• Lecture1.1
  Course Introduction 02 min

Preparation - Creating a Penetration Testing Lab 4

• Lecture2.1
  Lab Overview & Needed Software 03 min
• Lecture2.2
  Installing Kali 2019 As a Virtual Machine Using a Ready Image 08 min
• Lecture2.3
  Installing Metasploitable As a Virtual Machine 04 min
• Lecture2.4
  Installing Windows As a Virtual Machine 03 min

Preparation - Linux Basics 3

• Lecture3.1
  Basic Overview Of Kali Linux 04 min
• Lecture3.2
  The Linux Terminal & Basic Linux Commands 09 min
• Lecture3.3
  Configuring Metasploitable & Lab Network Settings 05 min

Website Basics 2

• Lecture4.1
  What Is a Website? 04 min
• Lecture4.2
  How To Hack a Website? 05 min

Information Gathering 8

• Lecture5.1
  Gathering Information Using Whois Lookup 05 min
• Lecture5.2
  Discovering Technologies Used On The Website 06 min
• Lecture5.3
  Gathering Comprehensive DNS Information 06 min
• Lecture5.4
  Discovering Websites On The Same Server 04 min
• Lecture5.5
  Discovering Subdomains 05 min
• Lecture5.6
  Discovering Sensitive Files 07 min
• Lecture5.7
  Analyzing Discovered Files 04 min
• Lecture5.8
  Maltego – Discovering Servers, Domains & Files 08 min
• Lecture5.9
  Maltego – Discovering Websites, Hosting Provider & Emails 05 min

File Upload Vulnerabilities 4

• Lecture6.1
  What are they? And How To Discover & Exploit Basic File Upload Vulnerabilities 07 min
• Lecture6.2
  HTTP Requests – GET & POST 04 min
• Lecture6.3
  Intercepting HTTP Requests 07 min
• Lecture6.4
  Exploiting Advanced File Upload Vulnerabilities 04 min
• Lecture6.5
  Exploiting More Advanced File Upload Vulnerabilities 04 min
• Lecture6.6
  [Security] Fixing File Upload Vulnerabilities 06 min

Code Execution Vulnerabilities 3

• Lecture7.1
  What are they? & How To Discover & Exploit Basic Code Execution Vulnerabilities 07 min
• Lecture7.2
  Exploiting Advanced Code Execution Vulnerabilities 06 min
• Lecture7.3
  [Security] – Fixing Code Execution Vulnerabilities 06 min

Local File Inclusion Vulnerabilities (LFI) 2

• Lecture8.1
  What are they? And How To Discover & Exploit Them 06 min
• Lecture8.2
  Gaining Shell Access From LFI Vulnerabilities – Method 1 07 min
• Lecture8.3
  Gaining Shell Access From LFI Vulnerabilities – Method 2 10 min

Remote File Inclusion Vulnerabilities (RFI) 4

• Lecture9.1
  Remote File Inclusion Vulnerabilities – Configuring PHP Settings 04 min
• Lecture9.2
  Remote File Inclusion Vulnerabilities – Discovery & Exploitation 06 min
• Lecture9.3
  Exploiting Advanced Remote File Inclusion Vulnerabilities 03 min
• Lecture9.4
  [Security] Fixing File Inclusion Vulnerabilities 06 min

SQL Injection Vulnerabilities 2

• Lecture10.1
  What is SQL 06 min
• Lecture10.2
  Dangers of SQL Injections 03 min

SQL Injection Vulnerabilities - SQLi In Login Pages 4

• Lecture11.1
  Discovering SQL Injections In POST 08 min
• Lecture11.2
  Bypassing Logins Using SQL Injection Vulnerability 05 min
• Lecture11.3
  Bypassing More Secure Logins Using SQL Injections 06 min
• Lecture11.4
  [Security] Preventing SQL Injections In Login Pages 08 min

SQL injection Vulnerabilities - Extracting Data From The Database 4

• Lecture12.1
  Discovering SQL Injections in GET 07 min
• Lecture12.2
  Reading Database Information 05 min
• Lecture12.3
  Finding Database Tables 03 min
• Lecture12.4
  Extracting Sensitive Data Such As Passwords 04 min

