Welcome to the world’s one of the most advance course on Penetration Testing and Ethical Hacking. Everyone is trying to learn How to design website or how to build networks or products. But you are different from others; you have chosen a path where you will learn to protect those products from intrusion of Hackers. We would like to salute your decision.
Attacks by Hackers are not a new story now days, you hear about it every other day. And the reason is obvious; no one bothers about security. Think about the last web development course that talks about SQL Injection or XSS attack. When you learn about Information security and that too at such a practical level, you can offer your skills to big and small companies get hired there or work as a free lancer. This penetration-testing course also talks about getting payment via BUG BOUNTIES too.
Every major company like Google, Apple, PayPal etc. have a security division which requires security experts like you, not even an official degree is required for it. All they ask for is your skills that this covers up. World require so many security professionals but we are not able to produce even the fractions of requirement.
This course is designed very carefully so that everyone can learn from it, even non-programmers. Also this course is very crisp in covering topics, this means we will not be wasting 3-4 hours just on installation or learning jargon terms.
Mac, Linux or Windows is not at all a problem. We only use tools that are cross platform. Our strategy is to take students from all operating system and merge them on same platform like Kali Linux and Parrot OS, so that it gives best learning experience.
We will introduce you to most advance topics in Pentesting as well as teach you that how you can learn by yourself, without reading any book or taking any course in future. Along with course, we will point you towards dedication and free resources that will make you subject expert.
Also we will install our custom vulnerable test beds and attack on them. This will washes out the worry of legal issues. Also there are few challenges for you that will push you little hard to use your capabilities at the fullest.
Jump in the course and Welcome to the world of Information Security, Penetration Testing, Ethical hacking and Bug Bounties
Important note: Support of windows XP is dropped by Microsoft, we have used it in few lectures. Regardless, you can either skip those couple lectures or just watch them, as concept goes same.
Before we even jump into the course, let's explore the interface of our learning platform, adjusting the settings and detailed overview of what is about to come
Lets be clear on what is pentesting and what is our area of scope. Penetration testing is a formal procedure to find vulnerabilities in the product and fix them.
We will not only teach a skill we will also teach you that how you can offer your skills to others and get paid for it. Lets explore the options of bug bounties
Lets explore the terms like white hat hacking, black hat hacking, black box testing and white box testing. These terms are the most common terms, so it's a good idea to get friendly with them
Few more important terms are proxy because we will be installing proxy chains to hide our identity. Also we will be using virtual box to take every user on same page
now finally it's time to grab all the tools that we will be needing. Ofcourse this will not be a full list but we can just work with this for a start. If we will need anything else, for sure it will be cross platform and will be informed in advance.
Virtual box is a software that allows us to install a complete operating system in just a software, also it can be said that OS in controlled environment. If anything goes wrong then we can simply delete the OS and our original os will be safe
The tools that we will go through will be open source. Although you can install them on any linux but sometimes there is an issue of dependencies. Therefore we will be using a dedicated operating system to make sure that we can focus on learning the rather spending half of the time in just installation.
UPDATE : A new update for the windows users in installation
Now that our Virtual box is installed, we will now take a toor of this new software. We will try to be friendly with all menu items as well as learn the solution of problems such as full screen mode.
As talked earlier, we might require more tools to proceed, so this movie will help you to grab more tools like metasploitable and few windows trial version in order to practice.
Metasploitable is an intentionally vulnerable machine that is specially designed to practice all the attacks without getting too much worried about the legal issues. Let's learn to install it and crack it down
Finding windows XP is not an easy task but microsoft still gives a few trial and free virtual machines, on which we can practice. Of Course, windows XP is a very good playing platform for exploitation
Now that our attacker machine AKA Kali linux is installed, its a good idea that we take a little tour to the operating system. there are a few small settings that we need to do, to make sure that scan keeps on with no hurdles.
There are many tools that are installed in the kali, in this movie we will take a tour of these tools. Also we will learn to update the machine. By updating the machine we can be sure that more tools can be easily updated.
Tor or also known as onion browser is known for anonymity. We will learn to install and configure this browser on kali linux. Also we will have a quick look at dark web sites
Proxies are a way to hide your location or basically route the entire traffic via a different server. It helps us to improve the anonymity. We will install proxychains and with this we can make n number of stops between the traffic.
MAC address also know as physical address of your ethernet device or wireless device is your main identity over the internet, apart from IP. We will learn to mask or change the current mac address.
there are many methods to gather information of our client, one of them is DNS enumeration. We also take a look on what is open DNS
Although, zone transfer vulnerability is very rare to see now a days but still we will look at this vulnerability on a dedicated platform.
DIG is another tool that gives more detail information about DNS information. Let's have a look on DIG tool which ships in Kali linux.
DNStracer is the utility which calculates the path of our request to the server and plots it nicely on graphical interface. We will also have a quick look on wireshark.
Dimitry is a built in tool in kali that gather a lots of information about the company like email ID and DNS information but there are many better tools available now.
Finding email is one of the important part as it can be later used for social engineering. Also we will look at generating reports.
Now that we have talked about a lot of tools, here is the time give you a very small and easy assignment. Also let's have a look on recon-ng
Some little tweaks are necessary to make our lab good and ready for future exploitation labs. In order to work it is necessary to get ping reply from other virtual machines.
Nmap is like the best tool for network mapping and a must known for every pentester. Let's open our wireshark which comes as a default in kali linux and capture some traffic
In the last movie there was an assignment and in this movie we will solve this assignment. Let's learn to do port scanning in vulnerable machine.
Ok now we have a knowledge of vulnerability, so it's time to take advantage of that vulnerability and exploit the machine.
Just like other scanning tool, nikto is one more scanning tools available in kali linux. Nikto gives us a bunch of information that we will explore in this movie
Submitting a report is the final task is the pentesting, there are a lot of tools that generate report and submit it to client. Every company follows their own report format.
NDA stands for Non Disclosure Agreement, which is an official document stating that you are authorised to perform penetration testing. Also make sure that if you are not allowed to use particular tool, that is also mentioned in the document
After signing NDA, first step is to gather information about client like domain info, emails, servers used and scanning of open port and related services.
Now that we have an idea about vulnerabilities, we can now process to exploit those vulnerabilities. We will learn to run the exploits using msfconsole, which we will take in detail later in this course
It is not compulsory that you always get success in exploiting the first vulnerability. Sometimes vulnerability is there but we are not able to get success, in that case search for another one to present prof of concept
One new thing that we will learn in this movie is to use wireshark to sniff traffic. If the application is not encrypting the traffic then we can even grap username and password.
Nmap also allows you to use some basic inbuilt or custom designed scripts too. In this movie we will learn to use one of these scritps for pentesting
Web application pentesting is the most hot topic out there because there are many websites and application are out there, having many potential vulnerability and of course getting hacked everyday. More chances of Bug bounties are here
There are many test beds that can be installed for learning purpose but we will start from easy ones like DVWA aka Damn Vulnerable Web Application
There are a few important tools and addons that Kali is missing, we will learn to install them and learn a little about their interface
Our first vulnerability in the test bed is going to be the serious one. Recently this vulnerability was in google cloud based service and was paid with 3000 dollars when reported.
There is a great one page learning resource for learning about all kind of XSS. This is a trusted resouce and we recommend this resource to all
Google has it's own program to reward responsible disclosure of vulnerabilities in their products just like facebook, paypal and several others.
CSRF attack can allow unwanted actions from the user and user may even change their password without knowing about it. Let's take a close look at CSRF
Yes, there is a great resource to learn more about SQL Injection in detail and that too for free. Watch the video and get started with it. Resource is free and will be free
SQL map is a python based tools that perform SQL Injection and checks for many injection vulnerability. Best part is tools is completely open source and can be edited for custom usage with little knowledge of python
Open Web Application Security Project did launched a tool known as Zed Attack proxy, although the name use proxy but it is much more than that.
Present internet scenario says that you will get a lot of pentesting for CMS based site and most popular CMS is Wordpress. We will learn to perform an automated pentesting on such CMS
usually, we don't recommend paid tools in any of our course, keeping in mind that most of you are starting from scratch but it's always good to show all the options and let you decide, what is best and what is not
Installation of this test bed is going be biggest challenge of the entire series. If you will solve all these challenges (solutions are already in the test bed, watch next movie for hints) then for sure, your first BUG BOUNTY is not going to be far
Here is a quick tip to get started and learn about How to solve the above challenge. Make sure you take a little time to solve this challenge
Metasploit is the biggest framework for exploitation in the entire pentesting industry, completely designed in ruby. In this movie we will explore the architecture of the metasploit.
msfconsole is the major and most famous way to interact with metasploit framework. Let's explore msfconsole, along with types on exploits.
Setting up msf database is easy and makes search operation a lot faster. Also if the database is not set, then we cannot run armitage in next movie
Armitage is a graphical version of msfconsole but don't be mistaken, it is very powerful, automted and easy to easy. Let's look at the interface of Armitage.
SET or Social Engineering Toolkit is a framework that helps you to use your social skills to launch some client side attacks. Let's take a look on client side attacks
We at Igneus have trained students from IIT's, NIT's and reputed companies. Students from all over the globe have trusted our High quality and affordable trainings from 10+ countries and have opted for our Certification programs.
IGNEUS stands for the Revolutionary and a quality enhanced change that we’ve tried to come up with in the modern world of Internet education. We’ve come up bearing in mind the maximum emphasis on the quality dealing with every new technology which has made us distinguished from the throng at internet. And this revolution of choice will keep continuing. Today IGNEUS Technologies has proudly lifting up the tag of being the world's most trusted provider of myriad of services and training programs aiding constantly in every corner of the globe along with web security aspects, and open source technology.
IGNEUS Technologies Pvt. Ltd is a dream shared and brought up by two computer geniuses to make the society upgraded and aware of the cyber crimes that curb the innocence of environment, thus starting a revolution in favor of cyber security.
Igneus stands for the Revolutionary and a quality enhanced change in every aspect of its touch to internet. Quality dealing with every new technology makes us different from the crowd of internet. The revolution of choice continues. Today Igneus Technologies is the world's most trusted provider of mentioned services and training along with web security aspects, and open source technology.