to detect a malware infection is by checking files against a database of known-malicious objects. In this course, you'll learn about fileless malware, which avoids detection by not writing any files with known malicious content. Next, you'll explore malware analysis techniques that allow you to configure stronger defenses. You'll also examine sheep dipping and how to build a test environment. There are many security controls to protect against malware infections, so you'll complete this course by learning about countermeasures like logging, anti-virus, and backups. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Footprinting and Social Engineering Recon & Countermeasures

CEH v11: Footprinting and Social Engineering Recon & Countermeasures

• discover public network info associated with a target
• recognize the hosts and systems between you and a target over the public network
• identify some commonly used footprinting tools
• recognize footprinting tools that will help you with the exam
• identifying social engineering and how it can be used to target an organization
• recognize the different types of social engineering techniques used to obtain sensitive information
• describe security controls that can help a client better protect themselves
• identify security controls and how they should be implemented to better protect against an attackers footprinting and recon efforts

If you're engaged in a security assessment, mapping your target's public network presence is a critical step in that process. In this course, you'll learn how to discover the public network info associated with your target. Next, you'll explore a few commonly used footprinting tools that will help you with not only the exam, but that can be used in real life as well. You'll move on to examine how you can use social engineering techniques like shoulder surfing and dumpster diving to obtain useful or sensitive information about your target's organization. Finally, you'll learn about some security controls that could be recommended to a client to help them better protect against an attacker's footprinting and recon efforts. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Footprinting, Google Dorks, Search Engines & Sub-domains

CEH v11: Footprinting, Google Dorks, Search Engines & Sub-domains

• identify the goal of active footprinting
• recognize the different types of footprinting
• recognize the purpose of passive footprinting
• identify the term used for Google keywords to locate sensitive information on the Internet
• identify tools used to help with Google Dork searches
• recognize how to locate a specific document on the Internet
• identify a tool used to locate devices connected to the Internet
• recognize how to use Shodan
• recognize tools used to locate IoT devices on the Internet
• identify a website that can be used to search for subdomains
• identify the Google Dork used to manually locate subdomains
• recognize a tool in Kali Linux that can be used to search for subdomains

Knowledge is power and in the ethical hacking game, the more you know about your target, the more likely you are to find a weakness in their security. In this course, you'll explore the practice of footprinting and the different types of information you can gather in this initial stage of attack. Next, you'll examine Google Dorks and some of the useful advanced search features of the Google search engine. You'll learn how to use the Shodan, Censys, and Thingful search engines to find IoT and other Internet-connected hosts and services in order to see the larger attack surface of a target. Finally, you'll explore sub-domains and how they can lead to compromise if not properly managed, as well as some tools that can help you enumerate a target's sub-domains. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Hacking Phases & Concepts

CEH v11: Hacking Phases & Concepts

• define the common hacker classes
• describe the differences between the five phases of hacking
• identify the five phases of hacking
• recognize what is means to be a hacker
• describe ethical hacking and how it differs from malicious hacking
• identify the limitations and responsibilities an ethical hacker faces that do not apply to malicious hackers
• recall and identify the skills that are commonly needed by ethical hackers

Being an ethical hacker means, in some ways, that you'll need to assume the identity of a bad hacker. In this course, you'll learn what it means to be a hacker, the common hacker classes, and the five phases of hacking. As an ethical hacker, you may encounter those that don't understand what that means and how a person can use seemingly dangerous skills towards an ethical purpose. You'll examine ethical hacking and how it can be a great tool for helping to create a more secure network. You'll also explore skills and limitations common to ethical hackers. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Hijacking Concepts & Countermeasures

CEH v11: Hijacking Concepts & Countermeasures

• describe session hijacking and how it can be accomplished
• recognize the different types of session hijacking
• identify tools and details that can be used to perform session hijacking using man-in-the-middle attacks
• recall the details necessary to perform common network based session hijacking attacks like UDP, TCP, and RST hijacking
• recognize the details of common network based session hijacking attacks
• describe common application level session hijacking attacks
• describe the man-in-the-browser application level session hijacking attack
• identify the protocols or components that can be taken advantage of by an application level session hijacking attack
• identify the types of cross-site scripting (XSS) application level session hijacking attacks
• describe common session hijacking security detection methods and best practices
• recognize common session hijacking security controls, best practices, and secure session handling techniques

Sessions are like a verified conversation between trusted systems, which makes session hijacking a common form of attack. In this course, you'll learn about session hijacking, including how it's accomplished and the different types. Session hijacking attacks can be performed at the network level, so you'll also explore common network-based session hijacking attacks such as UDP, TCP, and RST hijacking. Next, you'll move on to examine common application level session hijacking attacks such as man-in-the-middle, man-in-the-browser, cross-site scripting, and cross-site request forgery. Finally, you'll learn about common session hijacking security controls and countermeasures, as well as best practices like using encrypted protocols and secure session handling techniques. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Incident Management, ML, AI & Regulations

CEH v11: Incident Management, ML, AI & Regulations

• describe the incident management process
• identify the benefits of incident management
• describe the steps in the incident handling and response (IH&R) process that deal with documentation
• identify the different steps of the IH&R process
• recall the order of the nine steps of the IH&R process
• recognize the actions taken for different steps of the IH&R process
• recognize how artificial intelligence and machine learning play a role in the cybersecurity battlefield
• recognize the problems artificial intelligence and machine learning can help with in the current cybersecurity battlefield
• recognize the types and use of artificial intelligence and machine learning
• identify the provisions of the Health Insurance Portability and Accountability Act
• identify the Sarbanes Oxley act and how it applies to corporations
• recognize common standards used for security best practices
• recognize the common standards and regulations the pertain to organizations

A very important job that a cybersecurity professional will need to be familiar with is that of incident management. In this course, you'll explore incident management and what it's designed to accomplish. Next, you'll examine the nine steps of the incident handling and response process to help familiarize yourself with the actions and expectations you may need to take to properly deal with a security incident. You'll learn about effective tools for protecting against advanced threats, as well as the role artificial intelligence and machine learning play in the current cybersecurity battlefield. Finally, you'll examine standards, regulations, and laws that govern how computer systems must be secured and maintained. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Malware, Threats, Trojans, & Viruses

CEH v11: Malware, Threats, Trojans, & Viruses

• identify malware components used to download the malicious code
• recognize the components of malicious software
• identify the characteristics of an APT attack
• identify the phases of an APT attack
• recognize the purpose of APT groups
• identify the different types of trojan malware
• identify the malware deployment types
• identify the trojan type that includes running the real program in addition to the malicious code
• recognize techniques used to avoid trojan detection
• identify malicious software that requires human interaction in order to replicate to a system
• identify the phases of the virus lifecycle
• recognize the malware type that self-replicates

Malware is a common threat used to attack, compromise, and even destroy computer systems. In this course, you'll learn about common malware types and components so you can properly defend against malicious software. Then, you'll move on to explore Advanced Persistent Threats, which are becoming more and more of a danger due to their sophisticated malware. You'll examine the malicious software version of the Trojan Horse, as well as the different types of trojans, deployment methods, construction, and techniques for evading anti-virus detection. Finally, you'll learn about viruses and worms, including concepts, types, and characteristics. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Metadata, Wordlists, Email, WHOIS & DNS Recon

CEH v11: Metadata, Wordlists, Email, WHOIS & DNS Recon

• recognize tools used to extract metadata
• recognize tools used to locate files on a website
• identify the location of sample word list files in Kali Linux
• identify the term used for files that contain common words and passwords
• recognize tools that can be used to create custom word list files
• recognize tools used for email tracking
• identify the different types of whois models
• identify tools used to perform whois searches
• recognize commands used to enumerate DNS

When you're looking for useful target information, you want to pull from every available source. In this course, you'll investigate how to gather and inspect metadata for possible sensitive info about a target. You'll learn how to use wordlists for fuzzing and password attacks, about the usefulness of custom wordlists, and how to generate a wordlist based off the target's web presence. Next, you'll examine how e-mail tracking systems can glean info like IP addresses, geolocation, and host operating systems. Finally, you'll learn about useful information that can be found using WHOIS and DNS service. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: NetBIOS, SMB, SNMP & LDAP Enumeration

CEH v11: NetBIOS, SMB, SNMP & LDAP Enumeration

• describe how to enumerate information from a host
• describe the important of enumeration and its role in gathering information
• enumerate a target’s useful or sensitive information using the SMB protocol
• enumerate information from a host via NetBIOS
• distinguish the port used by the Simple Network Management Protocol (SNMP)
• recognize the components of the Simple Network Management Protocol (SNMP)
• recognize the tools available to report on target systems using SNMP
• identify the tools that utilize LDAP to help you enumerate your targets
• recognize the details of the Lightweight Directory Access Protocol (LDAP)

To be a successful ethical hacker, you need to be good at gathering information. In this course, you'll explore the concept of enumeration, including what it is, how it's done, and the importance of the details gathered during this process. Next, you'll learn how to enumerate a target's useful or sensitive information using both SMB and NetBIOS. You'll move on to learn how you can use SNMP to access information about target systems. Finally, you'll explore the details of the LDAP protocol and some tools that use LDAP to help you enumerate your targets. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Network Scanning, TCP, Host Discovery & Port/Service Scanning

CEH v11: Network Scanning, TCP, Host Discovery & Port/Service Scanning

• recognize the purpose of the different types of scans
• identify the different TCP flags
• recognize the phases of the TCP three-way handshake
• identify scanning tools that can run on mobile devices
• recognize scanning tools that allow you to craft custom packets
• recognize host discovery tools that have a GUI interface
• recognize how to perform host discovery with nmap
• recognize the different nmap options
• recognize how to perform a port and service scan with nmap

An ethical hacker can be most effective when employing the right tools for the job. In this course, you'll learn about networking scanning types and the various flags used in TCP communication. Next, you'll explore commonly used network scanning tools used by many of today's security professionals. You'll then move on to learn about tools that can be used for host discovery, common methods of implementation, and even some countermeasures for prevention purposes. Finally, you'll examine the differences between port and service scans, their use cases, and common port/service associations. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Nmap IP Scans

CEH v11: Nmap IP Scans

• identify the IP fields being used during a zombie scan
• recognize techniques used to avoid detection when performing a scan
• recognize the syntax to perform an idle scan with nmap
• identify the nmap command to perform a UDP scan
• recognize how a system responds to a UDP scan
• identify the number of steps to the SCTP handshake
• recognize the nmap command to perform an INIT SCTP scan
• identify the nmap command to determine the version of software running on a port
• recognize how to enable IPv6 scanning in nmap

Staying off of the radar of your target's security team is a common goal for many ethical hackers when performing security assessments. In this course, you'll learn to use the Nmap IDLE/IPID scan to take advantage of other network hosts to obfuscate scan origins from detection systems and logs. You'll explore using Nmap to discover what is utilizing UDP to help you add to your list of possible inroads of a target system. You'll also examine how SCTP works and how to work with Nmap to use it for scanning purposes. Finally, you'll learn about using Nmap's IPv6 option as another way to discover open ports and about using the versioning option to learn more about the service running on open ports. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Nmap TCP Scans

CEH v11: Nmap TCP Scans

• describe how TCP Connect scans detect open ports on a target host
• using nmap to perform a TCP Connect scan
• describe the advantages of the nmap Stealth scan
• identify the disadvantages of using the nmap Stealth scan
• describe Inverse TCP Scans and how they are done with nmap
• perform an inverse TCP scan using nmap
• troubleshoot Inverse TCP Scans when using nmap
• use nmap’s ACK and Time-to-Live option to map possible firewall rules
• work with nmap’s ACK scan to map possible firewall rules

When scanning a target with Nmap for open ports and/or services, there are several common types of scans. In this course, you'll explore TCP Connect scans, how to issue a TCP Connect scan with Nmap, and pros and cons of using this type of scan. You'll also look at Stealth and TCP scans, how to issue them with Nmap, and their pros and cons. Next, you'll examine how good network security professionals employ firewalls to protect their assets and how this can hinder network-based recon activities. Finally, you'll learn about using Nmap's ACK scan for the purposes of mapping possible firewall rules enumerating port states. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: NTP, NFS, SMTP & FTP Enumeration

CEH v11: NTP, NFS, SMTP & FTP Enumeration

• describe the tools that can be used to enumerate NTP
• recognize the purpose of the Network Time Protocol (NTP)
• describe the Network File System (NFS)
• mount NFS mount points from a remote system on a local system
• recognize how to detect NFS file systems on remote systems
• recognize how to access or find SMTP and FTP services on a target system
• recognize how to verify user accounts on target systems running Simple Mail Transfer Protocol (SMTP)
• recognize tools that can be used to enumerate details from target systems running SMTP

Having the correct time helps to ensure systems operate properly, especially if you have configured things like time-based access. In this course, you'll explore the Network Time Protocol, including attributes and enumeration tools. You'll also examine the Network File System and how it can be taken advantage of when implemented incorrectly. Finally, you'll learn about the Simple Mail Transfer Protocol (SMTP) and File Transfer Protocol (FTP), including what details can be enumerated from target systems using both of these protocols. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Passwords Attacks, Extraction & Cracking

CEH v11: Passwords Attacks, Extraction & Cracking

• identify tools used to perform an online passive password attack
• recognize the difference between non-technical and technical password attacks
• recognize the tools used to perform an offline password attack
• identify a tool you can use to capture the Windows password hashes
• identify tools used to crack password hashes
• recognize how to capture password hashes from live traffic
• recognize techniques to capture the password hashes in Linux
• identify how to create rules in John the Ripper to enhance password cracking capabilities
• identify the password attack enhancement that allows you to combine multiple dictionary files together
• recognize enhanced password attack features that combine entries together

Passwords are a part of many of today's authentication systems and are therefore prone to attack. In this course, you'll investigate common attack methods and tools used to defeat passwords. You'll examine how hackers are able to obtain and decrypt a user's password, including tools and techniques used to procure encrypted passwords and cracking tools used to uncover the original password data. Finally, you'll learn about common password cracking enhancement techniques aimed to decrease the amount of time and increase the success rate when attempting to crack passwords. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Recon Tools & Tactics

CEH v11: Recon Tools & Tactics

• identify tools that can provide details about the physical location of a target
• recognize tactics that can be used against a geographical location of a target
• conducting Open Source Intelligence (OSINT) searches on social media sites
• recognizing how social media sites can yield sensitive information through investigation or through social engineering
• using tools to do Open Source Intelligence (OSINT) searches on social media sites
• utilize job posts and job boards to search out useful target info like what technologies are being used
• describe how to use the mostly unseen resources on the internet to discover potentially sensitive information about a target
• describe the large portion of the internet and how to use those mostly unseen resources
• recognize the different portions of the internet

