Library

Course: Ethical Hacking - A Hands-On Approach to Ethical Hacking

Ethical Hacking - A Hands-On Approach to Ethical Hacking

  • Life Time Access
  • Certificate on Completion
  • Access on Android and iOS App
  • Self-Paced
About this Course

Course Overview

This course provides learners with a basic level of competency using a hands-on approach to gaining practical experience as a penetration tester or an ethical hacker (white, grey or black).

This course provides a fundamental look at offensive security concepts and techniques using a virtual install of Kali Linux and three different target victims, Windows XP, Server 2008 and Linux (Metesploitable2). This course provides a 100% hands-on on approach to learning to be an ethical hacker or a pentester.

How is the course structured?

The course uses short video tutorials, hands-on labs, virtualization, and open source tools for step-by-step learning of ethical hacking fundamentals; the same tools and open source software are used by professional penetration testers and ethical hackers.

This course provides videos, labs, and links for downloading the free and open source software used throughout this course.

You will able to build a virtual install of Kali Linux and Windows XP for the virtual lab environment. You should complete the first lab of this course before enrolling. Starting with lab 2, we will begin scanning and attacking a Windows XP victim. If the first lab cannot be completed, there is no need to enroll in the course since all labs that follow are dependent on the first lab being completed.

You will learn how intruders escalate privileges and what steps can be taken to stop them, the importance of a strong firewall, the importance of keeping systems and software updated and the use of complex passwords.

You will also learn how to launch DDoS Attacks, Buffer Overflows, keylogging, and password hacking. Completion of the course will help prepare an individual for an entry-level position as a pen-tester or ethical hacker. On completing this course, you will receive a course completion.

If you would like to discuss ethical hacking, watch someone else talk about technology or write a paper, there are plenty of other courses to choose from. To successfully complete this course students must demonstrate the fundamental concepts of offensive hacking. In other words, learners will learn something by doing.

Course Objectives

  • Demonstrate the use of offensive security tools and techniques
  • Proficiency in the use of the CLI (Command Line Interface) of Linux
  • Use Linux as a hacking platform

Who should take this course?

  • Network administrators, cybersecurity students, entry-level penetration testers, anyone who wants to be an ethical hacker, concerned parents, concerned spouses, law enforcement and anyone with a solid background in technology

Who should not take this course?

  • Anyone suffering from technophobia (the fear of learning new technology). Anyone not having a good understanding of the OSI model, or the TCP/IP suite

What are the course requirements, Knowledge level?

  • A good understanding of basic networking concepts, the TCPI/IP stack, how devices communicate, and basic troubleshooting of network connectivity issues
  • How to use a computer, a mouse and a keyboard
  • How to configure a static IP address on a Network adapter
  • How to check for connectivity using PING, IPCONFIG, and IFCONFIG
  • This course will not cover or review the OSI model, discuss IP addressing or any basic networking concepts. Students are expected to have these skills when they enroll

​Hardware

  • PC, laptop or desktop capable of virtualization. (Virtualization enabled BIOS)
  • A minimum of 4 GB of RAM, (8 GB or more of RAM recommended)
  • Administrative access to the host operating system. (You own the machine)
  • LAN or cable connection for Internet access. (Cannot use a wireless connection)
  • High-speed internet access using a reliable Internet connection. (5mb or higher throughput)

Software

  • Any 64-bit Windows operating system. (preferred)
  • A current 64-bit version of Mac or a Linux operating system
  • Installation of VMWare Player (free edition) for Windows and Linux users. (Links provided in the lab)
  • Installation of Virtualbox for MAC. (Links provided in the lab)
  • Installation of 7zip (Links provided in the lab)
  • Copy of Kali ISO or Kali VMWare or Virtualbox image. (Links provided in the lab)
  • Copy of Windows XP SP2 (Links provided in the lab)
  • Copy of Server 2008 SPI 32 bit (Links provided in the lab)
  • Copy of Metesploitable2 (Links provided in the lab)
Basic knowledge
  • Complete Module 01 - Virtual Network Lab Build
  • A laptop or desktop capable of running two simultaneous virtual installs in conjunction with their host operating system
  • Basic networking skills, IP addressing, familiarization with ports and services, configure a network adapter, use PING, IFCONFIG, IPCONFIG
  • Reliable LAN or cable connection for Internet access
  • A host machine running Windows 7, 8.1 or 10 (preferred). MAC and Apple machines will work but a Windows host is preferred
  • A minimum of 4 GB of RAM (8 GB preferred)
  • Basic computer fundamentals
  • Basic operating system fundamentals
What you will learn
  • Use virtualization as it applies to penetration testing
  • Discover, scan and exploit network vulnerabilities
  • Demonstrate the ability to perform an entry level penetration test
Curriculum
Number of Lectures: 39
Total Duration: 07:29:30
Virtual Network Lab Build
  • Start Here!  

    Course Overview.

For VirtualBox Users
  • Video and lab - Creating a Virtual install of Kali using VirtualBox  

    In this first lab, students will create a virtual install of Kali Linux using VMWare Player or VirtualBox depending on their host platform and personal preferences.

  • Video and lab - Creating an Unattended Virtual Install of XP Using Virtualbox  

    Windows XP is our victim or target for the labs. Though some of these labs will work using newer operating systems as targets, Windows XP is still relevant in roughly 75% of all networks making it a viable target.

  • Video - Troubleshooting Connectivity Issues With Virtualization  

    A short video on troubleshooting connectivity issues between Kali and your target machines. Use this video to ensure your Kali and other virtual machines have connectivity between them. In the

For VMWare Users
  • Video and lab - Creating a Virtual install of Kali Using VMWare  

    In this first lab, students will create a virtual install of Kali Linux using VMWare Player or Virtualbox depending on their host platform and personal preferences.

  • Video and Lab - Creating an Unattended Virtual Install of XP Using VMWare  

    Windows XP is our victim or target for the labs. Though some of these labs will work using newer operating systems as targets, Windows XP is still relevant in roughly 75% of all networks making it a viable target.

  • Video- Troubleshooting Connectivity Issues!  

    A short video on troubleshooting connectivity issues between Kali and your target machines. Use this video to ensure your Kali and other virtual machines have connectivity between them.

Anonymity - Remaining Anonymous While Hacking Online
  • Video and Lab – Remaining Anonymous Online using TOR and Proxychains  

    In this lab, you will learn how to stay anonymous while hacking online using TOR and Proxychains. Remaining anonymous while hacking is easy, it just requires some configuration which you will learn in this lab.

  • Video and Lab - Setup a free VPN Using Kali Linux  

    In this lab, students will use a free VPN service to create a secure connection and provide anonymity while accessing the Internet. VPNs are one of the best options for protecting your privacy, encrypting your data, and changing your geolocation. There is no 100% anonymity on the Internet but using the right tools and services can provide at least 60 -80% assurance of privacy. 


    VPNs are great if you want to encrypt your data while using an unsecured network such as a public Wi-Fi or you need to circumvent a restricted or censored network. If you are taking a three-day trip to Russia or China and need to be able to access content that is being blocked, a VPNs that can do this.

  • Video and Lab - Using anonsurf on Kali Linux to Stay Anonymous  

    In this lab, you will learn how to hide your identity on the Internet using anonsurf. Anonsurf is a script made by the ParrotSec team that completely anonymizes you with just one click of a button using TOR proxies. Anonsurf automatically routes ALL your traffic through TOR, including your DNS requests to prevent DNS leaks. 

Gathering Information - Open-source intelligence (OSINT)
  • Video and Lab - Information Gathering Using Maltego  

    In this lab, you will learn to gather passive information from the Internet using Maltego. This lab uses the community edition built into our Kali Linux that is limited to private or non-commercial use and the number of results that can be displayed in a graph. It is capable gathering a significant amount of passive information about a prospective entity in a single sweep of the Internet.

  • Video and Lab - Information Gathering Using Metagoofil  

    In this lab, you will learn to gather passive information from the Internet using Maltego. This lab uses the community edition built into our Kali Linux that is limited to private or non-commercial use and the number of results that can be displayed in a graph. It is capable gathering a significant amount of passive information about a prospective entity in a single sweep of the Internet.

NMap
  • Video and Lab - Introduction to NMap  

    In this first lab, students will use Nmap to investigate their network and identify potential targets. In this lab, students will be introduced to network discovery using Nmap, and becoming familiar the using CLI in Linux.

  • Video and lab - NMap Scripting Engine (NSE)  

    The Nmap scripting engine is one of Nmap's most powerful and, at the same time, most flexible features. It allows users to write their own scripts and share these scripts with other users for the purposes of networking, reconnaissance, etc. These scripts can be used for:

    •  Network discovery
    • More sophisticated and accurate OS version detection
    • Vulnerability detection
    • Backdoor detection
    • Vulnerability exploitation

    In this lab, you will look at the scripts that have been shared and are built into Kali and will examine how to use them to do thorough recon on our target, to increase the possibility of success, and reduce the possibilities of frustration.

  • Video and lab - Scanning for WannaCry Ransomware  

    EternalBlue, sometimes written as ETERNALBLUE, is an exploit believed to have been developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack on May 12, 2017. .

    For this lab students will be using NMap to look for the vulnerability. EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.

Optimizing Kali
  • Video and lab - Install Kali Linux Tools Using Katoolin  

    Katoolin is a script that helps to install Kali Linux tools on your Linux distribution of choice. For those of us who like to use penetration testing tools provided by Kali Linux development team can effectively do that on their preferred Linux distribution by using Katoolin.

  • Video and Lab - Using Stacer to Opimize Kali Linux  

    In this lab, students will learn how to use a GUI application called Stacer to help optimize, monitor and manage their Kali install.

Scanning for Vulnerabilities Using NESSUS
  • Video and Lab - Installing NESSUS Using Docker  

    In this lab, students will learn how to automate the installation of NESSUS using containerization. Students will be introduced to the Docker program which provides a sandbox for the running of applications called containers. Containers are self-contained images that come preconfigured with all the necessary dependencies, software and files to operate without having the call on the operating system. This course has at least three labs that we use containerization for the installation of certain types of software.

  • Video and lab - Scanning for Vulnerabilities Using Nessus  

    In this Lab, students will learn how to discover vulnerabilities on their home or business network (The Windows XP Victim should be up and running as part of your network).  In this Lab, you will use the industry vulnerability scanner, NESSUS. NESSUS is considered the industry standard for vulnerability scanners. There are plenty of commercial grade scanners on the market and they all have their good and bad points but NESSUS is considered the gold standard.

  • Video - Using Your Nessus Scan Results  

    In this video, students learn how to interpret their Nessus scan results.

Scanning for Vulnerabilities Using OpenVAS
  • Video and Lab - Installing OpenVAS Using Docker  
  • Video and Lab - Scanning for Vulverabilites Using OpenVAS  

    In this lab, you will conduct a vulnerability scan of your network using a free open source vulnerability scanner called OpenVAS.

Exploiting Windows XP
  • Video and Lab- Using Metasploit to Launch a DOS Attack Against Windows XP  

    In this lab, you will learn to use the all-in-one pentesting/hacking suite called Metasploit and perform a DOS attack on a windows XP target.

  • Video and Lab - Establishing A VNC Shell Using Meterpreter  

    In this lab, we see how easy Meterpreter can be used to establish a reverse shell with Windows XP using a well-known SMB exploit. We will also see how to detect any countermeasures that may be running on the remote target. We will establish a remote desktop session using a VNC payload and capture keystrokes to include logon passwords using Meterpreter.

  • Video and Lab - Using Meterpreter to backdoor Windows XP  

    In this lab, we see how easy Meterpreter can be used to create a backdoor into a Windows machine using nothing more than built-in system tools. We will also see how easy it is to detect and disable the Windows firewall if it is running on our victim machine. Lastly, we’ll want to remove any traces of our presence from the Windows log files.   

NetCat
  • Lab - Using Netcat to Exploit Server 2008  

    In this lab, students will download an ISO image for Server 2008 and run a well known exploit to take over the machine. Lot's of material in this lab so take it slow and steady.

Exploiting Linux
  • Video and lab - Installing Metasploitable2 Using VirtualBox  

    In this lab, you will learn how to import Metasploitable2 into VirtualBox. Metasploitable2 is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools and practice common penetration testing techniques.

  • Video and lab - Installing Metasploitable2 Using VMWare  

    Metasploitable2 is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools and practice common penetration testing techniques.

Social Engineering
  • Video and Lab - Using the Social Engineering Toolkit (SET)  

    The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. In this lab, students will use the credential harvester to capture a username and password from a fake (cloned) Facebook page.

BASH Scripting for Pentesters
  • Video and Lab - Introduction to BASH Scripting  

    One of the great features of Linux is to writing scripts. Compared to writing Windows batch files, BASH scripting is much more flexible and comes with advanced features you won’t find in a batch script. To understand how the BASH shell works, you must understand the logic of how Linux is built. 


    Simply put, BASH (Bourne-Again Shell) is the default shell we are provided within Linux distributions. It is the command line interpreter (CLI) for GNU (GNU’s Not Unix) operating system. When we open a terminal session in Kali or Ubuntu, we are using the BASH shell. Though GNU operating system provides different shells, BASH is the default out of the box shell for Linux.  

  • Video and Lab - Creating a BASH Script for Scanning Vulnerable Ports  

    In this second BASH scripting lab, students will see how one hacker using Nmap and simple BASH script caused $86 million dollars of havoc for the credit card companies.  

Password Cracking
  • Video and Lab – Password Cracking Using Medusa  

    In this lab, students will use a well know password cracking utility, Medusa, to brute-force their way onto a target running VNC on port 5900 using the Medusa VNC module. Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.

  • Video and Lab - Passwords Cracking Using Mimikatz  

    In this lab, the student will learn how to crack cleartext password from a Windows client using Mimikatz. Mimikatz has become an extremely effective attack tool against Windows clients, allowing bad actors to retrieve cleartext passwords, as well as password hashes from memory. This lab will provide an overview of Mimikatz’s capabilities and payload vectors.

Web Based Application Attacks
  • Video and Lab - Installing w3af in Kali Linux Using Docker  

    w3af no longer comes pre-installed with Kali Linux. In this short lab, you will learn how to properly install w3af onto a Kali Linux virtual machine using a Docker container.

  • Video and Lab – Conducting A Website Vulnerability Scan Using w3af  

    In this lab, students will conduct a website vulnerability scan using the command line version of Web Application Attack and Audit Framework (w3af).

  • Video and Lab – Performing a Browser Based Attack  

    In the lab, students will perform a manual SQL injection attack on a vulnerable web-based application inside of Metsploitable2 called Mutillidae. In the second part of the lab, students will perform a Local File Inclusion and Directory Traversal attack.

  • Video and lab - SQL Injection Attack Using SQLmap  

    SQLmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Browser Exploitation Framework (BeEF)
  • Video and Lab - Configure Kali for Exploitating the WAN  

    In this video, students will learn how to configure Kali running Apache Web Service for exploiting remote targets across the WAN.

  • Video and lab - The Browser Exploitation Framework (BeEF)  

    In the lab, you will learn how to exploit a remote browser using the Browser Exploitation Framework.

Reviews (0)