Learn Ethical Hacking From Scratch
Tags: Ethical Hacking
Become an ethical hacker that can hack computer systems like black hat hackers and secure them like security experts.
Last updated 2022-01-10 | 4.6
- 135+ ethical hacking & security videos.- Start from 0 up to a high-intermediate level.
- Learn ethical hacking
- its fields & the different types of hackers.
What you'll learn
* Requirements
* Basic IT Skills* No Linux
* programming or hacking knowledge required.
* Computer with a minimum of 4GB ram/memory.
* Operating System: Windows / OS X / Linux.
* For WiFi cracking (10 lectures ONLY) - Wireless adapter that supports monitor mode (more info provided in the course).
Description
- 135+ ethical hacking & security videos.
- Start from 0 up to a high-intermediate level.
- Learn ethical hacking, its fields & the different types of hackers.
- Install a hacking lab & needed software (on Windows, OS X and Linux).
- Hack & secure both WiFi & wired networks.
- Understand how websites work, how to discover & exploit web application vulnerabilities to hack websites.
- Use 30+ hacking tools such as Metasploit, Aircrack-ng, SQLmap.....etc.
- Discover vulnerabilities & exploit them to hack into servers.
- Hack secure systems using client-side & social engineering.
- Secure systems from all the attacks shown.
- Install & use Kali Linux - a penetration testing operating system.
- Learn linux basics.
- Learn linux commands & how to interact with the terminal.
- Learn Network Hacking / Penetration Testing.
- Network basics & how devices interact inside a network.
- Run attacks on networks without knowing its key.
- Control Wi-Fi connections without knowing the password.
- Create a fake Wi-Fi network with internet connection & spy on clients.
- Gather detailed information about networks & connected clients like their OS, ports ...etc.
- Crack WEP/WPA/WPA2 encryptions using a number of methods.
- ARP Spoofing / ARP Poisoning.
- Launch various Man In The Middle attacks.
- Access any account accessed by any client on the network.
- Sniff network traffic & analyse it to extract important info such as: passwords, cookies, urls, videos, images ..etc.
- Intercept network traffic & modify it on the fly.
- Discover devices connected to the same network.
- Inject Javascript in pages loaded by clients connected to the same network.
- Redirect DNS requests to any destination (DNS spoofing).
- Secure networks from the discussed attacks.
- Edit router settings for maximum security.
- Discover suspicious activities in networks.
- Encrypt traffic to prevent MITM attacks.
- Discover open ports, installed services and vulnerabilities on computer systems.
- Hack servers using server side attacks.
- Exploit buffer over flows & code execution vulnerabilities to gain control over systems.
- Hack systems using client side attacks.
- Hack systems using fake updates.
- Hack systems by backdooring downloads on the fly.
- Create undetectable backdoors.
- Backdoor normal programs.
- Backdoor any file type such as pictures, pdf's ...etc.
- Gather information about people, such as emails, social media accounts, emails and friends.
- Hack secure systems using social engineering.
- Send emails from ANY email account without knowing the password for that account.
- Analyse malware.
- Manually detect undetectable malware.
- Read, write download, upload and execute files on compromised systems.
- Capture keystrokes on a compromised system.
- Use a compromised computer as a pivot to hack other systems.
- Understand how websites & web applications work.
- Understand how browsers communicate with websites.
- Gather sensitive information about websites.
- Discover servers, technologies & services used on target website.
- Discover emails & sensitive data associated with a specific website.
- Discover subdomains associated with a website.
- Discover unpublished directories & files associated with a target website.
- Discover websites hosted on the same server as the target website.
- Exploit file upload vulnerabilities to gain control over target website.
- Discover, exploit and fix code execution vulnerabilities.
- Discover, exploit & fix local file inclusion vulnerabilities.
- Discover, exploit & fix SQL injection vulnerabilities.
- Bypass login forms and login as admin using SQL injections.
- Exploit SQL injections to find databases, tables & sensitive data such as usernames, passwords...etc
- Read / Write files to the server using SQL injections.
- Learn the right way to write SQL queries to prevent SQL injections.
- Discover reflected XSS vulnerabilities.
- Discover Stored XSS vulnerabilities.
- Hook victims to BeEF using XSS vulnerabilities.
- Fix XSS vulnerabilities & protect yourself from them as a user.
- Discover MITM & ARP Spoofing attacks.
Course content
25 sections • 145 lectures
Teaser - Hacking a Windows 10 Computer & Accessing Webcam Preview 06:33
This is a teaser lecture, in it I show you an example of the things you'll be able to do at the end of the course, in this lecture I show you how to hack into a Windows 10 machine and turn on its web cam without asking the user to do anything.
