Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Ethical Hacking for Beginners(2024)
Rating: 5.0 out of 5(2 ratings)
26 students

Ethical Hacking for Beginners(2024)

Mastering Cyber Security: Fundamentals and Hands-on Labs, NMAP, METASPLOIT
Last updated 3/2025
English

What you'll learn

  • Understanding DoS and DDoS Attacks
  • Introduction to Ethical Hacking
  • Footprinting and Reconnaissance/ phases of Ethical Hacking
  • Vulnerabilities and Port scanning using NMAP
  • Case studies and LAB PRACTICALS on METASPLOIT
  • Bettercap Best Practices
  • Learn Kali Linux from scratch.
  • Learn to exploit the metasploitable2

Course content

8 sections45 lectures7h 37m total length
  • Introduction: DOS and DDOS Attacks11:35

    Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are malicious attempts to disrupt the normal functioning of a network, service, or website.

    DoS attacks typically originate from a single source, often a single machine or a small number of machines controlled by the attacker. eg-Ping Flood, SYN/ACK Flood etc.


    A Distributed Denial-of-Service (DDoS) attack is an evolved form of DoS attack where multiple compromised computers, often part of a botnet, are used to launch the attack. eg-Amplification Attack, DNS Reflection Attack

  • TYPES OF ATTACKS13:35

    Tear Drop Attack: A Tear Drop attack is a type of Denial-of-Service (DoS) attack that exploits vulnerabilities in the reassembly of fragmented packets in a network. The attacker sends overlapping fragments to the target system, causing it to crash or become unresponsive. The attack capitalizes on the inability of the target to properly reassemble the fragmented packets, leading to system instability. Tear Drop attacks exploit weaknesses in network protocols and pose a threat to the availability of services by disrupting the normal functioning of the targeted system.

    Flooding Attack: A Flooding attack is a classic form of Denial-of-Service (DoS) attack where an adversary overwhelms a target system with an excessive volume of traffic, saturating its resources and rendering it unavailable to legitimate users. The attacker floods the target with a multitude of requests, such as ICMP ping requests, HTTP requests, or SYN packets, causing the system to become overloaded. Flooding attacks exploit the finite capacity of network resources, disrupting the target's ability to handle genuine user requests and severely impacting its availability.

    Volumetric Attack: A Volumetric attack is a subtype of Distributed Denial-of-Service (DDoS) attack characterized by an overwhelming volume of malicious traffic directed at a target. In this attack, a large number of compromised computers, forming a botnet, collectively generate an immense amount of data traffic. This flood of data exhausts the target's bandwidth and other resources, causing service disruption. Volumetric attacks can include various techniques such as UDP amplification, DNS reflection, and HTTP/S floods. Mitigating volumetric attacks requires robust network infrastructure and DDoS mitigation strategies to filter and absorb the high volume of incoming traffic, ensuring uninterrupted service availability.

  • DOS Attacks using NMAP in Kali linux (lab)12:44

    Setting up a DoS Attacks lab for educational purposes involving Kali Linux and a Windows 7 machine provides hands-on experience with network security concepts.


    In this lab, students can simulate and understand various Denial-of-Service (DoS) attack scenarios. Using Kali Linux as the attacker and a Windows 7 machine as the target, students can explore the impact and mitigation strategies associated with DoS attacks.

  • ICMP flood Attack using NMAP6:42

    Setting up an ICMP Flood Attacks lab using Kali Linux as the attacker and a Windows 7 machine as the target provides an immersive learning experience for understanding the impact and mitigation of network-based attacks.

    In this educational environment, students can explore the intricacies of ICMP (Internet Control Message Protocol) flooding, a form of Denial-of-Service (DoS) attack.

    Using tools like Hping3 on Kali Linux, students simulate a barrage of ICMP Echo Request (ping) packets directed at the Windows 7 target. This flood of ping requests overwhelms the target's resources, saturating its bandwidth and leading to unresponsiveness. Students witness firsthand the degradation of network performance and the potential disruption of services.

  • CAM TABLE Attack9:04

    CAM TABLE ATTACK:

    • Switch works that if a host is communicating with the internet, then the reply will not be broadcast. It is unicast.

