
Explore ethical hacking beyond cookbooks, mastering tools and techniques for advanced white hat penetration testing, while embracing persistence, creativity, and problem solving to expand your knowledge.
Acquire basic familiarity with operating systems, Linux and Windows, the command line, networking basics (tcp/ip and ports), and programming to navigate and extend penetration testing tools.
Explore ethical hacking, white hat practices, and penetration testing, covering fuzzing, web application testing, and the metis blois exploit development toolkit and exploit frameworks.
Identify system requirements for security tools, including hardware, software, and virtual machines with ample memory and disk space; Mac OS and Windows are commonly used, with Linux as secondary.
Explore ethics in ethical hacking and penetration testing, highlighting permission, legal standpoint, and the goal to improve security, availability, and integrity of systems.
Dradis framework consolidates outputs from Burp Suite and Nessus and other tools into one location to ease correlation and note-taking for network and systems testing.
Start Dradis, create a project and branches, and add notes with categories like scan results to organize tasks. Import data from Nessus and Nmap to streamline testing.
Import data from Nessus and other tools into Dradis via the new importer, watch the upload manager and log, and categorize results for analysis.
Install and manage chrome extensions to enhance web testing, using tools like firebug lite, security analyzers, cross-site scripting scanners, and base64 decoders.
Learn how to install Firefox plug-ins using the tools menu and add-ons, explore per-user installations, search for security add-ons, and complete installs that may require a restart.
Master SSH forwarding concepts, using local forward and remote port forward to tunnel traffic through an SSH link and access devices behind a firewall, with practical Raspberry Pi examples.
Explore scan types and techniques in nmap, including half-open and full-connect scans, various tcp flag combinations, protocol scans, and stealth idle scans to identify supported IP protocols.
Learn stealth scanning techniques using an idle scan with a zombie host to identify open ports without directly contacting the target, by examining IP ID behavior and spoofed responses.
Use amap to perform application scans that identify the actual protocol behind open ports, beyond banners, by mapping applications and analyzing responses.
Use Nmap to perform web testing with a Joomla detection script in the Nmap scripting engine, verify 200/302/404 responses on port 80, identify a Joomla site, and exploit those vulnerabilities.
Learn to scan and probe a UDP service using an Nmap script, sending a payload and interpreting a capitalized response to confirm an active service.
Explore how hping3 enables port scanning by crafting packets and tweaking ip and tcp/udp headers, including ttl and flags, to reveal open ports and evade firewalls or intrusion detection systems.
Explore payload-based scanning with unicorn scan, performing protocol interactions on UDP ports instead of simple connections. Create custom payloads in a text file and run asynchronous TZP and TCAP scanning.
Explore tcp scanning with unicorn scan, covering installation from source, running as root, scan modes, port targeting (22, 80, 1241), and generating logs and pre-cap files for analysis.
Learn to use the Firefox plugin Wappalyzer to quickly identify web application frameworks, scripts, and servers running a site, such as WordPress, Drupal, jQuery, Modernizr, Google Analytics, and Windows Server.
Use the passive recon Firefox add-on to quickly gather DNS, MX, and IP information and Netcraft site data, then perform targeted Google searches to locate file types for efficient reconnaissance.
Explore how Firebug, a Firefox plugin, breaks down web pages into collapsible sections, revealing the document object model, css, scripts, and frames to analyze structure and identify cross-site scripting risks.
Explore groundspeed, a Firefox plugin for testing web forms, to inspect and manipulate hidden fields, edit attributes, remove elements, and observe server responses during web application testing.
Explore Hackbar, a Firefox toolbar, and Tamper Data to decode and encode base64, hex, and URL data, including basic authorization strings.
Explore starting up Metasploit with the web interface and the command line, create a workspace and a project with a network range, and perform host lookups and service scans.
Explore scanning with Metasploit by running db_nmap scans, performing syn and operating system scans, and populating the database with hosts, ports, and services for later vulnerability analysis.