As this is a teaser, I won't be going into details about how this is achieved, but don't worry about that as I will break this down to you through out the course and you will understand exactly how to do it.
This is just one example, by the end of the course you'll learn much more attacks and you'll be able to target all operating systems.
Course Introduction & Overview Preview 02:53
Welcome to the course, this lecture will give you a full outline of the structure of the course, and will give you an over view of what you will learn in each section.
What Is Hacking & Why Learn It ? Preview 03:09
In this lecture you will learn what is meant by a hacker and what is the difference between white hat, grey hat and a black hat hacker. We will talk about why do we teach/learn hacking, benefits of it and job opportunities.
Lab Overview Preview 05:54
In this course, we will be using a number of operating systems, Kali for hacking and 2 others as target machines, in this section you will learn how to install all of these machines as virtual machines inside your current operating system, this allows us to use all of the machines at the same time, it also completely isolates these machines from your main machine therefore your main machine will not be affected if anything goes wrong.
Everything shown here will work on Windows, Linux and OS X.
Initial Preparation Preview 08:55
This lecture will introduce you to the hacking operating system that we will be using throughout the course; Kali Linux. You will learn what it is, how to download it, and how to enable virtualisation on your system to run it as a virtual machine.
Installing Kali Linux as a VM on Windows Preview 08:55
This lecture will teach you how to install Kali Linux as a virtual machine in VMware Workstation Player on Windows.
VMware is the software that we will use to install different operating systems inside our current operating system as virtual machines. This will be very useful as you can use it to test and practice what you learn in this course.
Installing Kali Linux as a VM on Apple Mac OS Preview 09:38
This lecture will teach you how to install Kali Linux as a virtual machine in VMware Fusion on Mac OS.
VMware is the software that we will use to install different operating systems inside our current operating system as virtual machines. This will be very useful as you can use it to test and practice what you learn in this course.
Installing Kali Linux as a VM on M1 Apple Computers Preview 09:08
This lecture will teach you how to install Kali Linux as a virtual machine using Parallels Desktop on Apple computers that use the M1 chip. Parallels Desktop is the software that we will use to install different operating systems inside our current operating system as virtual machines. This will be very useful as you can use it to test and practice what you learn in this course.
Installing Kali Linux as a VM on Linux Preview 10:46
This lecture will teach you how to install Kali Linux as a virtual machine in VMware Workstation Player on Linux.
VMware is the software that we will use to install different operating systems inside our current operating system as virtual machines. This will be very useful as you can use it to test and practice what you learn in this course.
Basic Overview of Kali Linux Preview 05:10
In this lecture we will have a basic look on Kali linux just to get you comfortable with using it.
You will learn how to use its main applications, browse files, connect to the internet ....etc.
The Terminal & Linux Commands Preview 13:06
In this lecture you will learn how to interact with the linux terminal and run linux commands.
Introduction to Network Penetration Testing / Hacking Preview 02:21
This is an introduction lecture for the network penetration testing section, it will give you an overview of the structure of this section and what you will learn in it
Networks Basics Preview 04:28
Before jumping to network hacking you need to know some basics about networks, in this lecture you will learn how networks work and how devices communicate with each other.
Connecting a Wireless Adapter To Kali Preview 06:51
This video will teach you how to connect a USB device to Kali, as an example I will be connecting a wireless adapter to it so I can interact with wireless networks and try to hack them form Kali.
What is MAC Address & How To Change It Preview 08:20
MAC address (Media Access Control) - is a unique identifier assigned to network interfaces.
In this lecture you'll learn what is is, how its used, and how to change it using Kali Linux.
Wireless Modes (Managed & Monitor) Preview 06:57
This lecture will clarify why is it possible to capture any packet around us even if it's not directed to our device, you will learn about two wireless modes: monitor and managed mode, you shall learn what is the difference between them, when do we use each of them and how to correctly enable monitor mode on your wireless card.
Packet Sniffing Basics Preview 06:40
This is the first lecture in the "pre connection section", in this lecture you will learn how to use airodump-ng to see all the access points (WiFi Networks) and associated clients that are within your wireless range and gather information about them.
WiFi Bands - 2.4Ghz & 5Ghz Frequencies Preview 07:54
In this lecture you will learn what are the 2 bands used on WiFi networks and how to use airodump-ng to capture data sent over these bands
Targeted Packet Sniffing Preview 10:30
In this lecture , we shall learn how to launch airodump-ng on a specific AP , and store all packets in a capture file.
Deauthentication Attack (Disconnecting Any Device From The Network) Preview 08:09
Deauthentication attacks allow us to disconnect (disassociate) any client that is connected to any network that is within our wifi range even if the network uses encryption (such as WEP/WPA/WPA2) and even if we do not know the encryption key (the WiFi password).
Gaining Access Introduction Preview 01:09
In this section we shall learn how to break WEP/WPA/WPA2 encryption and determine the network key.
Theory Behind Cracking WEP Encryption Preview 05:47
This lecture explains the weaknesses in WEP encryption and how we can use these weaknesses to break it and hack Wi-Fi networks that use it.
WEP Cracking Basics Preview 06:17
In this video we shall learn the basics of cracking WEP encryption and you'll learn how to hack an active Wi-Fi network that uses WEP.
Fake Authentication Attack Preview 06:45
In this lecture we shall learn the theory behind cracking WEP encrypted APs with no or idle clients.
To do this we will inject packets in the traffic, but before we can do that we need to authenticate our wifi card with the target AP so that it does not ignore our requests as AP's only accept packets from associated devices, therefore we shall learn how to fake authenticate our wifi card with the target AP so that it starts accepting packets from us.
ARP Request Replay Attack Preview 06:09
This method can be used to crack idle or clientless AP's .
In this method , after successfully associating with the target AP , we will wait for an ARP packet , we will then capture this packet and inject it into the traffic , this will force the AP to generate a new ARP packet with a new IV , we capture this new packet and inject into the traffic again , this process is repeated until the number of IV's captured is sufficient enough to crack the key.
Introduction to WPA and WPA2 Cracking Preview 03:42
This is an introduction to WPA/WPA2 cracking , we shall learn the main difference between WPA2 and WEP and why WPA2 is more difficult to crack.
Hacking WPA & WPA2 Without a Wordlist Preview 10:11
In this lecture we shall learn how to exploit the WPS feature to crack WPA and WPA2 encrypted AP's without a wordlist attack and without the need to any connected clients.
Capturing The Handshake Preview 06:49
In this lecture we shall learn how to capture the handshake from the target AP.
Creating a Wordlist Preview 07:33
To crack WPA/WPA2 we need to use a wordlist, you can download ready wordlists from the internet or create your own as shown in this lecture.
Cracking WPA & WPA2 Using a Wordlist Attack Preview 06:26
In this lecture we will use the wordlist created in the previous lecture to crack the WPA2 key using aircrack-ng.
Securing Your Network From Hackers Preview 02:03
In this lecture you will learn how to secure your network and protect it from the above attacks.
Configuring Wireless Settings for Maximum Security Preview 08:05
In this lecture you will learn how to access your router's admin panel and configure it correctly to protect it from the above attacks and make it nearly impossible to hack.
Introduction to Post-Connection Attacks Preview 02:10
This is an introduction to the post-connection attacks section, it will give you an outline of what we shall learn in this section and go over some important notes.
Installing Windows As a Virtual Machine Preview 06:09
In this lecture you will learn how to set up a virtual Windows machine to try and hack into it to practice penetration testing.
Discovering Devices Connected to the Same Network Preview 08:04
Information gathering is one of the most important steps in penetration testing. In this lecture we will learn how to use netdiscover to discover devices connected to the same network as us, we will be able to find their IP and MAC address.
Gathering Sensitive Info About Connected Devices (Device Name, Ports....etc) Preview 06:45
In this lecture we shall learn how to use zenmap (the GUI for nmap) to discover all connected devices and gather detailed information about these devices, such as their operating system, open ports and even services using these ports.
Gathering More Sensitive Info (Running Services, Operating System....etc) Preview 08:08
In this lecture you'll learn how to use Zenmap to gather even more information such as exact programs running on each open port, the operating system and more!
What is ARP Poisoning ? Preview 09:04
In this video we shall learn about one of the most dangerous and effective attacks that you can launch on a network; (ARP Spoofing) , we shall learn the theory behind ARP poisoning, how does it work and how it can be used to redirect the flow of packets and place us in the middle of the connection.
Intercepting Network Traffic Preview 06:30
In this lecture we will learn how to use arpspoof to do a basic ARP poisoning attack and redirect the flow of packets in the network.
Bettercap Basics Preview 07:43
This video shows you how to properly install bettercap on Kali Linux, and gives you a basic overview on how to start it and interact with it.