    The switch stores all the layer-2 addresses and the switch also has a limit to store the mac addresses.


    • The attackers sent so many mac addresses that the switch memory has been used completely.

    It sent out so many frames that the switch forgot the devices with the mac address which was stored with them.

    And then the switch starts broadcasting the mac addresses to the interfaces, Which could help attackers to gain the access of legit mac addresses in the same VLAN.

    He can now eavesdrop on the network.

    It is done using the tool called MAC OF

    MITIGATE:
    1) We can mitigate those types of attacks by telling the switch that we can only allow 5 max mac addresses to be allowed on the access ports and the rest also will be dropped.


    2) We can also enable port security and we can set the restrictions as well.


  • DHCP Starvation Attack10:01

    DHCP (Dynamic Host Configuration Protocol) Starvation attacks are a form of network-based assault designed to exhaust the available IP addresses in a DHCP server's address pool,

    thereby causing a denial of service for legitimate network devices. In this type of attack, a malicious actor floods the DHCP server with a multitude of DHCP requests, attempting to deplete the pool of available IP addresses.

    During a DHCP Starvation attack, the attacker crafts and sends numerous DHCP discover messages to the DHCP server, requesting IP addresses at an unsustainable rate. As the DHCP server assigns addresses to the requesting devices, the malicious actor continues flooding the server, preventing it from responding to legitimate DHCP requests. This results in a scenario where genuine devices on the network are unable to obtain valid IP configurations, causing network disruption and potential service outages.

  • ARP Spoofing4:29

    ARP (Address Resolution Protocol) spoofing is a malicious technique where an attacker sends false Address Resolution Protocol messages on a local network. By impersonating legitimate devices, the attacker associates their MAC address with the IP address of another system, leading to traffic redirection.

    This allows them to intercept, modify, or eavesdrop on data exchanges between connected devices. ARP spoofing can facilitate man-in-the-middle attacks, compromising network security.

  • RaaS(Ransomware as a Service)11:23

    Ransomware as a Service (RaaS) is a sinister online model enabling cybercriminals to deploy ransomware without advanced technical skills. This nefarious service allows users to purchase or rent ransomware tools, facilitating widespread attacks on unsuspecting victims. Operating on the dark web, RaaS providers offer a user-friendly interface, technical support, and profit-sharing schemes, making cyber extortion accessible to a broader range of criminals. This alarming trend poses a significant threat to individuals and businesses, as the proliferation of ransomware attacks continues to rise, underscoring the urgent need for robust cybersecurity measures in the digital landscape.

Requirements

  • basics of IT terminologies.
  • basics of Linux os

Description

Gain a profound understanding of cyber threats with our comprehensive course on "Cybersecurity fundamentals with Lab Practices (2024)" Delve into the world of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, exploring the techniques employed by malicious actors to disrupt critical systems and services.


Risk Assessment and Impact Analysis: Develop the skills to assess the potential impact of DoS and DDoS attacks on various systems and organizations, conducting thorough risk analyses.

Understanding DoS and DDoS Attacks: Gain a profound insight into the workings of DoS and DDoS attacks, exploring the motivations behind them and identifying potential targets.

Legal and Ethical Considerations: Ideal for cybersecurity professionals, network administrators, system administrators, web developers, IT managers, ethical hackers, law enforcement, and anyone keen on enhancing their expertise in defending against disruptive cyber threats.

Practical Labs and Simulations: Engage in practical labs and simulations, providing a hands-on experience to reinforce theoretical concepts and enhance practical skills. We will be covering practical labs on NMAP , Metasploit tools.

Prepare to navigate the evolving landscape of cyber threats confidently. Enroll in "Cybersecurity fundamentals with Lab Practices (2024)" and fortify your defenses against one of the most pervasive challenges in the digital realm.

Join us to fortify your cybersecurity arsenal and protect against disruptive threats in today's digital landscape.

Who this course is for:

  • Network Administrators
  • System Administrators
  • Web Application Developers
  • Ethical Hackers and Penetration Testers
  • IT Managers and Decision-Makers