Learn Ethical Hacking From Scratch
Welcome to my comprehensive course on Ethical Hacking! In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking. The first thing you will learn is some basic information about ethical hacking and the different fields in penetration testing.
This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing on your own machine. All the attacks explained in this course are launched against real devices in my lab.
The course is structured in a way that will take you through the basics of linux, computer systems, networks and how devices communicate with each other. We will start by talking about how we can exploit these systems to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level — by the time you finish, you will have knowledge about most penetration testing fields.
The course is divided into four main sections:
1. Network Penetration Testing – This section will teach you how to test the security of networks, both wired and wireless. First, you will learn how networks work, basic network terminology and how devices communicate with each other. Then it will branch into three sub sections:
- Pre-connection: in this section, we still don’t know much about penetration testing — all we have is a computer with a wireless card. You will learn how gather information about the networks and computers around you and launch a number of attacks without a password, such as controlling the connections around you (ie: deny/allow any device from connecting to any network). You will also learn how to create a fake access point, attract users to connect to it and capture any important information they enter.
- Gaining Access: Now that you have gathered information about the networks around you and found your target, you will learn how to crack the key and gain access to your target network. In this section you will learn a number of methods to crack WEP/WPA/WPA2 encryption.
- Post Connection: Now you have the key to your target network and you can connect to it. In this section you will learn a number of powerful attacks that can be launched against the network and connected clients. These attacks will allow you to gain access to any account accessed by any device connected to your network and read all the traffic used by these devices (images, videos, audio, passwords …etc).
2. Gaining Access – In this section you will learn two main approaches to gain full control over any computer system:
- Server Side Attacks: In this approach you will learn how to gain full access to computer systems without the need for user interaction. You will learn how to gather information about a target computer system such as its operating system, open ports, installed services and discover weaknesses and vulnerabilities. You will also learn how to exploit these weaknesses to gain full control over the target. Finally you will learn how to generate different types of reports for your discoveries.
- Client Side Attacks – If the target system does not contain any weaknesses then the only way to gain access to it is by interacting with the user. In this approach you will learn how to launch a number of powerful attacks to fool the target user and get them to install a backdoor on their device. This is done by creating fake updates and serving them to the user or by backdoornig downloaded files on the fly. You will also learn how to gather information about the target person and use social engineering to deliver a backdoor to them as an image or any other file type.
3. Post Exploitation – In this section you will learn how to interact with the systems you compromised so far. You’ll learn how to access the file system (read/write/upload/execute), maintain your access, spy on the target and even use the target computer as a pivot to hack other computer systems.
4. Web Application Penetration Testing – In this section you will learn how websites work. Then you will learn how to gather information about your target website, such as website owner, server location, used technologies and much more. You will also learn how to discover and exploit a number of dangerous vulnerabilities such as SQL injections, XSS vulnerabilities, etc.
At the end of each section you will learn how to detect, prevent and secure your system and yourself from these attacks.
All the attacks in this course are practical attacks that work against any computer device, ie: it does not matter if the device is a phone, tablet, laptop, etc. Each attack is explained in a simple way — first you will learn the theory behind each attack and then you will learn how to carry out the attack using Kali Linux.
- Basic IT Skills
- No Linux, programming or hacking knowledge required.
- Computer with a minimum of 4GB ram/memory.
- Operating System: Windows / OS X / Linux.
- For WiFi cracking (10 lectures ONLY) – Wireless adapter that supports monitor mode (more info provided in the course).
Who this course is for:
- Anybody who is interested in learning ethical hacking / penetration testing
- Anybody who wants to learn how hackers hack computer systems
- Anybody who wants to learn how to secure their systems from hackers
NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.
NOTE: This course is totally a product of Zaid Sabih & zSecurity and No other organization is associated for certification exam for the same.