Learn to perform service scanning with metasploit's auxiliary scanners, including ssh, telnet, and other service detectors; set host ranges and run ssh version scans to identify targets.
Explore smb scanning with metasploit to identify shared resources, enumerate domain and local users, and reveal unauthenticated shares that may be exploited.
Import Nessus results into Metasploit using the console or web interface, bringing in hosts, services, and vulnerabilities to review with clickable references and plan exploits.
Learn to create and customize exploit payloads with MSF payload, generate shellcode in multiple languages, and configure options to spawn a reverse tcp shell for testing.
Learn to create standalone exploits by packaging MSF payloads into a Windows 64-bit executable and deploying a listener to enable payload communication.
Encode and pack payloads using metasploit msf encode to evade antivirus detection, configure architecture and encoding options, and generate a 32-bit Windows executable.
Learn to write and extend fuzzers with the metasploit framework, fuzz http requests using random data, and run ruby scripts to surface web server vulnerabilities.
Analyze Nessus vulnerability results to identify exploitable flaws, choose practical exploits such as MS-09001, and demonstrate running an exploit with a reverse handler to gain system access.
Explore how Meterpreter enables post-exploitation on a Windows system, including privilege escalation, hash dumps, screenshots, keystroke capture, token impersonation, and pivoting.
Explore post-exploitation techniques after compromising a system, including dumping hashes, cracking passwords with John the Ripper or rainbow tables, port forwarding to access remote services, and pivoting to other networks.
Exploit a Windows XP host to pivot into additional networks by using autoroute to reach the 10.0.0.0/24 subnet and map to scan for reachable systems behind the gateway.
Explore manipulating the Windows API through an interactive Ruby shell, gaining access via SMB exploits, inspecting network interfaces, and printing formatted system information including IP and MAC addresses.
Understand client-side exploits by setting up a server and delivering browser exploits to a targeted browser, evaluating vulnerabilities like ms11-003 in Internet Explorer and attempting to obtain a shell.
Explore the social engineering toolkit, a menu-based framework that automates phishing, spearfishing, and web attack vectors, including payload creation, fake websites, and mass email generation.
Explore web attack techniques using the social engineering toolkit, including site cloning and Java applet exploits, to deploy a Windows bind shell payload and practice controlled penetration testing.
Automate Metasploit tasks with a prepared script for msf console, running the net api exploit against Windows XP in the background and saving time through workspace automation.
Locate SQL server instances on a network, scan for open ports, attempt brute-force logins with a password dictionary, and explore possible post-login actions like retrieving configuration and password hashes.
Explore token stealing and impersonation on a Windows XP system, showing how administrator privileges can be gained by exploiting tokens from active processes.
Extend metasploit by using existing scripts to build custom modules like bad udp scanner and run them via msf console against a udp service.
Explore Burp Suite, a commercial-grade intercepting proxy for web app testing, with spidering and fuzzing features, available in free basic and paid professional versions, affordable for professionals.
Learn to configure Burp Suite as an intercepting proxy on port 1880, route Firefox traffic through it, and perform passive scanning to identify clear-text password submissions and lack of SSL.
Perform active scanning with Burp Suite after configuring spider scope and login forms. Review results, remove duplicates, and identify vulnerabilities like clear text passwords, cross-site request forgery, and clickjacking.
Use Burp Suite Intruder to automate testing of form fields by turning request parameters into variables, covering sniper and cluster bombing attacks and brute-force password testing on vulnerable applications.
Explore password brute forcing with a cluster bomb payload approach using intruder to test usernames and passwords combinations until a non-302 status is returned.
Use Burp Suite to test SQL injection on vulnerable pages with intruder and sniper payloads. Analyze responses and apply case modification and fuzzing to test input validation.
Master cross-site scripting testing with Burp Suite using Intruder and payloads to identify vulnerable pages and validate results.