ARP Spoofing Using Bettercap Preview 08:17
In this lecture you will learn how to configure and use modules in bettercap.
As an example you'll learn how to ARP poison a target client using the arp spoof module.
Spying on Network Devices (Capturing Passwords, Visited Websites...etc) Preview 05:11
In this lecture you'll learn how to configure and use the sniff module in bettercap to spy on devices connected to the same network, so you'll learn how to see all urls they load, images, usernames, passwords and more!
Creating Custom Spoofing Script Preview 09:42
In this lecture you'll learn how to create your own MITM scripts, also known as bettercap caplets, in this example you'll learn how to create a caplet to automatically spoof clients on your network to place you in the middle of the connection and start a sniffer to spy on these clients and see all the data they send/receive including usernames and passwords.
Bypassing HTTPS Preview 11:12
In this lecture you'll learn how to use the caplet you configured in the previous lecture to bypass HTTPS, this'll allow you to capture passwords entered on HTTPS enabled web pages such as Linkedin and Stackoverflow.
Bypassing HSTS Preview 10:09
Really big websites such as Facebook and Twitter use Strict Transport Security (HSTS), modern browsers come with a list of websites that use HSTS and therefore when we use the method shown in previous lectures the browser will either refuse to load HSTS websites OR load them over HTTPS.
In this lecture you'll learn how to use a custom version of the hstshijack caplet to partially bypass HSTS, this will allow you to capture data sent to and from websites that use HSTS such as Facebook.
DNS Spoofing - Controlling DNS Requests on The Network Preview 10:51
In this lecture we shall learn how to control DNS requests, this allows us to redirect requests to any other location, this can be very useful as it can be used to redirect computers to fake websites, fake updates, fake logins ...etc.
Injecting Javascript Code Preview 10:26
In this lecture you will learn how to inject Javascript code into the target browser, this is vey dangerous as it allows us to run a large number of attacks using javascript codes (more on this later), in this lecture we'll focus on injecting a simple javascript code.
Doing All of The Above Using a Graphical Interface Preview 10:29
This video teaches you how to run all of the attacks shown above using a graphical user interface that is easy and intuitive to use.
Wireshark - Basic Overview & How To Use It With MITM Attacks Preview 08:24
Wireshark is a network protocol analyser, in this lecture we will have a basic overview on it, you will learn why is it useful and how to use it with MITM attacks or use it to analyse a capture file that contains data that you already sniffed.
Wireshark - Sniffing & Analysing Data Preview 05:30
I this lecture you will learn how to use Wireshark to sniff & analyse data (traffic) sent/received by any client in your network.
Wireshark - Using Filters, Tracing & Dissecting Packets Preview 06:28
In this lecture we will continue using Wireshark, you will learn how to analyse the captured data, trace packets and read details of each.
Wireshark - Capturing Passwords & Anything Sent By Any Device In The Network Preview 07:48
In this lecture you'll learn how to filter sniffed data and extract useful information such as usernames and passwords.
Creating a Fake Access Point (Honeypot) - Theory Preview 07:29
Fake access points can be handy in many scenarios , one example is creating an open AP , this will attract a lot of clients , many of which will automatically connect to it. Then we can sniff all the traffic created by the clients that connect to it , and since its open , the traffic will not be encrypted !
This lecture will explain the theory behind creating a fake AP and what do we need to make it work.
Creating a Fake Access Point (Honeypot) - Practical Preview 09:34
In this lecture you will learn how to create a fake AP using a tool called Mana-Toolkit.
Detecting ARP Poisoning Attacks Preview 05:05
In this lecture we shall learn two methods to detect ARP poisoning attacks.
Detecting suspicious Activities In The Network Preview 05:41
In this lecture we shall learn how to use Wireshark to detect ARP Poisoning attacks and other suspicious activities in the network, we will also learn how to protect devices from ARP Poisoning attacks.
Preventing MITM Attacks - Method 1 Preview 08:39
This video teaches you an easy and free method to protect yourself from the MITM attacks shown earlier.
Preventing MITM Attacks - Method 2 Preview 10:53
This video goes one step further and shows you how to take your security to the next level by teaching you how to encrypt all the data that you send and receive to fully protect yourself from MITM attacks.
Gaining Access Introduction Preview 04:14
This is an introduction to the gaining access section in which you'll learn a number of methods to gain access to any computer device regardless of its type.
Installing Metasploitable As a Virtual Machine Preview 04:33
In this lecture you will learn how to install a vulnerable operating system (Metasploitable) as a virtual machine so we can use it to practice penetration testing in future lectures.
Introduction to Server-Side Attacks Preview 03:18
Server side attacks allow you to gain access to a target computer without user interaction, in this section you will learn a number of methods to launch server side attacks and gain full control over your target without user interaction.
Basic Information Gathering & Exploitation Preview 09:28
In this lecture we will have a look on a basic example of hacking a target computer, we will use Zenmap to gather information and discover the vulnerability, then you'll learn how to research and exploit a mis-configured service to hack the target.
Hacking a Remote Server Using a Basic Metasploit Exploit Preview 07:32
Metasploit is a huge penetration testing framework, in this lecture you will learn how to use it to exploit a vulnerable target and gain full control over it.
Exploiting a Code Execution Vulnerability to Hack into a Remote Server Preview 10:03
In this lecture we will use a more complex vulnerability to gain full access to a vulnerable device using Metasploit.
Nexpose - Installing Nexpose Preview 09:22
Nexpose is a vulnerability management framework, it allows us to discover, assess and act on discovered vulnerabilities, it also tells us a lot of info about the discovered vulnerabilities, weather they are exploitable and helps us write a report at the end of the assessment.
Nexpose - Scanning a Target Server For Vulnerabilities Preview 05:45
This lecture will teach you how to launch a scan using Nexpose, you will learn how to setup your target(s) and configure scan to suit your goals.
Nexpose - Analysing Scan Results & Generating Reports Preview 07:56
In this lecture we will analyse the scan results obtained from the previous video and see how to generate various types of reports.
Server-Side Attacks Conclusion Preview 03:47
In this lecture we'll formalise everything we done so far and go over the general server-side attacks methodology.
Introduction to Client-Side Attacks Preview 02:19
This section will teach you a number of methods to gain control over target computer using client side attacks.
Client side attacks require user interaction, this means the target user has to do something for our attack to work, for example install an update or download a file.
Installing Veil Framework Preview 03:56
In this lecture you will learn how to download and install Veil Framework.
Veil Overview & Payloads Basics Preview 07:20
This lecture will give you an overview on Veil Framework and its basic commands.
You will also learn what is a payload and the different types of payloads that can be generated with Veil.
Generating An Undetectable Backdoor Preview 10:19
In this lecture you will learn how to create a backdoor that is not detectable by antivirus programs, this is very important in client side attacks as we will be using this backdoor in future videos to try and gain control over the target system.
Listening For Incoming Connections Preview 07:18
In this lecture you will learn how to listen for connections coming from the backdoor we generated in the previous lecture.
Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10 Preview 07:12
Finally we will test the backdoor that we generated on a Windows machine and make sure that it works as expected.
Hacking Windows 10 Using Fake Update Preview 11:48
This lecture will teach you how to gain full access over a target computer by serving it a fake update for an existing program, once the target user installs the update you will gain full access to their computer.
Note: you need to be the man in the middle for this method to work.
Backdooring Downloads on The Fly to Hack Windows 10 Preview 11:00
In this lecture you will learn how to backdoor executables downloaded by any computer in your network on the fly, so when the target user runs the downloaded program, the program that they expect will run, but at the same time our backdoor will run in the background.
Note: you need to be the man in the middle for this method to work.
How to Protect Yourself From The Discussed Delivery Methods Preview 03:52
This lecture will teach you how to protect yourself from the backdoor delivery methods explained in the previous videos.
Introduction to Social Engineering Preview 02:43
This lecture will give an overview of what social engineering is, and what will you be learning in the next few lectures.
Maltego Basics Preview 06:51
Maltego is a great information gathering tool that we will use during this course, this lecture will give you an overview of this tool and its basic usage.
Discovering Websites, Links & Social Accounts Associated With Target Preview 07:32
In this lecture you will learn how to gather even more information about our target person, you will learn how to discover potential friends (emails and social network accounts) of people associated with the target person.
Discovering Twitter Friends & Associated Accounts Preview 04:57
In this lecture you will learn how to gather even more information about our target person, you will learn how to discover potential friends (emails and social network accounts) of people associated with the target person.
Discovering Emails Of The Target's Friends Preview 03:48
Finally you will learn how to discover emails of the target's friends, these can be very useful later on as we can pretend to be one of these friends and social engineer the target into doing something that would allow us to hack into their system.
Analysing The Gathered Info & Building An Attack Strategy Preview 08:41
In this lecture we will zoom out and look at the information that we gathered about the target person (Zaid Sabih), we will analyse this info and come up with a number of attack strategies.
Backdooring Any File Type (images, pdf's ...etc) Preview 04:41
This lecture will teach you how to step your social engineering game up by teaching you how to backdoor any file, this means that we can send our backdoor as an image, a pdf or a media file, once executed the target person will see the expected file, ie: an image or a pdf, but at the same time our backdoor will run in the background giving us full control over the target system.
This part will show you how to configure the download and execute payload.
Compiling & Changing Trojan's Icon Preview 06:16
This lecture will teach you how to step your social engineering game up by teaching you how to backdoor any file, this means that we can send our backdoor as an image, a pdf or a media file, once executed the target person will see the expected file, ie: an image or a pdf, but at the same time our backdoor will run in the background giving us full control over the target system.
This part will show you how to compile the file that we created in the previous lecture to exe and change its icon.
Spoofing .exe Extension To Any Extension (jpg, pdf ...etc) Preview 08:29
This is the last step into making the perfect backdoor, this lecture will teach you how to spoof the file extension so that it looks like backdoor.jpg or backdoor.pdf instead of the suspicious exe extension.
Spoofing Emails - Setting Up an SMTP Server Preview 06:51
Spoofing emails is one of the best methods to communicate with your target , in this lecture you'll learn how to set up your own mail server so that you can send emails to your target and make them appear as if they're sent from any email you want.
Email Spoofing - Sending Emails as Any Email Account Preview 12:02
In this lecture you'll learn how to communicate with the mail server you set up in the previous lecture and send emails to your target and make them appear as if they're sent from any email you want.
Email Spoofing - Method 2 Preview 10:28
This lecture shows another method to spoof emails so they appear like they're sent from any email address.
BeEF Overview & Basic Hook Method Preview 10:50
BeEF is a browser exploitation framework that allows us to run a large number of commands on hooked browser.
In this lecture we will have an overview of the interface, how to start the framework and how to create a hook page and hook targets to it.
BeEF - Hooking Targets Using Bettercap Preview 06:30
In this lecture you will learn a more advanced method of hooking your target to BeEF, you will learn how to hook targets using MITMf using the --inject plugin, this will not require any user interaction and therefore its more reliable.
BeEF - Running Basic Commands On Target Preview 04:24
In this lecture you learn how to run some basic commands on the target machine using beef, so you'll learn how to run any Javascript code, get a screenshot of the page they're browsing and redirect them to any page you want.
BeEF - Stealing Passwords Using A Fake Login Prompt Preview 02:17
In this video you will learn how to use beef to display a fake login dialog to the target user and steal the password they enter, dialogs can be made for facebook, youtube, microsoft or you can even create your own using the custom option.
BeEF - Hacking Windows 10 Using a Fake Update Prompt Preview 03:39
In this video we will use BeEF to create a fake notification bar telling the user that there is a new update, the update is actually a backdoor, so once they install that update we will gain full control over the target machine.
Detecting Trojans Manually Preview 05:32
This lecture will show you how to analyse files and connections to detect the trojans we created in previous videos even though they are not detectable by anti-virus programs.
Detecting Trojans Using a Sandbox Preview 03:16
This lecture will show you how to use a sandbox to detect the trojans we created in previous videos even f they are not detectable by anti-virus programs.
Overview of the Setup Preview 07:10
This lecture will give you an overview of the default setup of networks, how connections are handled and the theory behind what needs to be done to receive connections from outside the network.
Ex1 - Generating a Backdoor That Works Outside The Network Preview 05:24
In this video we will have an example on how to generate a backdoor that would work outside the network, and how to listen for incoming connections.
Configuring The Router To Forward Connections To Kali Preview 06:59
This lecture will teach you how to configure the router to forward incoming connections to the Kali machine in order to interact with the reverse shell we created in the previous lecture.
Ex2 - Using BeEF Outside The Network Preview 05:49
This lecture will give another example on receiving connections from devices outside the network, in this example we'll use BeEF and hook a target that exists on a completely different network.
Introduction to Post Exploitation Preview 02:02
This section will show you what you can do once you gain access to the target system.
You will learn how to access the file system, upload/download/run files, main your access, capture key strikes, open the web cam and even hack into other computers connected to the same network as the hacked machine.
Meterpreter Basics Preview 06:22
This lecture will teach you the basics of Metasploit's Meterpreter payload, you will learn how to background and interact with your meterpreter session, find information about the hacked machine and the network(s) its connected to, and how to migrate to a safe process for more reliability.
File System Commands Preview 05:09
This lecture will teach you how to interact with the target file system, you will learn how to download, upload, read and execute files on the target system.
Maintaining Access - Basic Methods Preview 05:07
In this lecture you will learn two basic methods that allow you to maintain your access to the target system even after restarting or patching the vulnerability used to exploit the system.
Maintaining Access - Using a Reliable & Undetectable Method Preview 06:53
In this lecture you will learn a more advanced method to maintain your access to the target system even after restarting or patching the vulnerability used to exploit the system.
Spying - Capturing Key Strikes & Taking Screen Shots Preview 02:39
In this video you will learn how to launch a keylogger on the target system and record all key strikes, you will also learn how to take a screen shot of the target system.
Pivoting - Theory (What is Pivoting?) Preview 06:08
This lecture will explain the concept of pivoting and show you how to configure your lab so that we can use practice pivoting in it.
Pivoting allows us to use the device that we just hacked as pivot, from it we cab try to hack into other devices that we don't have access to in out Kali machine.
Pivoting - Using a Hacked System to Hack Into Other Systems Preview 07:46
In this lecture we will use Autoroute to set up a route between our device and the exploited device so that we can use the exploited device as a pivot and further exploit the system its connected to.
We will use the hacked Windows machine to gain access to the Metasploitable machine.
Introduction - What Is A Website ? Preview 04:16
Before diving into website hacking you need to now some basics about websites, this lecture will explain to you what is a website, what it contains, technologies used in it and how all of these components interact with each other.
How To Hack a Website? Preview 03:51
In this lecture you will learn the main components that can be exploited to hack a website.
Gathering Basic Information Using Whois Lookup Preview 05:36
In this lecture you will learn how to gather information about the website/ domain name owner, server IP address, hosting company and more.
Discovering Technologies Used On The Website Preview 06:03
In this lecture we will use Netcraft to discover the technologies used on the target website, such as the web server used, installed web applications and more!
Gathering Comprehensive DNS Information Preview 10:23
This lecture will show you how to gather detailed DNS information about the target website such as its DNS records, resources it shares with other websites and more!
Discovering Websites On The Same Server Preview 03:43
This lecture will show you how to discover websites on the same server as your target website, this is very useful as these websites can be used to gain access to your target website.
Discovering Subdomains Preview 04:08
In this lecture we will use a tool called knock to discover subdomains on the target website, this is useful as these subdomains could contain beta web applications, private web applications or login pages, all of which should be tested for vulnerabilities that you will learn in the next sections.
Discovering Sensitive Files Preview 07:25
In this lecture you will learn how to use a tool called dirb to discover files on the target website, this can be helpful as it might reveal files that contain sensitive data such as passwords.
Analysing Discovered Files Preview 04:17
In this lecture we will analyse the files we discovered in the previous lecture and see the information they contain.
Discovering & Exploiting File Upload Vulnerabilities To Hack Websites Preview 06:43
File upload vulnerabilities allow you to upload executable file types such as php, in this lecture you will learn how to discover and exploit file upload vulnerabilities to hack into a target website.
Discovering & Exploiting Code Execution Vulnerabilities To Hack Websites Preview 07:25
Code execution vulnerabilities allow you to execute operating system commands on the target server, this lecture will teach you how to discover and exploit code execution vulnerabilities to get a reverse shell and gain full control over the target server.
Discovering & Exploiting Local File Inclusion Vulnerabilities Preview 05:16
Local file inclusion vulnerabilities allow you to read any file on the target system, this can be dangerous as it can be used to read sensitive files.
In this lecture you will learn how to discover and exploit local file inclusion vulnerabilities to read any file on the target server.
Remote File Inclusion Vulnerabilities - Configuring PHP Settings Preview 03:45
This lecture will teach you how to configure php setting to allow remote file inclusion, so we can practice a remote file inclusion vulnerability in the next lecture.
Remote File Inclusion Vulnerabilities - Discovery & Exploitation Preview 05:44
Remote file inclusion vulnerabilities allow you to include and execute any remote file on the target web server, this lecture will teach you how to discover and exploit remote file inclusion vulnerabilities to get a reverse shell and gain full control over the target server.
Preventing The Above Vulnerabilities Preview 07:19
This lecture will teach you how to avoid and prevent the above vulnerabilities.
What is SQL? Preview 05:48
This lecture will explain what is SQL is and what is it used for, this is important to understand before we dive into sql injection vulnerabilities.
Dangers of SQL Injection Vulnerabilities Preview 02:53
SQL injection vulnerabilities allow us to communicate with the database and execute SQL queries on the target web server.
This lecture highlights why SQL injections are considered one of the most dangerous vulnerabilities.
Discovering SQL injections In POST Preview 07:56
This video will teach you how to discover SQL injections in poset requests, in this example we will be injecting code in a normal text box.
Bypassing Logins Using SQL injection Preview 04:48
This lecture will teach you how to bypass login forms if the inputs are injectable, this will allow us to login as any user without a password.
Discovering SQL injections in GET Preview 07:02
In this lecture we will learn how to discover SQL injections in GET requests, ie: in URL parameters.
Reading Database Information Preview 05:26
This video will teach you how to build a basic SELECT statement to find the database user, database name and version.
Discovering Database Tables Preview 03:33
In this lecture we will use our SELECT statement to discover the tables on the current database.
Extracting Sensitive Data From The Database (Such As Passwords, User info...etc) Preview 04:29
Now we will use all the discovered information to find the usernames and passwords of all the users on the website.
Reading & Writing Files On The Server Using SQL Injection Vulnerability Preview 05:57
This lecture will teach you how to use SQLi to read or write files to the server.
Discovering SQL Injections & Extracting Data Using SQLmap Preview 06:47
In this video we will have a look on a tool called SQLmap and learn how to use it to do all of the attacks that we did before and much more!
The Right Way To Prevent SQL Injection Vulnerabilities Preview 04:58
This lecture will teach you how to avoid SQL injections.
Introduction to Cross Site Scripting? Preview 03:09
Cross Site Scripting or XSS vulnerabilities allows us to inject client side code (usually javascript code) in the web page.
In this lecture you will learn what is XSS and its types.
Discovering Reflected XSS Preview 03:46
Reflected XSS vulnerabilities are None persistent XSS vulnerabilities.
This lecture will teach you what reflected XSS vulnerabilities are and how to discover them in web applications.
Discovering Stored XSS Preview 02:56
Stored XSS vulnerabilities are Persistent XSS vulnerabilities.
This lecture will teach you how these vulnerabilities work and how to discover them.
Exploiting XSS - Hooking Vulnerable Page Visitors To BeEF Preview 05:31
In this lecture you will learn how to exploit XSS vulnerabilities to hook page visitors to BeEF, once targets are hooked you can run all the attacks you learned in the client side attacks section, such as injecting a keylogger or gaining full control over the target machine...etc
Preventing XSS Vulnerabilities Preview 05:13
This lecture will show you how to avoid and protect yourself agains XSS vulnerabilities as a web admin and as a user.
Automatically Scanning Target Website For Vulnerabilities Preview 04:19
In this lecture you will learn how to use a tool called owasp zap to automatically discover all of the vulnerabilities we learned so far and much more.
You will learn how to configure and start a scan against your target website.
Analysing Scan Results Preview 04:11
In this lecture we will analyse the scan results obtained from the previous lecture.
Website Hacking / Penetration Testing Conclusion Preview 05:20
In this lecture we'll revise everything we learned and zoom out to summarise the main steps that you need to take to test the security of web applications.
Writing a Pentest Report Preview 13:48
At the end of a pentest you have to write a report to detail you findings, such reports are known as pentest reports.
This video will introduce you to pentest reports, you'll learn what to include in a report, what they look like and how to write your own pentest report to detail your findings.
4 Ways to Secure Websites & Apps Preview 09:23
This video explains the best four methods to secure websites or applications in general. It will also breakdown the benefits and disadvantages of each approach and the difference between penetration testing (pentesting) and bug bounty programs.
Bonus Lecture - Discounts Preview 02:52
This course includes:
- 15.5 hours on-demand video
- Access on mobile and TV
- Certificate of completion
Related Courses
Recent Posts
5 careers you can pursue with a communications degree
Graduates holding a communications degree come out of their studies and land onto a variety of jobs. From multiple fields and options to choose from, ...Read more
Practical Experiences To Help You Learn Guitar Faster Than Anyone
The guitar is a popular musical instrument with everyone. We can see images of guitarists playing on big stages, small coffee shops, on sidewalks, etc. ...Read more
Develop and create a Wikipedia page which gets quick approval
When you search for something, the first page that appears on the top is Wikipedia. It is an online encyclopedia where people add their pages, ...Read more
Getting a part-time job as an undergraduate
Are you an undergraduate but in dire need of a job? Well, you’re not alone in this. Hundreds of students are out there searching for ...Read more
5 Effective Online Writing Courses For Beginners In 2022
Writing is now one of the most popular skills in the world today. However, the outbreak of the Covid epidemic has made it difficult to ...Read more