- Lectures 139
- Quizzes 0
- Duration 12.5 hours
- Skill level All levels
- Language English
- Students 90057
- Assessments Yes
Setting Up The Lab
Network Penetration Testing
Network Penetration Testing - Pre Connection Attacks
Network Penetration Testing - Gaining Access (WEP/WPA/WPA2 Cracking)
- Gaining Access Introduction
- WEP Cracking – Theory Behind Cracking WEP Encryption
- WEP Cracking – Basic Case
- WEP Cracking – Fake Authentication
- WEP Cracking – ARP Request Replay Attack
- WPA/WPA2 Cracking – Introduction
- WPA/WPA2 Cracking – Exploiting WPS Feature
- WPA/WPA2 Cracking – How To Capture The Handshake
- WPA/WPA2 Cracking – Creating a Wordlist
- WPA/WPA2 Cracking – Using a Wordlist Attack
- Securing Your Network From The Above Attacks
- How to Configure Wireless Security Settings To Secure Your Network
Network Penetration Testing - Post Connection Attacks
- Installing Windows As a Virtual Machine
- Information Gathering – Discovering Connected Clients using netdiscover
- Gathering More Information Using Zenmap
- Gathering Even More Information Using Zenmap
- MITM – ARP Poisoning Theory
- MITM – ARP Spoofing using arpspoof
- MITM – Bettercap Basics
- MITM – ARP Spoofing Using Bettercap
- MITM – Spying on Network Devices (Capturing Passwords, Visited Websites…etc)
- MITM – Creating Custom Spoofing Script
- MITM – Understanding HTTPS & How to Bypass it
- MITM – Bypassing HTTPS (Preview)
- MITM – Bypassing HSTS
- MITM – DNS Spoofing
- MITM – Installing & Configuring Bettercap GUI
- MITM – Doing All of The Above Using a Graphical Interface
- Wireshark – Basic Overview & How To Use It With MITM Attacks
- Wireshark – Sniffing & Analysing Data
- Wireshark – Using Filters, Tracing & Dissecting Packets
- Wireshark – Capturing Passwords & Cookies Entered By Any Device In The Network
- Creating a Fake Access Point (Honeypot) – Theory
- Creating a Fake Access Point (Honeypot) – Practical
Network Penetration Testing - Detection & Security
Gaining Access To Computer Devices
Gaining Access - Server Side Attacks
- Installing Metasploitable As a Virtual Machine
- Basic Information Gathering & Exploitation
- Using a Basic Metasploit Exploit
- Exploiting a Code Execution Vulnerability
- MSFC – Installing MSFC (Metasploit Community)
- MSFC – Scanning Target(s) For Vulnerabilities
- MSFC – Analyzing Scan Results & Exploiting Target System
- Nexpose – Installing Nexpose
- Nexpose – How To Configure & Launch a Scan
- Nexpose – Analyzing Scan Results & Generating Reports
Gaining Access - Client Side Attacks
- Installing Veil 3.1
- Veil Overview & Payloads Basics
- Generating An Undetectable Backdoor Using Veil 3
- Listening For Incoming Connections
- Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10
- Backdoor Delivery Method 1 – Using a Fake Update
- Backdoor Delivery Method 2 – Backdooring Downloads On The Fly
- How to Protect Yourself From The Discussed Delivery Methods
Gaining Access - Using The Above Attacks Outside The Local Network
- Meterpreter Basics
- File System Commands
- Maintaining Access – Basic Methods
- Maintaining Access – Using a Reliable & Undetectable Method
- Spying – Capturing Key Strikes & Taking Screen Shots
- Pivoting – Theory (What Is Pivoting)
- Pivoting – Exploiting Devices on The Same Network As The Target Computer
Website Hacking - Information Gathering
Website Pentesting - File Upload, Code Execution & File Inclusion Vulns
- Discovering & Exploiting File Upload Vulnerabilities
- Discovering & Exploiting Code Execution Vulnerabilities
- Discovering & Exploiting Local File Inclusion Vulnerabilities
- Remote File Inclusion Vulnerabilities – Configuring PHP Settings
- Remote File Inclusion Vulnerabilities – Discovery & Exploitation
- Preventing The Above Vulnerabilities
Website Pentesting - SQL Injection Vulnerabilities
- What is SQL
- Dangers of SQL Injection Vulnerabilities
- Discovering SQL Injections In POST
- Bypassing Logins Using SQL Injection Vulnerability
- Discovering SQL Injections In GET
- Reading Database Information
- Finding Database Tables
- Extracting Sensitive Data Such As Passwords
- Reading & Writing Files On The Server Using SQL Injection Vulnerability
- Discovering SQL Injections & Extracting Data Using SQLmap
- The Right Way To Prevent SQL Injection
Website Hacking - Cross Site Scripting Vulnerabilities
Website Pentesting - Discovering Vulnerabilities Automatically Using OWASP ZAP