SQL injection Vulnerabilities - Advanced Exploitation 9

• Lecture13.1
  Discovering & Exploiting Blind SQL Injections 06 min
• Lecture13.2
  Discovering a More Complicated SQL Injection 07 min
• Lecture13.3
  Extracting Data (passwords) By Exploiting a More Difficult SQL Injection 05 min
• Lecture13.4
  Bypassing Security & Accessing All Records 07 min
• Lecture13.5
  Bypassing Filters 05 min
• Lecture13.6
  [Security] Quick Fix To Prevent SQL Injections 07 min
• Lecture13.7
  Reading & Writing Files On The Server Using SQL Injection Vulnerability 06 min
• Lecture13.8
  Getting A Reverse Shell Access & Gaining Full Control Over The Target Web Server 08 min
• Lecture13.9
  Discovering SQL Injections & Extracting Data Using SQLmap 07 min
• Lecture13.10
  Getting a Direct SQL Shell using SQLmap 03 min
• Lecture13.11
  [Security] – The Right Way To Prevent SQL Injection 05 min

XSS Vulnerabilities 7

• Lecture14.1
  Introduction – What is XSS or Cross Site Scripting? 03 min
• Lecture14.2
  Discovering Basic Reflected XSS 04 min
• Lecture14.3
  Discovering Advanced Reflected XSS 04 min
• Lecture14.4
  Discovering An Even More Advanced Reflected XSS 07 min
• Lecture14.5
  Discovering Stored XSS 03 min
• Lecture14.6
  Discovering Advanced Stored XSS 03 min
• Lecture14.7
  Discovering Dom Based XSS 06 min

XSS Vulnerabilities - Exploitation 12

• Lecture15.1
  Hooking Victims To BeEF Using Reflected XSS 06 min
• Lecture15.2
  Hooking Victims To BeEF Using Stored XSS 04 min
• Lecture15.3
  BeEF – Interacting With Hooked Victims 04 min
• Lecture15.4
  BeEF – Running Basic Commands On Victims 04 min
• Lecture15.5
  BeEF – Stealing Credentials/Passwords Using A Fake Login Prompt 02 min
• Lecture15.6
  Installing Veil 3 08 min
• Lecture15.7
  Bonus – Veil Overview & Payloads Basics 07 min
• Lecture15.8
  Bonus – Generating An Undetectable Backdoor Using Veil 3 10 min
• Lecture15.9
  Bonus – Listening For Incoming Connections 07 min
• Lecture15.10
  Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10 07 min
• Lecture15.11
  BeEF – Gaining Full Control Over Windows Target 04 min
• Lecture15.12
  [Security] Fixing XSS Vulnerabilities 07 min

Insecure Session Management 4

• Lecture16.1
  Logging In As Admin Without a Password By Manipulating Cookies 06 min
• Lecture16.2
  Discovering Cross Site Request Forgery Vulnerabilities (CSRF) 07 min
• Lecture16.3
  Exploiting CSRF Vulnerabilities To Change Admin Password Using a HTML File 07 min
• Lecture16.4
  Exploiting CSRF Vulnerabilities To Change Admin Password Using Link 06 min
• Lecture16.5
  [Security] The Right Way To Prevent CSRF Vulnerabilities 09 min

Brute Force & Dictionary Attacks 3

• Lecture17.1
  What Are Brute Force & Dictionary Attacks? 04 min
• Lecture17.2
  Creating a Wordlist 06 min
• Lecture17.3
  Launching a Wordlist Attack & Guessing Login Password Using Hydra 13 min

Discovering Vulnerabilities Automatically Using Owasp ZAP 2

• Lecture18.1
  Scanning Target Website For Vulnerabilities 04 min
• Lecture18.2
  Analysing Scan Results 04 min

Post Exploitation 7

• Lecture19.1
  Post Exploitation Introduction 04 min
• Lecture19.2
  Interacting With The Reverse Shell Access Obtained In Previous Lectures 07 min
• Lecture19.3
  Escalating Reverse Shell Access To Weevely Shell 08 min
• Lecture19.4
  Weevely Basics – Accessing Other Websites, Running Shell Commands …etc 06 min
• Lecture19.5
  Bypassing Limited Privileges & Executing Shell Commands 05 min
• Lecture19.6
  Downloading Files From Target Webserver 05 min
• Lecture19.7
  Uploading Files To Target Webserver 08 min
• Lecture19.8
  Getting a Reverse Connection From Weevely 08 min
• Lecture19.9
  Accessing The Database 09 min