
Set up a virtual environment for ethical hacking using shoebox across Windows, macOS, and Linux; install kernel headers and dynamic kernel module support, configure repositories, and load modules.
Learn to install Kali Linux in a VirtualBox VM: create a Debian 64 guest with 4 GB RAM and a dynamically allocated 200 GB disk, then complete with guest additions.
Power up your Linux shell by installing Terminator, the Edge research environment, and tmux, then configure prompts, fonts, and plugins to streamline multi-pane work.
Explore Linux basics and commands, covering system commands, file navigation, permissions and ownership, user and group management, networking, process monitoring, and archiving with tar and zip, plus encryption concepts.
Install Docker on Linux, pull images from Docker Hub, create and run containers, attach interactively, forward ports, test with hello world, and manage or remove containers and images as needed.
Install Visual Studio Code on Linux via the package manager, then explore its debugging and syntax highlighting while creating and running a Python hello world script.
Explore the basic concepts and terminology of ethical hacking, distinguish ethical hackers from crackers and script kiddies, and survey common cyber crimes and threats.
Set up vulnerable labs using prebuilt docker images for dvwa, bwapp, webgoat, juiceshop, and metasploitable2 to practice penetration testing exploits; learn configuration, operation, and offline lab options.
Install and configure Metasploitable3 labs using Vagrant and VirtualBox, setting up Windows and Linux hosts, plugins, and VM images to explore vulnerable surfaces safely.
Explore capture the flag concepts and explore platforms such as CTF time, Over the Wire, Bandit, Route Me, Hack Me, and How the Box, plus VPN access and flag discovery.
Explore attack vectors as paths to access, including compromised credentials, social engineering, web vectors, brute force, and misconfigurations, and learn threat modeling for red team operations.
Explore how to perform OSINT framework-driven reconnaissance by gathering public data—IP addresses, domains, subdomains, emails, and employee info—to map attack vectors for red-team assessments.
Learn to perform active network scanning with Nmap and Zenmap, identify open ports, services, and operating systems, and use NSE scripts and timing options to map targets and virtual hosts.
Explore scanning with nmap from the command line and in python, covering target selection, port ranges, SYN scans, service and OS detection, NSE scripts, timing, and output reports.
Learn to use the metasploit framework for scanning, enumeration, and post-exploitation with auxiliary modules and censys, connect via openvpn, configure scanners, run port scans, and generate reports from results.
Configure a metasploitable environment by creating a VirtualBox network for the attack machine and vulnerable targets on the 10.10.0.0/24 subnet with dhcp, then disable firewalls to enable enumeration and exploitation.
Enumerate target systems with Nmap to identify open ports, determine service versions, and assess vulnerabilities, then use scripted brute-force checks and SMB enumeration to reveal users for ethical hacking.
Explore how to use nmap for multi-target port scans, focusing on non-intrusive and fast scans, script-based discovery, and enumeration to reveal services, vulnerabilities, and exposed shares.
Enumerate linux and windows targets with metasploit and related tools to reveal user lists, password policies, domain data, shares, and groups, then test authentication bypass and exploitation.
Translate vulnerability scanning into risk by assessing threats and vulnerabilities, referencing CPE and NVD, and tracing exploits, payloads, and loot to understand how attackers operate.
Install and configure OpenVAS-GVM and PostgreSQL, enabling unauthenticated and authenticated vulnerability scanning. Manage feeds, Nessus attack scripting language modules, certificates, and the OpenVAS-GVM dashboard with risk-based tasks.
Learn vulnerability assessment with OpenVAS-GVM by configuring targets, credentials, and scan profiles, running scans, and generating reports to analyze vulnerabilities across hosts.
Perform vulnerability analysis by inspecting scanner reports to determine exploitable vulnerabilities, plan exploitation steps, and report findings to the customer with mitigations and patches.
Demonstrates second opinion vulnerability scanning with nmap nse scripts, revealing exploitable flaws, patch-worthy issues, and public exploits, while sourcing scripts from GitHub for targeted pen testing.
Learn to perform active vulnerability scanning with Metasploit, using auxiliary scanners and exploits to assess remote services, including MS17-010 on Windows servers.
Explore exploitation techniques from initial access through post-exploitation, escalating privileges and moving laterally while cracking password hashes, analyzing vulnerabilities, and reporting exploits.
apply ethical hacking and metasploitable2 part 1: learn to set up metasploit, scan targets, run exploits with and without credentials, obtain remote access, and generate exploit reports.
Explore Metasploitable2 with Metasploit modules, configure options, deploy payloads, and perform post-exploitation to discover credentials and escalate privileges, including reverse shell access and PostgreSQL credentials.
Demonstrates remote command execution on Metasploitable2 using multiple exploit modules and payloads. Explore post-exploitation techniques, privilege escalation, and credential discovery across web services and Tomcat configurations.
Demonstrates remote code execution via RMI with default configuration and non-default mapper settings in Metasploitable2, using staged payloads, exploitation modules, and password brute-forcing against services.
Explore exploitation of a deliberately vulnerable Metasploitable 3 Ubuntu box using nmap scans, an exploit, and a reverse shell, then perform post-exploitation to discover credentials and pivot to admin.
Examine metasploitable3 ubuntu vulnerabilities, including apache directory traversal, uploads, sql injection, and shellshock, and demonstrate gaining a remote shell via metasploit and default credentials.
Explore detecting vulnerabilities on Metasploitable3 Ubuntu, generating payloads with msf, deploying via get and post methods, and pivoting through targets to illustrate reverse connections and post exploitation.
Demonstrates post-exploitation on metasploitable3 ubuntu part 4 by exploiting a ruby on rails remote code execution vulnerability to gain a reverse shell and escalate privileges.
Explore hands-on exploitation of Windows Server 2008 in a metasploitable setup, from network scanning and credential harvesting to post-exploitation tactics like hash collection and privilege escalation.
Explore post-exploitation on a Windows 2008 system, covering privilege escalation, credential dumping with Mimikatz, keylogging, and screen capture, plus persistence options and subnet discovery.
Explore metasploitable3 Windows 2008 exploitation using modules to demonstrate remote code execution on port 80 (MS15-034) and privilege escalation.
Extract and store sha-512 password hashes from systems, then crack them locally and discuss cloud-based hash cracking services for WordPress hashes, with a privacy warning.
Learn to crack password hashes locally with John the Ripper using dictionaries, mangling rules, masks and incremental brute force, then compare its approach with hashad and online cracking dashboards.
Explains the basics of man-in-the-middle attacks and spoofing types like IP and DNS spoofing, and their role in phishing and browser-based threats.
Explore man-in-the-middle attacks through ARP spoofing and MAC address spoofing to intercept, sniff, and analyze unencrypted traffic with Wireshark, and discuss SSL stripping and DNS spoofing.
Explore wifi security basics, including authentication, integrity, and privacy, and examine threats like rogue access points and man-in-the-middle, plus wpa and wpa2 basics.
Explore wireless attacks by capturing the WPA/WPA2 four-way handshake in monitor mode and cracking the password offline with a wordlist, illustrating ethical testing with authorization.
Social engineering manipulates the human mind by combining emotion-driven tricks with cyber tools to gain initial access, underscoring training as essential to prevent such attacks.
Learn how social engineering exploits the human element, combining manipulation with cyber tricks, and targets the weakest link through a three-stage process: research, planning, and execution, including phishing and pretexting.
Apply the Gophish framework to reach targets through phishing campaigns by crafting spoofed emails, templates, and landing pages, and configuring smtp profiles and domains for authorized social engineering assessments.
Learn to configure a Gophish phishing campaign from landing pages and email templates to tracking and reporting. Analyze campaign dashboards, groups, targets, and captured data for red team assessments.
Demonstrate social engineering client-side attacks with realistic campaigns, phishing landing pages, email templates, and multi-vector payloads delivered via Microsoft Word, macro, and DDE techniques.
Explore social engineering client-side attacks, including email campaigns delivering weaponized documents that prompt enable editing, enabling payloads, privilege escalation, and red-team lateral movement.
Explore basic web application attack techniques and the top 10 application security risks, learn the client–server HTTP model, and how ethical hackers gain initial footholds to test and defend apps.
Explore injection vulnerabilities, including dynamic queries and LDAP/SQL injections, and broken authentication, credential stuffing, and data exposure, with in transit protections through encryption and hashing.
Explore xml external entity attacks (xxe), xml processors and soap services exploitation, and the risks of denial of service, broken access control, and misconfiguration in web app pentesting.
Explore insecure deserialization and its risk of remote code execution through manipulated serialized objects. Learn about data tampering, role escalation, vulnerable third-party components, and logging gaps.
Learn to install and run Burp Suite Community Edition, set up the proxy, intercept traffic, and use intruder, repeater, and inspector to analyze and test web applications.
Master burp suite basics by intercepting and modifying requests, then using repeater, intruder, fuzzing, and payload configurations (sniper, cluster bomb) to test web app defenses.
Explore vulnerability assessment on a vulnerable web app, performing a brute-force login using cluster bomb payloads with multiple usernames and passwords, then execute command injection and attempt a reverse shell.
Explore practical applications of exploited vulnerabilities, including cross-site request forgery (CSRF) attacks that change passwords, file inclusion and upload flaws, and SQL injection techniques, with defenses highlighted.
Master sql injection techniques—union-based, boolean and time-based—enumerating databases and tables, extracting usernames and password hashes, and cracking passwords with wordlists in a vulnerable lab.
Explores boolean-based and time-based SQL injection, fingerprinting the DBMS, and extracting databases and tables via union queries, in a practical lab setting.
Explore how stored and reflected cross-site scripting vulnerabilities enable attackers to run scripts in users' browsers, bypass content security policy, and manipulate tokens in a lab setting.
Explore the OWASP Webgoat lab - part 1 to practice rule-based access control testing, bypass unauthorized access, and detect vulnerabilities such as insecure configurations, session management flaws, and cross-site scripting.
Explore hands-on Webgoat labs to practice OWASP attacks, including JavaScript eval payloads, client-side validation risks, coupon code decryption, authentication bypass, XSS, and SQL and command injections.
Practice hands-on ethical hacking with the Mutillidae II lab, testing cross-site scripting, phishing, and SQL injection across multiple targets and documenting findings for a red-team penetration test.
Apply ethical hacking techniques on admin login, directory traversal, time-based blind sql injection, payload testing, logs, and file inclusion and cross-site scripting vulnerabilities in Mutillidae II lab part 2.
Demonstrates exploiting a vulnerable payroll web app on a Metasploitable 3 Linux host using SQL injection to enumerate users, extract credentials, escalate privileges, and achieve full system compromise.
explore the buggy web application lab bWAPP to practice web attacks, including html injection, cross site scripting, command injection, stored and blind injections, sql injection, and phishing concepts.
Practice SQL injection, union attacks, XSS, and authentication vulnerabilities using PortSwigger's online vulnerable web apps labs, a browser-based, updated platform that tracks progress.
Explore server-side and cross-site forgery and related web app attacks in PortSwigger’s online vulnerable web apps lab, using burp to forge requests and test injections.
Learn Python scripting for ethical hacking, covering installation on Linux, Windows, Mac; Python 2 vs 3; console usage; variables; data types; strings; lists; and basic control flow for CTF tasks.
Master Python basics with if/else conditionals, for and while loops, and indentation, then import modules like requests to fetch data and check status codes through practical examples.
Master Python basics by defining classes and functions, using modules, looping with while, handling input, and working with lists, dictionaries, tuples, and exception handling.
Develop a Python port scanner by defining a class with socket-based port probes and colorized status output, while illustrating object-oriented concepts and inheritance.
Explore a hands-on mini project in ethical hacking that builds a simple malware command and control server and client using Python, within a controlled testing environment.
Welcome to the most complete Ethical Hacking and Threat Hunting course available online, where both topics in offensive security, as well as defensive security, are professionally covered. This course includes two crash courses about Linux and Python as well.
The following seven pillars constitute the foundation of this life-changing course:
1- Ethical Hacking
Learn how to think and act like a hacker and work with various techniques and tools to achieve this goal. As an ethical hacker at the end of this course, you will be able to help your customers mitigate various attack vectors and their corresponding details practically based on various security standards and best practices. Also, you will learn how to execute various ethical hacking phases as Reconnaissance, Scanning, Gaining Access, Maintaining Access, Clearing Tracks, and others.
2- Penetration Testing
Learn how to hack easy to hard real-world simulated virtual machines on HackTheBox Live Hacking! using unique exploits, tactics, and techniques. Learn the art of intrusion with these CTFs (Capture the Flags) which will help you in the future on every real work project.
Also work on pentest methods in web, network, vulnerability assessment workflows, and “Defense in Depth” best practices which will help you hack like black-hat hackers, defend or secure them like security experts and harden your corporate environment against malicious actors.
3- Red-Teaming techniques and tactics
Learn beginner to advanced pentesting techniques. Learn how to think and act like threat actors to stop them at various phases of the attack life cycle.
MITRE ATT&CK Framework: reconnaissance, initial foothold, lateral movement, privilege escalation, command and control, active directory attacks, Linux, and mac os x malware and attack techniques.
Learn scripting languages for the Cobalt Strike Framework and other red-team engagement frameworks to perform development and operations on them.
Learn how to develop your C2 infrastructure to avoid detection by blue teams and SOCs during red team operations.
4- Elastic Stack Wazuh Manager (SIEM)
Learn how to set up a complete SIEM (Security Information and Event Management) using Elastic Stack (formerly ELK Stack) using Wazuh Manager. Also, learn how to ingest various log formats from different log sources such as Linux and Windows servers, Fortigate firewall appliances, and so on. You will learn how to activate different functionalities (capabilities) of the Wazuh manager such as vulnerability monitoring, File Integrity Monitoring, CIS Hardening Benchmark Monitoring, and much more. Also, you will learn how the underlying decoders and rules are programmed to detect an unlimited amount of security events across an enterprise network.
5- Threat Hunting (Blue-Teaming)
There is a complete section for threat hunting where you put what you've learned into work and run attacks such as Spawn Session and Process Injection, ShellShock, MSHTA, Brute-Force, Mimikatz, and so on from your Parrot OS and detect them with your SIEM tool that you've set up and completely configured during the course. During this section, you get familiar with how different IoC (Indication of Compromise) will appear in your SIEM tool.
6- Python Scripting for Security
Learn how to create scripts and programs to do what you want whenever you are required to, from small scripts that are needed during pentest to more sophisticated ones during Red Team Ops. there is a crash course about Python basics included in this course to promote you in this must-know language field.
7- Linux (Kali Linux and Parrot OS)
Linux runs the world, especially when it comes to the cybersecurity world. There is a crash course about Linux basics in this course. However, during this course and after many hours of exciting hands-on practices on the different offensive and defensive security methods you will become a Linux expert at the level of a cybersecurity expert. You will learn Kali Linux and Parrot OS as the main Linux distros used in this course.
Here is an overview of the main content of the course:
Sections 1 to 3 are for introduction and preparation. Here you set up your offensive lab and will learn the basics of Linux to get prepared for the ethical hacking sections. You will also install Kali Linux and Microsoft Visual Studio Code as your main IDE (Integrated development environment). Then you move on to create your vulnerable labs such as dvwa, bwapp, webgoat, and so on. Also, you will do your first capture-the-flag (CTF) and create your HTB (HackTheBox dot com) account if you haven't before.
You will start your professional white hat hacking training from sections 4 to 10. Here you will learn a broad range of hacking tools, attack vectors, technics, and procedures. They start from Reconnaissance, enumeration, vulnerability scanning to exploitation, post-exploitation, password cracking. You will continue with network attacks (wired and wireless), social engineering attacks, Web applications attacks (OWASP Top 10), and much more.
You'll take your second crash course in Python in section 11. Here you learn Python geared towards IT Security and Hacking purposes.
Now you have earned all the requirements, a professional hacker needs in the pentesting battlefield. In section 12, you get to know the interesting world of CTFs (Capture the Flags), especially on HackTheBox dot com and will hack 8 machines:
3 Easy machines: BLUE, DEVEL, NETMON
4 Medium: SNIPER, MANGO, BLUNDER, POPCORN
1 Hard: CONTROL
By the end of this section, you are an ethical hacker who feels incredibly confident with penetration testing in different hacking scenarios.
Everything is standardized in modern times. Giving a break to practical hacking, in section 13 you will learn the must-know security standards such as MITRE, OWASP, PTES, OSSTMM and their terminologies as well as methodologies in the IT Security field.
We did everything up to here to be a great Red Teamer, here you learn how to use all that practical ethical hacking techniques along with MITRE ATT&CK Tactics, Techniques, and Procedures to conduct a comprehensive Red Teaming assessment on your customers. In section 14 you will learn how to work based on various MITRE TTPs with a powerful Red Teaming Framework. You will also learn how to customize your C2 to be like what you want and also learn how to do various operations with it.
More than half of today's APTs (Advanced Persistent Threats) are experts on active directory attacks and you as an ethical hacker or Red Teamer should also know how to do that and report vulnerabilities to your customers. In section 15 you will learn how to configure AD, create a vulnerable AD lab and perform some of the most important attacks in this category. Having this category of attacks in a separated section is because of the importance and amount of common attacks by APTs on this module in the victim’s environment.
In section 16 we tried to cover every tactic, its corresponding technique, and also the procedures behind it standardized by MITRE ATT&CK all in one. We will study most of the operations done by threat actors and APTs. Their TTPs are covered line by line and in near future, with some updates, we are going to practice every technique after its explanations. Also, most of these TTPs are covered during the course without knowing what category of TTPs it is. It is really important to stick to MITRE ATT&CK and that’s why we put a small section on it.
Up to section 17, you finished your pythonic offensive security with all possible aspects. Now you are a professional and ethical hacker. From this section on, you start your defensive security journey, where the focus is mainly on defense against offensive technics and tactics you've learned up until here. In this section, you learn terminologies and methodologies such as "Defense in Depth" on the defensive side, where the SIEM tool is in the center of attention.
In section 18 you start building up your fully customized Linux-based and 100% open source SIEM tool using Elastic-Stack and Wazuh Manager (The Open Source Security Platform). In this section, you set up Wazuh Manager Server, Open Distro for Elasticsearch, Filebeat, and Kibana.
Then in section 19, you move on to endpoints such as Windows and Linux Servers, Windows 10, and Fortigate firewall appliance, to integrate these different log sources into your ELK-Stack SIEM server. Also, you will learn how you can roll out authenticated Wazuh agents on a network of Windows machines using Domain GPOs in an automated form.
Section 20 covers index management in Elasticsearch where the life cycle of the indexes will be managed. In this lecture, you will learn how to manage your accumulated alerts in your Elastic Stack to improve your server disks and storage.
In section 21 you will extend your configured SIEM with its capabilities such as File Integrity Monitoring (FIM), Linux Syscalls monitoring, Enterprise continuous vulnerability monitoring, CIS Hardening Benchmarks (SCA), Windows Defender, and Sysinternals Sysmon Eventchannel.
How one can create new alerts out of ingested logs in Wazuh Manager is the topic of section 22. In this section, you will learn how decoders and rules are constructed behind the scenes and how you can create your own custom decoders and rules for your own requirements.
And finally, you will finish this course with hunting IoCs (threat hunting) in your fully customized SIEM. In section 23, you will run some of the attacks you have learned during the course such as Mimikatz, HTA, Brute Force, etc. from your Cobalt Strike on your Parrot OS against your endpoints (Wazuh agents) and you will examine generated alerts for these specific security events.
Disclaimer:
This course is created for educational purposes only, all the attacks are launched in our own lab or against online Lab systems that are legally permitted to run tests against them.
This course is totally a product of the two instructors of this course and no other organization is associated with it. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANISATION IS INVOLVED.