Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Complete Ethical Hacking and Cybersecurity Course

Name: Complete Ethical Hacking and Cybersecurity Course
Rating: 4.7 (437 reviews)

Learn Ethical Hacking and Cybersecurity in a practical way, become an expert in Ethical Hacking and Cybersecurity!

Created bySantiago Hernández

Last updated 2/2026

English

What you'll learn

Understand Ethical Hacking and Cybersecurity Fundamentals and Advanced Techniques
Master industry-standard tools: Learn how to use Kali Linux and over 30 hacking tools like Metasploit, Nmap, and SQLmap.
Set up a safe hacking lab: Install virtual machines and vulnerable systems to practice securely.
Conduct network analysis: Capture and analyze network traffic using Wireshark and TCPdump.
Identify vulnerabilities: Learn how to discover, classify, and assess weaknesses in systems and web applications.
Exploit vulnerabilities: Understand how to use exploits to compromise systems and networks.
Create and deploy advanced payloads: Design custom payloads to bypass security mechanisms.
Perform Man-in-the-Middle (MITM) attacks: Intercept and manipulate network traffic in real-time.
Implement privilege escalation techniques: Gain full control over compromised systems.
Manipulate network traffic: Execute ARP Spoofing, DNS Spoofing, and traffic redirection attacks.
Exploit web vulnerabilities: Master techniques like SQL Injection, XSS, CSRF, and more.
Automate ethical hacking tasks: Use tools like Recon-ng, TheHarvester, and Burp Suite.
Hack operating systems: Perform attacks on Windows, Linux, and macOS platforms.
Master social engineering techniques: Create phishing campaigns using tools like the Social Engineering Toolkit.
Capture sensitive credentials: Use tools like Mimikatz and Procdump to harvest passwords.
Create backdoors and trojans: Design backdoors to maintain access to compromised systems.
Analyze network protocols: Understand how TCP/IP, DNS, and other protocols function.
Conduct security audits: Evaluate systems and networks to identify security gaps.
Apply machine learning to cybersecurity: Leverage ML for anomaly detection and threat prevention.
Understand the phases of penetration testing: Learn the five core stages of ethical hacking assessments.
Perform vulnerability analysis: Use tools like Nessus and OpenVAS to detect security weaknesses.
Simulate advanced attacks: Combine techniques to perform comprehensive penetration tests effectively.
Prevent common attacks: Learn to detect and mitigate threats like MITM attacks and phishing.

Course content

13 sections • 119 lectures • 20h 31m total length

Course Presentation4:24

Introduction to the Information Gathering Phase0:38
Start the information gathering phase by collecting target data to feed later stages of the ethical hacking process. Explore passive information gathering as the first practical section of the course.
Passive Information Gathering4:37
Hacking with Search Engines: Google Hacking19:21
Google Hacking Database6:29
Google Hacking: Commands and Boolean Operators1:55
Shodan15:07
Explore Shodan, a search engine that scans internet-connected devices by banners and ports to uncover exposed services like FTP and cameras, revealing vulnerabilities and possible entry points.
Shodan: Main Commands1:01
Censys5:30
Learn how Censys offers internet-wide asset discovery alongside Shodan, using ZMap and grep for up-to-date indexing, with searches by services, ports, and organizations for cross-checking in passive information gathering.
Whois4:47
Archive: Analysis of Historical Information5:59
TheHarvester17:07
Temporary Public IP Address Blocking1:32
Installing Maltego on Kali Linux5:27
Install Maltego on Kali Linux, verify internet connection, configure network as anarchy mode, update repositories, install Maltego, register for the community edition, activate account, and check for updates.
Maltego18:24
Recon-ng13:47

Active Information Gathering3:20
Introduction to the Vulnerable Environment: Metasploitable34:47
Installation and configuration of Metasploitable319:29
Install and configure Metasploitable3 using Rapid7 pre-built images for Ubuntu and Windows, bypassing Vagrant and ISO issues, and set up host-only networking for cross-machine connectivity.
Installing Metasploitable3 on MAC ARM1:56
DNSRecon and Zone Transfer12:13
Nmap: Host Discovery - Part 115:50
Nmap: Host Discovery - Part 211:03
Nmap: Port Scanning24:12
Inspect port scanning with Nmap to identify open ports and running services, distinguish states such as open, closed, and filtered, and compare TCP and UDP techniques, including report export.
Nmap: Port States1:48
Nmap: Service Discovery7:09
Amap: Service Discovery4:20
Nmap: Operating System Identification3:44
Nmap: SMB Enumeration9:03
Enumerate Windows resources with nmap using smb scripts to discover shared folders, users, and Windows Server 2008 R2 OS details via smb os discovery on a Windows target.
Nmap: SNMP Enumeration8:04
Explore how to enumerate SNMP on UDP port 161 with Nmap, using scripts to reveal software, users, processes, network connections, and system description for misconfigured servers.

Introduction to the Vulnerability Analysis Phase0:51
Explore how to gather information about a target using passive or active methods, identify open ports and running services, and pinpoint vulnerabilities to exploit in the vulnerability analysis phase.
Vulnerability Analysis4:25
CVE, CVSS, CPE - Common Vulnerabilities and Exposures19:34
Vulnerability Analysis with Nmap17:41
Nessus: Introduction and Installation8:07
Learn Nessus essentials on Kali Linux, from download and activation code entry to starting the daemon and using the graphical interface to run scans.
Nessus: Basic Vulnerability Analysis17:30
Launch Nessus on Kali, perform basic vulnerability analysis via host discovery and service enumeration, using plugins and CVE databases to identify vulnerabilities on Metasploitable Windows and Ubuntu.
Nessus: Advanced Vulnerability Analysis19:52
Master Nessus advanced vulnerability analysis with intrusive and dynamic scans, custom policies, and real-time plugin loading. Configure scans, run thorough assessments, and export clear audit reports.
Other Vulnerability Analysis Tools1:35
Explore the landscape of vulnerability analysis tools and their similar functions. Focus on Nessus as the widely used option and note alternatives like Qualys, AppScan, Nikto, and Paris webapp.

Introduction to the Vulnerability Exploitation Phase1:20
Vulnerability Exploitation4:44
Manual Exploitation of Host Vulnerabilities25:17
Learn to manually exploit host vulnerabilities by analyzing maps and Nessus results, understanding exploits and payloads, and preparing reverse-shell payloads before leveraging Metasploit.
Exercise: Modify the New Payload to Make it Work0:46
Metasploit: Introduction13:14
Metasploit: Basic Exploitation21:48
Metasploit: Advanced Exploitation26:19
Explore advanced exploitation of the bluekeep RDP vulnerability using metasploit, manual exploit tuning, and a meterpreter payload, including non-paged memory and registry key adjustments in virtualized environments.
Msfvenom: Creating Custom Payloads19:06
Metasploit: Importing Nessus Results9:45
Armitage: Metasploit Graphical Interface9:45

Installing Ubuntu Virtual Machine6:25
Installing Vulnerable Web Application: Mutillidae II13:47
Install and configure mutillidae ii on a local apache server with php and mysql, using manual setup and git clone, then explore sql injection and adjustable security levels.
Learning Environment in NAT Mode0:30
Burp Suite: Introduction13:20
Spidering and Crawling with Burp Suite and Skipfish13:00
Code and Context Injections18:35
Introduction to SQL Injection22:54
Blind SQL Injection12:19
Explore how blind sql injection reveals data by using logical conditions, substring tricks, and timing methods to extract current user, table names, and other details, with and without sql map.
SQLmap: Advanced SQL Injections15:53
Learn how to use sqlmap to identify injection points from intercepted requests, perform time-based blind SQL injections, and enumerate databases, tables, and users in a MySQL backend.
Path Traversal4:48
WebShells16:02
Learn how web shells serve as payloads to gain remote command execution and persistence by exploiting web application vulnerabilities, including SQL injection and path traversal, with a PHP example.
Unrestricted File Upload7:31
HTML Injection and Cross-Site Scripting (XSS)20:57
CSRF13:18
XSStrike10:36
Explore cross-site scripting vulnerabilities with XSS strike, a Python tool generating payloads automatically. Learn setup on Kali Linux, pip, and host-only testing for ethical exploitation practices.
Other Exploitation Techniques: Cookie Tampering, Command Injection...19:07
Explore common injection and cookie tampering vulnerabilities in web applications, showing how input can execute os commands and how forged cookies can impersonate users, with Burp Suite demonstrations.
Advanced Content on Burp Suite0:25

Man in the Middle (MITM)12:59
Bettercap: Introduction and Installation8:36
ARP Spoofing15:06
DNS Spoofing14:04
Social Engineering Toolkit (SET)10:48
Real-Time Network Traffic Manipulation7:16
Polymorph: ICMP Network Traffic Manipulation24:27
Polymorph: MQTT Network Traffic Manipulation17:24
BONUS: Exploiting a Security Flaw in Windows 1024:13
Explore real-time manipulation of the remote registry protocol on Windows 10 and Windows Server 2008, and learn how ARP spoofing and modifying set value packets alter remote registry keys.
DEMO: Advanced WINREG Exploitation5:45
ANNEX: Conference on WINREG Exploitation - Part 120:44
Explore how the Windows remote registry protocol enables remote registry manipulation via packet interception, enabling code injection through RPC/SMB traffic and open key, set value, and create key operations.
ANNEX: Conference on WINREG Exploitation - Part 221:36
Discover how the Winterman tool performs a man-in-the-middle interception of remote registry traffic, using netfilter, iptables, and scapy to modify packets and explore security risks.

