-
Intro 1
-
Course Introduction 02 minLecture1.1
-
-
Preparation - Creating a Penetration Testing Lab 4
-
Lab Overview & Needed Software 08 minLecture2.1
-
Installing Kali 2020 As a Virtual Machine 11 minLecture2.2
-
Installing Metasploitable As a Virtual Machine 04 minLecture2.3
-
Installing Windows As a Virtual Machine 03 minLecture2.4
-
-
Preparation - Linux Basics 3
-
Basic Overview Of Kali Linux 05 minLecture3.1
-
The Linux Terminal & Basic Linux Commands 09 minLecture3.2
-
Configuring Metasploitable & Lab Network Settings 05 minLecture3.3
-
-
Website Basics 2
-
What Is a Website? 04 minLecture4.1
-
How To Hack a Website? 05 minLecture4.2
-
-
Information Gathering 9
-
Gathering Information Using Whois Lookup 05 minLecture5.1
-
Discovering Technologies Used On The Website 06 minLecture5.2
-
Gathering Comprehensive DNS Information 10 minLecture5.3
-
Discovering Websites On The Same Server 04 minLecture5.4
-
Discovering Subdomains 05 minLecture5.5
-
Discovering Sensitive Files 07 minLecture5.6
-
Analyzing Discovered Files 04 minLecture5.7
-
Maltego – Discovering Servers, Domains & Files 08 minLecture5.8
-
Maltego – Discovering Websites, Hosting Provider & Emails 05 minLecture5.9
-
-
File Upload Vulnerabilities 6
-
How To Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites 07 minLecture6.1
-
HTTP Requests – GET & POST 04 minLecture6.2
-
Intercepting HTTP Requests 07 minLecture6.3
-
Exploiting Advanced File Upload Vulnerabilities To Hack Websites 04 minLecture6.4
-
Exploiting More Advanced File Upload Vulnerabilities 04 minLecture6.5
-
[Security] Fixing File Upload Vulnerabilities 06 minLecture6.6
-
-
Code Execution Vulnerabilities 3
-
How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites 07 minLecture7.1
-
Exploiting Advanced Code Execution Vulnerabilities 06 minLecture7.2
-
[Security] – Fixing Code Execution Vulnerabilities 06 minLecture7.3
-
-
Local File Inclusion Vulnerabilities (LFI) 3
-
What are they? And How To Discover & Exploit Them 06 minLecture8.1
-
Gaining Shell Access From LFI Vulnerabilities – Method 1 07 minLecture8.2
-
Gaining Shell Access From LFI Vulnerabilities – Method 2 10 minLecture8.3
-
-
Remote File Inclusion Vulnerabilities (RFI) 4
-
Remote File Inclusion Vulnerabilities – Configuring PHP Settings 04 minLecture9.1
-
Remote File Inclusion Vulnerabilities – Discovery & Exploitation 06 minLecture9.2
-
Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites 03 minLecture9.3
-
[Security] Fixing File Inclusion Vulnerabilities 06 minLecture9.4
-
-
SQL Injection Vulnerabilities 2
-
What is SQL 06 minLecture10.1
-
Dangers of SQL Injections 03 minLecture10.2
-
-
SQL Injection Vulnerabilities - SQLi In Login Pages 4
-
Discovering SQL Injections In POST 08 minLecture11.1
-
Bypassing Logins Using SQL Injection Vulnerability 05 minLecture11.2
-
Bypassing More Secure Logins Using SQL Injections 06 minLecture11.3
-
[Security] Preventing SQL Injections In Login Pages 08 minLecture11.4
-
-
SQL injection Vulnerabilities - Extracting Data From The Database 4
-
Discovering SQL Injections in GET 07 minLecture12.1
-
Reading Database Information 05 minLecture12.2
-
Finding Database Tables 03 minLecture12.3
-
Extracting Sensitive Data Such As Passwords 04 minLecture12.4
-
-
SQL injection Vulnerabilities - Advanced Exploitation 11
-
Discovering & Exploiting Blind SQL Injections 06 minLecture13.1
-
Discovering Complex SQL Injection Vulnerabilities 07 minLecture13.2
-