Having knowledge of a target's physical location can be useful for social engineering and physical security assessments. In this course, you'll explore tools and tactics used to learn a target's geographical location. Next, you'll examine how conducting Open Source Intelligence on social media sites can yield sensitive information through direct investigation or social engineering. You'll move on to learn how to utilize job posts and job boards to search out useful target info like what technologies are being used, names of legitimate users, and areas they may be weak due to lack of staffing. Finally, you'll explore the large portion of the Internet that consists of the dark and deep webs and how these mostly unseen resources can be used to discover potentially sensitive info about a target. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Risk Management, Cyber Threat Intelligence & Threat Modeling

CEH v11: Risk Management, Cyber Threat Intelligence & Threat Modeling

• recognize the formula to calculate risk
• recognize the tools used to help manage risk
• identify the phases of risk management
• recognize the actions performed during risk management
• recognize high level CTI categories
• recognize low level CTI categories
• recognize the step in threat modeling that deals with determining the security needs of the company
• recognize the steps to threat modeling
• recognize the tasks performed in each step of threat modeling

At the end of the day, cybersecurity is all about understanding risk. In this course, you'll learn about how risk pertains to cybersecurity, risk levels, and how to use a risk matrix to visualize risk. You'll also examine the concept, practice, and phases of risk management, which can help you minimize the negative effects of risk. Next, you'll explore how using Cyber Threat Intelligence is a more proactive approach towards your cybersecurity defenses and the four types of CTI. Finally, you'll learn about using threat modeling to stop threats before they become security incidents and the five steps common to the threat modeling process. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Scan Optimization, OS Identification & IDS/Firewall Evasion

CEH v11: Scan Optimization, OS Identification & IDS/Firewall Evasion

• define the nmap timing template options for increasing or decreasing the time nmap takes to perform a scan
• recognize nmap options and techniques to decrease the waiting time for scans
• describe how nmap can be used to detect a targets operating system
• recognize techniques that can be used to determine a targets operating system
• describe nmap features to bypass firewall and IDS alerting
• recognize evasion techniques and tactics to help evade firewalls and IDS
• recognize tactics to evade common network security controls
• use evasion tactics and tools to obfuscate network scans

Running Nmap scans can sometimes take a lot of time. In this course, you'll explore a few options and techniques for decreasing the amount of time you wait for Nmap to complete its scans. Knowing what operating system your target is running sets the stage for how you'll conduct the subsequent steps of your hacking methodology, so you'll also examine common tools and techniques for discovering a target's host OS. Finally, you'll learn about tactics and tools that can be used to help you evade common network security controls such as firewalls and IDS. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Sniffing & Poisoning

CEH v11: Sniffing & Poisoning

• identify the different attacks an attacker can use to access sensitive data through network switches
• recognize the physical ways attacks can access sensitive data
• recognize the types of packets sniffing attackers can use to access sensitive data
• use network attacks to bypass network switches in order to sniff packets
• identify how using a rogue DHCP server can be used to intercept target host communications
• recognize how attackers can manipulate DHCP on client systems
• describe how to defend against attackers manipulating the Address Resolution Protocol (ARP) table
• identify how attackers can manipulate the ARP table
• recognize and manipulate the Address Resolution Protocol (ARP) table
• describe how to view the DNS cache on a local system
• identify the attack techniques that can be used against DNS
• recognize how attackers trick users into accessing an invalid host via DNS poisoning
• identify security controls that can be employed to add layers of security that can derail many sniffing attacks
• recognize common security controls and settings that can be added to derail many sniffing attacks

Networks are constantly sending data to deliver messages and keep network services working, but those data packets may contain sensitive information like passwords. In this course, you'll examine how an attacker can gain access to sensitive data through packet sniffing. You'll learn how attackers can manipulate DHCP, which can allow them to then intercept target host communications. Next, you'll explore how attackers can manipulate ARP by taking advantage of the default functions of the ARP protocol. You'll move on to examine how attackers trick users into sharing personal information through DNS poisoning. Finally, you'll learn about common security controls that allow networks to communicate, while still adding layers of scrutiny, control, and obfuscation. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Social Engineering, Insider Threats & Identity Theft

CEH v11: Social Engineering, Insider Threats & Identity Theft

• identify the impact to an organization that is compromised by social engineering attacks
• recognize characteristics of a social engineering attack
• recognize the phases of a social engineering attack
• recognize the types of social engineering attacks
• identify common scenarios involving insider threats
• identify suspicious activity that could identify an insider threat
• recognize the different types of insider threats
• identify signs of identity theft
• recognize the reasons for identity theft

Often times, the most insecure point in a network is not the network hosts, but the end user that works with it. In this course, you'll explore the concepts and tactics of social engineering attacks, where the end user becomes the vulnerable system. The most dangerous attack can come from inside your network. You'll also examine insider threats, including why they're effective, their organization impacts, and why they're difficult to detect and defend against. Identity theft is one of the most common and lucrative avenues of attack. To complete this course, you'll learn the basic concepts, motives, and goals behind identity theft attacks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Steganography & Avoiding Detection

CEH v11: Steganography & Avoiding Detection

• describe how to hide data in a file using steganography tools
• recognize how to detect steganography using steganalysis
• recognize how to exfiltrate data by using steganography techniques and tools
• describe techniques that can hide logs or the tracks of an attacker
• identify tools attackers use to cover their tracks
• recognize tactics attackers use to hide their activities from logs and auditing
• recognize tools used by attackers to avoid detection by administrators

Exfiltration of sensitive data is a common goal of many hacks. In this course, you'll explore how hackers are able to avoid detection when exfiltrating data by using steganography techniques and tools. On average it takes roughly nine months before a breach is detected. You'll also examine common tactics attackers use to cover their tracks and avoid detection by administrators. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Vulnerability Assessment Types, Models, Tools & Reports

CEH v11: Vulnerability Assessment Types, Models, Tools & Reports

• identify the type of vulnerability assessment that involves probing a system for vulnerabilities
• recognize the type of security controls that should be used when accessing data
• recognize the type of vulnerability assessment that involves using a sniffer to identify sensitive traffic
• identify common vulnerability scanners and tools
• identify the vulnerability assessment model that involves you running a vulnerability scanner
• recognize the different vulnerability assessment models
• identify high level severity items in a vulnerability report
• recognize how to add a list of targets to a vulnerability scanner
• recognize the elements of a vulnerability report

Performing a vulnerability assessment allows you to locate potential weaknesses in systems, networks, and channels of communication. This is a vital step in defending systems against attacks. In this course, you'll learn about the different types of vulnerability assessments. You'll move on to explore various vulnerability assessment models and tools. Finally, you examine important information that should be included in your vulnerability assessment reports. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEH v11: Vulnerability Assessment, Management & Classification

CEH v11: Vulnerability Assessment, Management & Classification

• describe the rating and score metrics used by the Common Vulnerability and Exposures (CVE) scoring system
• recognize tools and resources commonly used when analyzing a vulnerability assessment report
• describe the six activities of the vulnerability management life cycle
• describe the vulnerability phases in relation to the vulnerability assessment life cycle
• recognize the activities performed during the assessment phases
• identify the type of vulnerability that could be discovered during an assessment
• match the different vulnerability types that could be found during an assessment
• recognize the different vulnerability types and how they may be identified during an assessment

One of the main job duties of many ethical hackers is performing vulnerability assessments. In this course, you'll explore the basic concepts of vulnerability assessments, as well as tools and resources commonly used when performing one. You'll examine the vulnerability management life cycle and common activities performed during it. Finally, you'll learn about the various vulnerability types you may discover during an assessment. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Cloud Computing, Containers, Hacking & Security Controls

CEHv11: Cloud Computing, Containers, Hacking & Security Controls

• describe the different cloud computer types
• describe the different cloud computer types responsibility areas
• identify the cloud service deployment models
• recognize the different cloud storage architectures
• describe containers and orchestration
• describe the five-tier container architecture
• identify common security challenges for container technologies
• describe attack methods for accessing or enumerating cloud services
• identify tools to enumerate Amazon S3
• recognize common security vulnerability and assessment tools
• recognize tools used for gaining access to sensitive information
• identify security controls for protecting cloud environments
• recognize common security controls and online tools that can help with protecting cloud accounts, containers, and orchestration
• recognize common security controls for cloud environments that can help you protect cloud accounts

Many of today's systems are becoming cloud-based at a rapid pace. In this course, you'll explore different cloud services, deployment models, responsibility areas, and architectures relevant to your CEH exam. Another rapidly adopted technology in today's networks is containers, making knowledge of them a necessary skill. You'll examine containers, technologies like Docker, and orchestration, as well as common security challenges. Next, you'll learn why cloud services have been prone to security issues and breaches and examine common security vulnerabilities and assessment tools. Finally, you'll learn about common security controls for cloud environments that can help you protect cloud accounts, storage, containers, and orchestration. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Cryptography, Algorithms, Implementations & Tools

CEHv11: Cryptography, Algorithms, Implementations & Tools

• describe the purpose of cryptography
• describe the types of cryptography
• identify the common used types of cryptography
• describe common algorithms and implementations used by various crypto systems
• identify the strengths of commonly implemented hash functions
• recognize common encryption and hashing functions and their uses
• recognize the common encryption algorithms and their types
• recognize tools that can aid in securing sensitive data on desktops
• recognize tools that will aid you in securing your sensitive data on servers

Encryption is one of the best security controls available for defending computer networks and data, and cryptography plays a vital role in this process. In this course, you'll explore cryptography, including its purpose, types, and common ciphers, to help you better understand the strengths and weaknesses of common crypto-systems. Next, you'll examine the common algorithms and implementations used by various crypto-systems, including symmetric and asymmetric algorithms, hashing functions, and digital signatures. Encryption is highly effective for protecting sensitive data, but how do you encrypt something? To complete this course, you'll learn about tools that can help you to secure sensitive data on servers, desktops, e-mail, and mobile. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: CSRF, IDOR, LFI & RFI Attacks

CEHv11: CSRF, IDOR, LFI & RFI Attacks

• recognize how Cross Site Request Forgery (CSRF) attacks work
• Identify how Cross Site Request Forgery (CSRF) attacks can be leveraged by attackers
• identify Insecure Direct Object Reference (IDOR) attacks and how to exploit it
• describe how remote and local file inclusion attacks can be leveraged to gain access to a remote system
• describe the difference between remote and local file inclusion attacks
• recognize how remote and local file inclusion attacks work

Cross-Site Request Forgery, Direct Object Reference, and Local and Remote File Inclusion attacks can prove very harmful to web applications. In this course, you'll examine how these attacks work and how to recognize them. First, you'll explore CSRF attacks and how they can be leveraged to attack users. Next, you'll learn about the IDOR attack, including how to find and exploit it. Finally, you'll learn about LFI and RFI attacks, including how they work and how they can be leveraged to gain access to a remote system. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Intrusion Prevention and Detection, Firewalls & Honeypots

CEHv11: Intrusion Prevention and Detection, Firewalls & Honeypots

• describe the techniques that can be used to evade IDS/IPS
• recognize the different alert types of deployed IDS/IPS solutions
• recognize the function of intrusion detection and prevention systems (IDS/IPS)
• describe how firewalls are used as a security countermeasure
• describe how firewalls can be configured as a security countermeasure
• describe techniques that are commonly used to bypass firewalls
• describe the types of honeypots that can be used to build better defenses
• identify how honeypots can be used to protect your organization

Intrusion detection and prevention systems are security controls that provide alerts and protection for many organizations today. In this course, you'll explore their function, commonly deployed IDS/IPS solutions, and techniques for evading detection by these systems. Next, you'll examine firewalls, their role as a security countermeasure, and techniques commonly used to bypass them. If you know how an attacker is likely to attack, you can build better defenses to protect your organization. Finally, you'll learn how honeypots can be used to determine the attacks a production network is most likely to face from threats. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: IoT Threats, Vulnerabilities, Attack Tools & Countermeasures

CEHv11: IoT Threats, Vulnerabilities, Attack Tools & Countermeasures

• describe IoT and recognize its main components
• describe the IoT architectural components
• identify the IoT protocols used for deployment
• recognize the communication models used in IoT
• describe common IoT threats
• identify OWAP Top 10 IoT threats and vulnerabilities
• recognize the attack surface for IoT devices
• describe common IoT attacks
• identify hacking tools and methods for hacking IoT devices
• identify tools used for attacking IoT devices
• recognize common attacks that can cause harm via IoT devices

Internet-of-Things (IoT) devices make our lives convenient and that makes them more prevalent every day. In this course, you'll learn about IoT and its main components, as well as IoT architecture, deployment areas, protocols, communication models, and security challenges. The best way to effectively attack IoT devices is to be familiar with the common threats and vulnerabilities, so next you'll explore these areas. Finally, you'll examine common attacks and hacking tools that you can use to gain access to IoT devices, as well as defensive countermeasures you can employ to protect against those attacks and tools. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Mobile Hacking, OS Security & Device Management

CEHv11: Mobile Hacking, OS Security & Device Management

• describe OWASP Top 10 Mobile Risks
• identify the OWASP defined Top 10 Mobile Risks to mobile devices
• recognize the attack surface related to mobile devices
• recognize the mobile risks as defined by OWASP
• describe debugging and access tools available for Android devices
• identify security and risk associated with rooting an Android device
• identify sources of information for the Android environment
• recognize common android vulnerability and attack tools
• identify defenses associated with iOS devices
• identify jailbreaking types associated with iOS devices
• recognize attack vectors associated with iOS devices
• recognize tools that could be used as attack vectors with iOS devices
• identify how mobile device management should be deployed along with security policies
• identify security issues around BYOD and mobile device management
• identify the need and capabilities of mobile device management
• recognize the tools and software available to do mobile device management

Mobile devices are one of the core components of today's network environments, so it's vital to know how and where they are possibly vulnerable. In this course, you'll explore the attack surface related to mobile devices and the Top 10 Mobile Risks as defined by OWASP, in terms of both attacking and defending these critical pieces of infrastructure. Next, you'll examine common vulnerabilities and attack tools for both Android and iOS, as well as defensive measures you can take to secure them. One of the main reasons that attackers are successful against mobile devices is due to the difficulty in managing them. To complete this course, you'll learn about the need for mobile device management software, how to deploy it, and how it helps secure things in a BYOD world. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Operational Technology Concepts, Attack Tools & Countermeasures

CEHv11: Operational Technology Concepts, Attack Tools & Countermeasures

• describe some of the operational and security challenges of Operational Technology
• describe the base components of Operational Technology systems
• describe the components of Operational Technology systems
• identify the common components and interfaces for Operational Technology systems
• describe common OT tools and how they work
• describe common OT vulnerabilities
• describe OT related attacks
• identify common OT tools that can be used to attack an OT network

To be effective at both defending and attacking Operational Technology (OT) systems, you must first be aware of the basic components and concepts that OT systems are made of. In this course, you'll explore OT systems and their base components, as well as systems such as Industrial Control System, Supervisory Control and Data Acquisition, programmable logic controllers, and Intelligent Electronic Devices. You'll also learn about the common security challenges facing OT systems. Finally, you'll examine common OT-related attacks, tools, and defensive countermeasures. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: PKI, Cryptanalysis & Attack Countermeasures

CEHv11: PKI, Cryptanalysis & Attack Countermeasures

• compare the differences between PKI certificates issues by trusted authorities versus self-signed certificates
• Describe the Public Key Infrastructure process
• recognize the components of a Certificate issued via PKI
• recognize the components of Public Key Infrastructure (PKI)
• describe cryptanalysis methods
• identify attacks used to reveal encrypted information
• recognize cryptanalysis methods used to reveal encrypted data
• recognize the different cryptanalysis attacks
• recognize best practices for protecting encryption systems
• recognize strategies for deploying encryption

In today's day and age, we must be encrypting data for secure communication with third parties. But how is this accomplished? In this course, you'll examine Public Key Infrastructure as an encryption solution. You'll also explore PKI components, process, and how it compares with self-signed certificates. As long as there has been encrypted data, there have been attempts to break those encryptions. You'll next learn about cryptanalysis methods and attacks used to reveal hidden messages. Finally, you'll explore how to deploy the right encryption in the right way by learning about best practices and strategies for keeping your data safe. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: SQL Injection & SQLMap

CEHv11: SQL Injection & SQLMap

• describe the SQL Injection techniques used to write a file on a target system
• identify the SQL statements that can be used to write files to a target system using SQLi and that could allow an attacker to gain interactive shell access
• recognize the limitations of using SQLi techniques to read a file
• use SQLi techniques to read a file on a target system
• describe the sqlmap requirements in order to automate SQL injections
• identify sqlmap options to enumerate data from SQL Injections
• recognize how to use sqlmap to automate detection and enumeration of SQL injections

SQL injection is typically used to access sensitive information from a target's database, but under the right circumstances, it can be used to access the remote file system or even allow for remote system shell access. In this course, you'll learn the SQLi techniques used to read and write to files on the target system, as well as gain interactive shell access. Manual SQL injection testing is a necessary skill, but often time to test is limited and it's useful to have a tool like SQLMap. You'll finish this course by learning how to use SQLMap to automate the process of testing SQL injections. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: SQL Injection Concepts & Attacks

CEHv11: SQL Injection Concepts & Attacks

• describe how to find spots where SQL Injection could be attempted against a web application that stores and delivers data
• identify the type of SQL injection attack used gain web applications that store and deliver data
• recognize the security controls and defenses that can be used to prevent SQL Injection attacks
• recognize the types of SQL injection attacks
• describe how error-based SQLi can be tested for
• Identify ways to exploit SQLi vulnerabilities
• recognize how to use error-based SQLi to enumerate the database
• describe the time-based blind SQLi method that can be used to access information on a remote system
• recognize the types of blind-based SQLi that can be used to access sensitive information

Many web applications store data in a back-end database and the data is then retrieved as the end user requests it from the front end. This process can allow for end-user injection of SQL queries, revealing sensitive data to the unauthorized attacker. In this course, you'll learn about SQL injection, including attack types, tools, security controls, and defense evasion techniques. Next, you'll explore error-based SQLi and how to test for and exploit this common SQLi vulnerability. SQL injections can be used to gain access to sensitive information or even allow access into a remote system, but they aren't always easily executed. To complete this course, you'll learn about blind-based SQLi methods and how to use them to access sensitive information on a remote system. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Web Application Attacks & Vulnerabilities

CEHv11: Web Application Attacks & Vulnerabilities

• describe techniques and technologies used by web applications
• describe techniques for testing and protecting web applications
• recognize defenses that can be used to protect web applications
• recognize the details of web applications
• describe an OWASP Top 10 Web Application attack and how to protect against it
• describe how an OWASP top 10 web application attack works
• distinguish between the OWASP Top 10 Web Application attacks
• recognize the OWASP Top 10 Web Application attacks
• describe unvalidated redirects and forwards
• recognize how to mitigate unvalidated redirects and forwards

Web applications are typically the face of most organizations today. It's how customers interact with an organization's services, which makes for an inviting target for attackers. In this course, you'll examine the details of web applications, including their commonly used technologies, associated risks, and defenses. Next, you'll explore the OWASP Top 10 Web Application Attacks document, one of the best resources for understanding web application security vulnerabilities, and learn how to use common attacks as ethical hackers and protect against them as defenders. Finally, you'll learn about unvalidated redirects and forwards and how they can be used to access protected data. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Web Application Hacking and Login Attacks

CEHv11: Web Application Hacking and Login Attacks

• identify the stages of the web app hacking methodology
• recognize the common web app hacking methodology
• recognize the purpose of the web app hacking methodology steps
• describe specialty web app hacking tools that are useful for specific types of web sites
• identify the advantages of different web app hacking tools
• recognize commonly used web app hacking tools
• recognize the command line tools uses for web app hacking
• identify the types of inputs used to attack a target using SQL Injection
• recognize how the SQL Injection technique can be used to bypass a login page
• recognize the tools and techniques used to do a Brute Force attack against a web site login page
• recognize the tools used to automate SQL Injection attacks against a web page login form

The key to success when security testing a web application is making sure you have an effective plan. In this course, you'll explore the common web app hacking methodology, as described by EC-Council. Next, you'll learn how the tools you have at your disposal will be crucial to your success when testing the security of any web application. Finally, getting past the login page of a web application can be a common first stop for security researchers, so you'll examine how to accomplish this using techniques like injection and brute-force attacks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Web Server Hacking, Attacks & Attack Methodologies

CEHv11: Web Server Hacking, Attacks & Attack Methodologies

• describe the function of a web server and it common components
• identify security controls that can help mitigate possible vulnerabilities
• recognize where web server configuration files and common components are stored
• describe the common web server attacks
• recognize the directory traversal web server attack pattern
• recognize tools that can be used to perform common web server attacks
• work with the HTTP response splitting web server attack
• describe the tools used for each step of the web server attack methodology
• identify the components of the web server attack methodology
• recognize common web server attack methodology techniques

Having a web presence is almost a necessity in today's business age, but web applications can be very complicated and difficult to build securely. This includes the web server that runs the app. In this course, you'll explore the web server, its function, common components that can lead to vulnerabilities, and security controls to help mitigate those possible vulnerabilities. Next, you'll examine common web server attacks such as directory traversal, HTTP response splitting, and Server-side Request Forgery. Finally, you'll learn how following an established attack methodology will increase your likelihood of success when attacking a web server, and examine a common web server attack methodology and tools and techniques used at each step. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Wireless Concepts, Threats & Hacking Tools

CEHv11: Wireless Concepts, Threats & Hacking Tools

• describe the Wi-Fi authentication types
• identify the types of Wi-Fi antennas
• recognize the common Wi-Fi standards
• recognize the features of the Wi-Fi encryption schemes
• describe threats to wireless technologies
• identify threats to wireless technologies used by attackers
• recognize the Rogue AP threat to wireless technologies
• identify tools that help with wireless discovery and mapping
• recognize tools used for doing wireless attacks
• use tools to do wireless discovery, mapping, traffic analysis and attacks

Wireless technologies abound in today's networks, making them a prime target for attack. In this course, you'll explore the features of Wi-Fi, common standards, authentication types, antennas, and encryption schemes. Next, you'll examine common threats against wireless technologies that you need to be aware of to be an effective security professional, including authentication attacks, Evil Twins, Rogue AP, and Denial of Service. To complete this course, you'll learn about commonly used wireless hacking tools, including those used for discovery, mapping, traffic analysis, and wireless attacks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: Wireless Hacking & Countermeasures

CEHv11: Wireless Hacking & Countermeasures

• describe the components for cracking a WPA/WPA2 wireless shared key
• identify how to perform de-authorization attacks against Wi-Fi connected devices
• identify the tools required to crack WPA/WPA2 encryption
• recognize how to perform Wi-Fi hacking
• describe common security controls that can protect access points
• describe common security controls that will help keep wireless networks safe
• describe how common security controls like Security Audits can help protect wireless networks

There are a few common attack vectors when targeting Wi-Fi networks that you should be aware of. In this course, you'll learn how to perform wireless hacking attacks such as MAC spoofing, de-authentication, and WPA/2 encryption cracking. Defending wireless networks can be a daunting task if you're unaware of effective security countermeasures. To complete this course, you'll explore common security controls that will get you on the right track to keeping your wireless network safe. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.

CEHv11: XSS, Web Shells, APIs & Webhooks

CEHv11: XSS, Web Shells, APIs & Webhooks

• describe techniques used to evade input filters to gain cross-site scripting (XSS) execution
• identify evasion techniques used to evade input filters
• recognize techniques used to evade input filters to gain cross-site scripting (XSS) execution
• describe web shells
• identify defenses that can be used to prevent web shells from being uploaded
• recognize how to deploy web shells
• describe common API vulnerabilities
• identify the steps to the API Hacking Methodology
• recognize the attributes of APIs
• recognize the features of webhooks

Common attack vectors such as cross-site scripting are becoming more difficult to exploit due to the implementation of defenses. In this course, you'll examine how to evade input filters to gain XSS execution. Next, you'll explore web shells, including how they can be deployed, defenses, and evasions. Many of today's web applications utilize an Application Programming Interface to facilitate interaction between clients and services. To wrap up this course, you'll learn about attributes of APIs, how they compare with webhooks, and common vulnerabilities and security countermeasures associated with both APIs and webhooks. This course is one in a series that helps to prepare you for the Certified Ethical Hacker v11 (312-50) exam.