Requirements

No prior knowledge is required; you will learn everything you need in the course.

Description

Welcome to this course, where you will learn everything you need to know to become an expert in Ethical Hacking and Cybersecurity!

My name is Santiago Hernández, and I will be your instructor throughout this training program. If you'd like to learn more about me, I recommend checking out the "Course Introduction" video, which is publicly available on this page.

The first thing you should know about this course is that it is highly practical. 95% of the course hours involve real-world use cases demonstrating how to perform the most popular hacking techniques using Kali Linux and the most widely used tools today.

This course is designed for anyone interested in starting their journey in the world of Hacking and Cybersecurity, beginning from a very basic level and advancing as the course progresses to advanced levels. In these advanced levels, you'll learn techniques such as real-time network traffic manipulation and Machine Learning applications in Hacking.

By the end of this course, you will have all the knowledge needed to conduct a security audit or perform Ethical Hacking for an organization and uncover various security vulnerabilities. Additionally, if your interest lies in defensive Cybersecurity, this course will provide the essential insights to understand the most commonly used attack techniques today and design effective defenses against them.

Cybersecurity, and more specifically Ethical Hacking, is one of the most in-demand disciplines with excellent working conditions today. This course is designed so that anyone with enough interest can become a professional in this field. Enroll now and see for yourself.

Course Syllabus

1. Setting Up Your Ethical Hacking Lab with Kali Linux

Installing VMware and VirtualBox: Learn how to set up virtual environments to safely practice ethical hacking techniques without affecting your main system.
Installing Kali Linux: Master the installation and configuration of Kali Linux, the industry's leading penetration testing and ethical hacking operating system, and understand its key features and tools.

2. Introduction to Ethical Hacking, Cybersecurity, and Penetration Testing

Understanding Ethical Hacking Principles: Grasp the ethical and legal considerations in cybersecurity, including white-hat, grey-hat, and black-hat hacking.
Ethical Hacking and Penetration Testing Methodologies: Dive into professional frameworks like OSSTMM, PTES, ISSAF, and OWASP Testing Guide to structure your penetration tests effectively.

3. Passive Information Gathering

Open-Source Intelligence (OSINT): Utilize publicly available resources to gather information about your target without direct interaction, a crucial step in ethical hacking and penetration testing exercises.
Techniques and Tools:
- Google Hacking and Dorking: Use advanced search operators to uncover sensitive data exposed online.
- Shodan and Censys: Discover internet-connected devices and potential vulnerabilities.
- Whois Lookup and Archive: Retrieve domain registration details and historical website data for cybersecurity analysis.
- TheHarvester and Maltego: Collect emails, subdomains, and social network profiles.
- Recon-ng Framework: Automate reconnaissance tasks for efficient information gathering in ethical hacking.

4. Semi-Passive Information Gathering

DNS Enumeration: Use tools like DNSDumpster and DNSRecon to map domain information, subdomains, and DNS records.
Metadata Extraction with FOCA: Analyze documents to uncover hidden data that could be exploited in penetration testing.
Network Traffic Analysis:
- Wireshark: Capture and analyze network packets to understand communication protocols in cybersecurity.
- TCPdump for Ethical Hacking: Use command-line packet analysis for quick inspections.

5. Active Information Gathering

Network Scanning Techniques:
- Nmap and Amap: Identify live hosts, open ports, and services running on target machines.
- Operating System Fingerprinting for Ethical Hacking: Determine the OS and service versions to identify potential vulnerabilities in penetration testing.
Metasploitable 3 Setup for Ethical Hacking: Create vulnerable virtual machines to practice exploitation techniques safely.

6. Vulnerability Analysis in Ethical Hacking

Understanding Vulnerability Standards in Cybersecurity:
- CVE (Common Vulnerabilities and Exposures): Learn how vulnerabilities are cataloged for ethical hacking.
- CVSS (Common Vulnerability Scoring System): Assess the severity of vulnerabilities in cybersecurity.
- CPE (Common Platform Enumeration): Identify platforms and software versions for penetration testing.
Exploit Research for Ethical Hacking:
- Exploit-DB and Metasploit Modules: Find and analyze exploits relevant to discovered vulnerabilities.
Vulnerability Scanning:
- Nessus and OpenVAS: Perform comprehensive vulnerability assessments to detect security weaknesses during ethical hacking exercises.