Exploiting an advanced SQL Injection Vulnerability to Extract Passwords 05 minLecture13.3
-
Bypassing Filters 05 minLecture13.4
-
Bypassing Security & Accessing All Records 08 minLecture13.5
-
[Security] Quick Fix To Prevent SQL Injections 07 minLecture13.6
-
Reading & Writing Files On The Server Using SQL Injection 06 minLecture13.7
-
Getting A Shell & Controlling The Target Server Using an SQL Injection 08 minLecture13.8
-
Discovering SQL Injections & Extracting Data Using SQLmap 07 minLecture13.9
-
Getting a Direct SQL Shell using SQLmap 03 minLecture13.10
-
[Security] – The Right Way To Prevent SQL Injection Vulnerabilities 05 minLecture13.11
-
-
XSS Vulnerabilities 6
-
Introduction – What is XSS or Cross Site Scripting? 03 minLecture14.1
-
Discovering Basic Reflected XSS 04 minLecture14.2
-
Discovering Advanced Reflected XSS 04 minLecture14.3
-
Discovering An Even More Advanced Reflected XSS 07 minLecture14.4
-
Discovering Stored XSS 03 minLecture14.5
-
Discovering Advanced Stored XSS 03 minLecture14.6
-
-
XSS Vulnerabilities - Exploitation 12
-
Hooking Victims To BeEF Using Reflected XSS 06 minLecture15.1
-
Hooking Victims To BeEF Using Stored XSS 04 minLecture15.2
-
Interacting With Hooked Victims 04 minLecture15.3
-
Running Basic Commands On Victims 04 minLecture15.4
-
Stealing Credentials/Passwords Using A Fake Login Prompt 02 minLecture15.5
-
Bonus – Installing Veil Framework 06 minLecture15.6
-
Bonus – Veil Overview & Payloads Basics 07 minLecture15.7
-
Bonus – Generating An Undetectable Backdoor Using Veil 3 10 minLecture15.8
-
Bonus – Listening For Incoming Connections 07 minLecture15.9
-
Bonus – Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10 07 minLecture15.10
-
BeEF – Gaining Full Control Over Windows Target 04 minLecture15.11
-
[Security] Fixing XSS Vulnerabilities 07 minLecture15.12
-
-
Insecure Session Management 5
-
Logging In As Admin Without a Password By Manipulating Cookies 06 minLecture16.1
-
Discovering Cross Site Request Forgery Vulnerabilities (CSRF) 07 minLecture16.2
-
Exploiting CSRF To Change Admin Password Using a HTML File 07 minLecture16.3
-
Exploiting CSRF Vulnerabilities To Change Admin Password Using Link 06 minLecture16.4
-
[Security] The Right Way To Prevent CSRF Vulnerabilities 09 minLecture16.5
-
-
Brute Force & Dictionary Attacks 3
-
Introduction to Brute Force & Dictionary Attacks? 04 minLecture17.1
-
Creating a Wordlist 06 minLecture17.2
-
Guessing Login Password Using a Wordlist Attack With Hydra 13 minLecture17.3
-
-
Discovering Vulnerabilities Automatically Using Owasp ZAP 2
-
Scanning Target Website For Vulnerabilities 04 minLecture18.1
-
Analysing Scan Results 04 minLecture18.2
-
-
Post Exploitation 9
-
Post Exploitation Introduction 04 minLecture19.1
-
Executing System Commands On Hacked Web Servers 07 minLecture19.2
-
Escalating Reverse Shell Access To Weevely Shell 08 minLecture19.3
-
Weevely Basics – Accessing Other Websites, Running Shell Commands …etc 06 minLecture19.4
-
Bypassing Limited Privileges & Executing Shell Commands 05 minLecture19.5
-
Downloading Files From Target Webserver 05 minLecture19.6
-
Uploading Files To Target Webserver 08 minLecture19.7
-
Getting a Reverse Connection From Weevely 08 minLecture19.8
-
Accessing The Database 09 minLecture19.9
-
-
Bonus Section 1
-
Bonus Lecture – What’s Next?Lecture20.1
-
Post Exploitation Introduction
In this lecture we will talk about what you will learn in this section and show you where we will start from.
Resources: