Penetration Testing, Threat Hunting, and Cryptography

Go to Course: https://www.coursera.org/learn/ibm-penetration-testing-threat-hunting-cryptography

Introduction

Hands-on experience applying the principles of penetration testing using tools, such as OWASP ZAP and SNYK.

How to create penetration testing reports and integrate AI to perform advanced threat hunting and threat intelligence.

Use cryptography and cryptanalysis techniques like encryption and hashing to ensure data integrity and confidentiality.

Syllabus

Penetration Testing: Planning and Discovery Phases

This module provides an overview of the different phases of penetration testing, which includes planning, discovery, attack, verification, and reporting. You'll also learn about the fundamental concepts of penetration testing and its importance. The module will focus on the planning and discovery phases. The planning phase will cover the rules of engagement, which ensure penetration tests are conducted ethically and legally. Then, in the discovery phase, you will be introduced to passive and active reconnaissance methods and Google Dorking.

This module focuses on the attack phase of penetration testing. You will learn about the key actions involved in the attack phase, including running exploits, bypassing defenses, gaining elevated privileges, and initiating post-attack activities. You will also explore various penetration testing tools and perform port and website scans using online penetration tools. Further, you will solidify your understanding of port scanning, network scanning, and network protocol analyzers through hands-on labs.

This module focuses on the reporting phase of penetration testing, while introducing the concepts of software and application pen testing. You will learn how to scan code repositories for vulnerabilities and understand its benefits. You will also understand the importance of the reporting phase, create comprehensive penetration testing reports, and implement the Penetration Testing Execution Standard (PTES) framework, which provides insights into industry standards for reporting.

This module provides an overview of threat hunting practices and the role of threat intelligence in cybersecurity. You will explore various threat intelligence sources and learn how to review recent security threat reports using IBM X-Force Threat Exchange. You'll also learn about threat intelligence platforms, security information and event management (SIEM) systems, threat intelligence frameworks, and threat hunting models. Additionally, you'll gain insights into the role of AI in enhancing threat intelligence and hunting capabilities.

This module delves into the fundamental concepts and practices of cryptography, covering essential techniques for ensuring data integrity, confidentiality, and authenticity. You will gain insights into symmetric and asymmetric encryption algorithms like AES and RSA, as well as hashing techniques. The module also examines key management practices and crucial cryptographic techniques, such as securing SSL/TLS. Further, it addresses common cryptographic attacks and cryptanalysis techniques, providing a comprehensive understanding of cryptographic solutions for enhancing organizational security.

In this module, you will apply the knowledge gained in the course in a final project. The module also wraps up the course learning and highlights key takeaways and next steps.