7. Exploiting Host Vulnerabilities

Metasploit Framework Mastery:
- Exploitation Techniques: Use Metasploit modules to exploit vulnerabilities and gain system access during penetration testing.
- Payloads and Encoders in Ethical Hacking: Generate custom payloads with Msfvenom to bypass security mechanisms.
Armitage GUI for Ethical Hacking: Utilize a graphical interface for Metasploit to streamline exploitation processes in penetration testing.
Privilege Escalation: Techniques to elevate your access rights after compromising a system during ethical hacking.

8. Web Application Hacking

Understanding Web Technologies for Ethical Hacking: Get to know HTTP, HTTPS, cookies, sessions, and how web applications function.
Common Web Vulnerabilities:
- SQL Injection (SQLi): Exploit database queries to access or manipulate data.
- Cross-Site Scripting (XSS): Inject malicious scripts to hijack user sessions or deface websites during ethical hacking.
- Cross-Site Request Forgery (CSRF): Trick users into performing unwanted actions.
- File Inclusion Attacks (LFI/RFI): Access or execute unauthorized files on the server.
- Command Injection: Execute arbitrary commands on the host operating system during ethical hacking.
Tools and Techniques:
- Burp Suite: Intercept, modify, and replay web requests for testing during penetration testing.
- SQLmap: Automate SQL injection detection and exploitation.
- OWASP ZAP: Identify security vulnerabilities in web applications.
- XSStrike: Advanced XSS detection and exploitation tool.
Practice Labs:
- Mutillidae: Work with deliberately vulnerable web applications to hone your cybersecurity skills.

9. Network Attacks and Exploitation

Man-in-the-Middle (MITM) Attacks:
- Bettercap and Ettercap in Kali Linux: Intercept and manipulate network traffic during penetration testing.
- ARP Spoofing: Redirect traffic by poisoning the ARP cache.
- DNS Spoofing: Redirect users to malicious sites by altering DNS responses.
Social Engineering Attacks:
- Social Engineering Toolkit (SET) in Kali Linux: Craft phishing emails and clone websites to deceive targets.
- Polymorph: Modify network traffic on the fly.

10. Post-Exploitation Techniques

Maintaining Access:
- Backdoors and Rootkits: Install persistent backdoors to retain access during penetration testing.
- Metasploit's Meterpreter: Utilize advanced post-exploitation features.
Credential Harvesting:
- Procdump: Dump process memory to extract credentials during penetration testing.
- Mimikatz: Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets.
Hash Cracking:
- John the Ripper and Hashcat: Crack password hashes using various attack modes during ethical hacking.

11. Machine Learning in Cybersecurity and Ethical Hacking

Introduction to Machine Learning Concepts in Ethical Hacking:
- Supervised and Unsupervised Learning: Understand different learning models applicable to ethical hacking.
Anomaly Detection in Ethical Hacking:
- Batea Tool: Detect unusual patterns in network traffic during cybersecurity operations.
Deep Fake Technologies in Cybersecurity:
- Implications in Ethical Hacking: Learn about deep fakes and their potential misuse in cybersecurity.

Who this course is for:

Anyone who wants to pursue a professional career in Ethical Hacking
Anyone who wants to learn Hacking techniques
Professionals who want to improve their Ethical Hacking practices
Developers who want to learn about cybersecurity and related techniques
Defensive cybersecurity analysts who want to understand the main Hacking techniques

Complete Ethical Hacking and Cybersecurity Course

What you'll learn

Explore related topics

Course content

Wellcome to the Course1 lecture • 4min

Setting Up the Learning Environment4 lectures • 21min

Introduction to Ethical Hacking and Penetration Testing4 lectures • 14min

Passive Information Gathering15 lectures • 2hr 2min

Semi-passive Information Gathering10 lectures • 1hr 45min

Active Information Gathering14 lectures • 2hr 7min

Vulnerability Analysis8 lectures • 1hr 30min

Hacking and Exploitation of Host Vulnerabilities10 lectures • 2hr 12min

Hacking and Exploitation of Web Application Vulnerabilities17 lectures • 3hr 29min

Hacking and Exploitation of Network Vulnerabilities12 lectures • 3hr 3min

Requirements

Description

Who this course is for: