Complete Penetration Testing and Ethical hacking Bootcamp
4.2 (304 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
2,555 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Complete Penetration Testing and Ethical hacking Bootcamp to your Wishlist.

Add to Wishlist

Complete Penetration Testing and Ethical hacking Bootcamp

Get started from scratch and become job ready penetration Tester. Be an Ethical Hacker and Hunt as a Bug Bounty Hunters
4.2 (304 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
2,555 students enrolled
Last updated 7/2016
Current price: $12 Original price: $200 Discount: 94% off
3 days left at this price!
30-Day Money-Back Guarantee
  • 11 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion

Training 5 or more people?

Get your team access to Udemy's top 2,000 courses anytime, anywhere.

Try Udemy for Business
What Will I Learn?
  • By the end you will be able to understand all Information Security terminologies
  • You will be able to install and use all pentesting tools, even the new ones too
  • you will be able to hunt bugs and will be able to earn with them by reporting them
  • you will be able to document the pentesting reports
  • You will be able to defend your products and network from intrusion by Hackers
View Curriculum
  • A computer (MAC/Windows/Linux) any will work
  • Basics of computer technology
  • Virtual box - FREE (installation covered in the course)
  • NO prerequisites for this course

Welcome to the world’s one of the most advance course on Penetration Testing and Ethical Hacking. Everyone is trying to learn How to design website or how to build networks or products. But you are different from others; you have chosen a path where you will learn to protect those products from intrusion of Hackers. We would like to salute your decision.

Attacks by Hackers are not a new story now days, you hear about it every other day. And the reason is obvious; no one bothers about security. Think about the last web development course that talks about SQL Injection or XSS attack. When you learn about Information security and that too at such a practical level, you can offer your skills to big and small companies get hired there or work as a free lancer. This penetration-testing course also talks about getting payment via BUG BOUNTIES too.

Every major company like Google, Apple, PayPal etc. have a security division which requires security experts like you, not even an official degree is required for it. All they ask for is your skills that this covers up. World require so many security professionals but we are not able to produce even the fractions of requirement.

This course is designed very carefully so that everyone can learn from it, even non-programmers. Also this course is very crisp in covering topics, this means we will not be wasting 3-4 hours just on installation or learning jargon terms.

Mac, Linux or Windows is not at all a problem. We only use tools that are cross platform. Our strategy is to take students from all operating system and merge them on same platform like Kali Linux and Parrot OS, so that it gives best learning experience.

We will introduce you to most advance topics in Pentesting as well as teach you that how you can learn by yourself, without reading any book or taking any course in future. Along with course, we will point you towards dedication and free resources that will make you subject expert.

Also we will install our custom vulnerable test beds and attack on them. This will   washes out the worry of legal issues. Also there are few challenges for you that will push you little hard to use your capabilities at the fullest. 

Jump in the course and Welcome to the world of Information Security, Penetration Testing, Ethical hacking and Bug Bounties

Important note: Support of windows XP is dropped by Microsoft, we have used it in few lectures. Regardless, you can either skip those couple lectures or just watch them, as concept goes same.

Who is the target audience?
  • Individuals looking to earn via BUG BOUNTIES
  • Students looking to expand their knowledge in IT security
  • Become a paid penetration tester
  • Develop secure websites and secure products
Compare to Other Penetration Testing Courses
Curriculum For This Course
72 Lectures
Must have basics for a Penetration Tester
6 Lectures 49:20

Before we even jump into the course, let's explore the interface of our learning platform, adjusting the settings and detailed overview of what is about to come

Preview 08:14

Lets be clear on what is pentesting and what is our area of scope. Penetration testing is a formal procedure to find vulnerabilities in the product and fix them.

Preview 04:22

We will not only teach a skill we will also teach you that how you can offer your skills to others and get paid for it. Lets explore the options of bug bounties

Preview 09:57

Lets explore the terms like white hat hacking, black hat hacking, black box testing and white box testing. These terms are the most common terms, so it's a good idea to get friendly with them

White hat, black box and vulnerabilities

Few more important terms are proxy because we will be installing proxy chains to hide our identity. Also we will be using virtual box to take every user on same page

Proxy, virtual box and OS

now finally it's time to grab all the tools that we will be needing. Ofcourse this will not be a full list but we can just work with this for a start. If we will need anything else, for sure it will be cross platform and will be informed in advance.

Grabbing the tools
Installation and configuration of lab for pentesting
9 Lectures 01:15:47

Virtual box is a software that allows us to install a complete operating system in just a software, also it can be said that OS in controlled environment. If anything goes wrong then we can simply delete the OS and our original os will be safe

Installation of Virtual Box

The tools that we will go through will be open source. Although you can install them on any linux but sometimes there is an issue of dependencies. Therefore we will be using a dedicated operating system to make sure that we can focus on learning the rather spending half of the time in just installation.

Installation of attacker - Kali

UPDATE : A new update for the windows users in installation

windows Update - Installation for windows users

Now that our Virtual box is installed, we will now take a toor of this new software. We will try to be friendly with all menu items as well as learn the solution of problems such as full screen mode.

Tour to Virtual Box and installing advance settings

As talked earlier, we might require more tools to proceed, so this movie will help you to grab more tools like metasploitable and few windows trial version in order to practice.

Tools required for labs

Metasploitable is an intentionally vulnerable machine that is specially designed to practice all the attacks without getting too much worried about the legal issues. Let's learn to install it and crack it down

Installing Metasploitable on Virtual Box

Finding windows XP is not an easy task but microsoft still gives a few trial and free virtual machines, on which we can practice. Of Course, windows XP is a very good playing platform for exploitation

Windows XP installation in Virtual Box

Now that our attacker machine AKA Kali linux is installed, its a good idea that we take a little tour to the operating system. there are a few small settings that we need to do, to make sure that scan keeps on with no hurdles.

Tour to our attacker machine

There are many tools that are installed in the kali, in this movie we will take a tour of these tools. Also we will learn to update the machine. By updating the machine we can be sure that more tools can be easily updated.

Tour to Pentesting tools and updating the machine
UPDATE - optional linux section. Just basics yet important part of all linux
5 Lectures 54:48
Bash shell and navigation in linux

Files and files permission in linux

Case study, directories and files with VIM and NANO

Manipulation of file data

Grep, piping and sudo in linux
Gathering information to perform pentesting
10 Lectures 01:38:50

Tor or also known as onion browser is known for anonymity. We will learn to install and configure this browser on kali linux. Also we will have a quick look at dark web sites

Up and running with TOR and dark net

Proxies are a way to hide your location or basically route the entire traffic via a different server. It helps us to improve the anonymity. We will install proxychains and with this we can make n number of stops between the traffic.

Anonymity using proxychains

MAC address also know as physical address of your ethernet device or wireless device is your main identity over the internet, apart from IP. We will learn to mask or change the current mac address.

Changing your MAC for tests

there are many methods to gather information of our client, one of them is DNS enumeration. We also take a look on what is open DNS

DNSEnum Information Gathering

Although, zone transfer vulnerability is very rare to see now a days but still we will look at this vulnerability on a dedicated platform.

Preview 05:51

DIG is another tool that gives more detail information about DNS information. Let's have a look on DIG tool which ships in Kali linux.

Dumping information with dig

DNStracer is the utility which calculates the path of our request to the server and plots it nicely on graphical interface. We will also have a quick look on wireshark.

DnsTracer and quick look to wireshark

Dimitry is a built in tool in kali that gather a lots of information about the company like email ID and DNS information but there are many better tools available now.

Is Dimitry still a good option

Finding email is one of the important part as it can be later used for social engineering. Also we will look at generating reports.

Finding emails, subdomain and generating reports

Now that we have talked about a lot of tools, here is the time give you a very small and easy assignment. Also let's have a look on recon-ng

Assignment and recon-ng
Learning about Nmap, Nikto, OpenVas and report genrating
7 Lectures 55:07

Some little tweaks are necessary to make our lab good and ready for future exploitation labs. In order to work it is necessary to get ping reply from other virtual machines.

Tweaking our labs for future labs

Nmap is like the best tool for network mapping and a must known for every pentester. Let's open our wireshark which comes as a default in kali linux and capture some traffic

Nmap study and assignments to evaluate

In the last movie there was an assignment and in this movie we will solve this assignment. Let's learn to do port scanning in vulnerable machine.

Solution to assignment and port scans

Ok now we have a knowledge of vulnerability, so it's time to take advantage of that vulnerability and exploit the machine.

Taking advantage of known Vulnerability and metasploit

Just like other scanning tool, nikto is one more scanning tools available in kali linux. Nikto gives us a bunch of information that we will explore in this movie

Scanning with Nikto

OpenVas Installation and configuration

Submitting a report is the final task is the pentesting, there are a lot of tools that generate report and submit it to client. Every company follows their own report format.

Generating and analyzing pentesting reports
Performing a Penetration Testing on a client
6 Lectures 48:14

NDA stands for Non Disclosure Agreement, which is an official document stating that you are authorised to perform penetration testing. Also make sure that if you are not allowed to use particular tool, that is also mentioned in the document

Getting NDA signed, permissions and scope of testing

After signing NDA, first step is to gather information about client like domain info, emails, servers used and scanning of open port and related services.

Information gathering about client machine

Now that we have an idea about vulnerabilities, we can now process to exploit those vulnerabilities. We will learn to run the exploits using msfconsole, which we will take in detail later in this course

Attacking the machine with msfconsole

It is not compulsory that you always get success in exploiting the first vulnerability. Sometimes vulnerability is there but we are not able to get success, in that case search for another one to present prof of concept

Exploiting another vulnerability

One new thing that we will learn in this movie is to use wireshark to sniff traffic. If the application is not encrypting the traffic then we can even grap username and password.

Sniffing the traffic with wireshark and get the password

Nmap also allows you to use some basic inbuilt or custom designed scripts too. In this movie we will learn to use one of these scritps for pentesting

Nmap scripting engine and distcc
Web Application Penetration Testing
9 Lectures 01:20:01

Web application pentesting is the most hot topic out there because there are many websites and application are out there, having many potential vulnerability and of course getting hacked everyday. More chances of Bug bounties are here

Getting started with Web Application Pentesting

There are many test beds that can be installed for learning purpose but we will start from easy ones like DVWA aka Damn Vulnerable Web Application

Installing test bed for web application pentesting

There are a few important tools and addons that Kali is missing, we will learn to install them and learn a little about their interface

Installing Vega, firefox addons and Brute force attacks

Our first vulnerability in the test bed is going to be the serious one. Recently this vulnerability was in google cloud based service and was paid with 3000 dollars when reported.

Exploring the command injection Vulnerability

XSS or cross site scripting is most common with the increasing domination of javascript. Also the impact of XSS is now more aggressive.

Reflected and Stored XSS ie Cross Site scripting

There is a great one page learning resource for learning about all kind of XSS. This is a trusted resouce and we recommend this resource to all

DOM based XSS and learning resource

Google has it's own program to reward responsible disclosure of vulnerabilities in their products just like facebook, paypal and several others. 

Google Reward Program that gives 7500 dollars for XSS

CSRF attack can allow unwanted actions from the user and user may even change their password without knowing about it. Let's take a close look at CSRF

Cross site request forgery Vulnerability

Yes, there is a great resource to learn more about SQL Injection in detail and that too for free. Watch the video and get started with it. Resource is free and will be free

Reference to further 6 hour free sql injection course, shells and defacing
Automation of Web Application pentesting
5 Lectures 42:02
Web application Pentesting automation with Vega

SQL map is a python based tools that perform SQL Injection and checks for many injection vulnerability. Best part is tools is completely open source and can be edited for custom usage with little knowledge of python

Automation of SQL Injection Attack with SQLMAP

Open Web Application Security Project did launched a tool known as Zed Attack proxy, although the name use proxy but it is much more than that.

Automation with OWASP-ZAP

Present internet scenario says that you will get a lot of pentesting for CMS based site and most popular CMS is Wordpress. We will learn to perform an automated pentesting on such CMS

Scanning Wordpress sites for Vulnerabilities

usually, we don't recommend paid tools in any of our course, keeping in mind that most of you are starting from scratch but it's always good to show all the options and let you decide, what is best and what is not

Paid options for Automation of Web App Pentesting
Wep App Pentesting Challenge
2 Lectures 15:26

Installation of this test bed is going be biggest challenge of the entire series. If you will solve all these challenges (solutions are already in the test bed, watch next movie for hints) then for sure, your first BUG BOUNTY is not going to be far

A pentesting challenge that will help in getting Bug Bounties

Here is a quick tip to get started and learn about How to solve the above challenge. Make sure you take a little time to solve this challenge

Hint for solving the challenge
Getting started with metasploit Framework
5 Lectures 58:52

Metasploit is the biggest framework for exploitation in the entire pentesting industry, completely designed in ruby. In this movie we will explore the architecture of the metasploit.

Introduction to metasploit and it's architecture

msfconsole is the major and most famous way to interact with metasploit framework. Let's explore msfconsole, along with types on exploits.

Msfconsole and Exploits type

Setting up msf database is easy and makes search operation a lot faster. Also if the database is not set, then we cannot run armitage in next movie

Setting up msf database and meterpreter

Armitage is a graphical version of msfconsole but don't be mistaken, it is very powerful, automted and easy to easy. Let's look at the interface of Armitage.

Armitage and meterpreter

SET or Social Engineering Toolkit is a framework that helps you to use your social skills to launch some client side attacks. Let's take a look on client side attacks

Social Engineering toolkit and Client side exploits
3 More Sections
About the Instructor
Igneus Technologies
4.3 Average rating
3,336 Reviews
81,592 Students
35 Courses
Best Comprehensive Courses

We at Igneus have trained students from IIT's, NIT's and reputed companies. Students from all over the globe have trusted our High quality and affordable trainings from 10+ countries and have opted for our Certification programs.

IGNEUS stands for the Revolutionary and a quality enhanced change that we’ve tried to come up with in the modern world of Internet education. We’ve come up bearing in mind the maximum emphasis on the quality dealing with every new technology which has made us distinguished from the throng at internet. And this revolution of choice will keep continuing. Today IGNEUS Technologies has proudly lifting up the tag of being the world's most trusted provider of myriad of services and training programs aiding constantly in every corner of the globe along with web security aspects, and open source technology.

IGNEUS Technologies Pvt. Ltd is a dream shared and brought up by two computer geniuses to make the society upgraded and aware of the cyber crimes that curb the innocence of environment, thus starting a revolution in favor of cyber security.

Igneus stands for the Revolutionary and a quality enhanced change in every aspect of its touch to internet. Quality dealing with every new technology makes us different from the crowd of internet. The revolution of choice continues. Today Igneus Technologies is the world's most trusted provider of mentioned services and training along with web security aspects, and open source technology.