Explore the Burp Suite sequencer to test server-provided variables for true randomness, reveal predictability in session data, and analyze cryptographic and randomness functions through automated sampling.
Explore how the Firefox plug-in XSS-Me enables automated cross-site scripting testing across forms, identifies vulnerable fields, and demonstrates rapid manual value injections for web app security assessment.
Explore using a tool to automate sql injection testing on web forms, with options to test all forms and attack types. Recognize the need for manual follow-ups alongside automation.
Explore how Tamper Data, a browser-integrated tool, lets you intercept and manipulate requests and headers after they leave the browser but before they reach the server, revealing potential vulnerabilities.
Explore injection attacks with tamper data to bypass javascript-based input validation and demonstrate cross-site scripting via script insertion and html encoding of characters.
Examine hidden form fields used to store data, and see how tamper data, firebug, show source, and inspect element reveal and manipulate these fields across sites.
Explore using the Zed attack proxy (zap) in quickstart mode to perform active scans, spidering, and brute force checks for cross-site scripting and site vulnerabilities.
Fuzz a web page parameter using the zap attack proxy to run fuzz tests from built-in categories and custom attacks, observing requests, payloads, and responses.
Explore the Hackbar tool to perform encoding and decoding, generate SHA-1 hashes, base64 conversions, and quick references for SQL injection and cross-site scripting tasks.
Explore assembly basics, from opcodes and registers to memory interactions, system calls and kernel execution; learn text and data sections, assembler and linker workflow, and differences across processors.
Explore how a buffer overflow occurs when input exceeds a 256-character buffer, corrupting the stack and potentially overwriting the return address to execute code loaded into memory.
Explore format string attacks by analyzing a C program with a format string vulnerability, using scanf and printf, manipulating the stack with %x and %n, and debugging to locate issues.
Learn linux debugging with gdb by compiling with debugging symbols, set breakpoints, step through code, and backtrace the stack to inspect variables on running processes.
Explore Peach Fuzz, a dotnet-based fusser that generates XML data models to craft malformed traffic, automate testing, and monitor crashes; assess web apps' resilience to attacks.
Explore how to perform http fuzzing with Peach using sml, building a data model and state model, configuring a random fuzzing strategy, and analyzing Apache logs for responses.
Explore advanced email fuzzing using Peach, build complex SML data models, simulate SMTP interactions, and analyze server responses for vulnerabilities.
Explore file and network fuzzing with Peach, using state and data models to generate fuzz files and SML fuzzing tests for Notepad and an XML reader.
Learn to use Sully, a Python-based fuzzing framework, to create blocks and run tests against a local mail server on port 25, with targets, sessions, and network monitoring.
Learn to use Spike proxy to forward browser requests and fuzz web requests, testing web servers for crashes by running on port 8888 and directing the browser to 42.55:8888.
Extend learning by acquiring free tools, expanding programming skills in Python and Ruby, and getting hands dirty to practice exploits and manual techniques across protocols.
In this Advanced White Hat Hacking And Penetration Testing training course, Infinite Skills takes you beyond the basics of Ethical Hacking and shows you advanced techniques for discovering potential security problems with your websites and networks. This course requires that you already have familiarity with the basics of penetration testing, and assumes that you have already completed the Learning White Hat Hacking And Penetration Testing course from Infinite Skills.
The course jumps right into the nitty gritty with a chapter about using Dradis. You will learn about scanning, including stealth scanning, data acquisition using various methods, and advanced ways to utilize Metasploit. In this Ethical Hacking tutorial you also learn how to use Burp Suite to do web testing, what reverse engineering is and how to use it, and finally, Ric covers fuzzing with Peach.
Once you have completed this training course on Advanced White Hat Hacking And Penetration Testing, you will have an in-depth understanding of how to test networks and websites for potential exploits for the purpose of securing them. You will also know how to use the tools and software that you will need to perform and analyze this testing.
This White Hat Hacking course follows on from our Beginners White Hat Hacking Course