The Complete Ethical Hacking Course!

Master reconnaissance to map the attack surface, identify internal and external vectors, and catalog assets, using open-source intelligence to inform all subsequent penetration testing phases.

Explore open source intelligence and internet footprint techniques to reveal data from public sources, social media, metadata, and job sites for social engineering scenarios.

Master passive reconnaissance using internet databases, DNS records, and archives; leverage open information and tools such as shodan and censys, plus Monteagle and multi go for data transformation.

Map client networks through active reconnaissance, identify hosts and systems, and assess DNS and subdomain exposure, including cloud services and Google Apps, using practical tools and Python scripts.

Automate comprehensive reconnaissance to map a target’s network, surface domains and DNS records, validate findings with email verification, and extend OSINT through social media and data gathering.

Explore how Maltego maps infrastructure and asset relationships using a Yahoo domain example, transforming domain data into DNS, IP ranges, and network blocks while highlighting legal boundaries.

Explore how FOCA examines metadata to reveal sensitive data for penetration testers by analyzing downloaded files and extracting metadata across office versions, updates, and user names for social engineering insights.

Discover how the harvester automates domain-based searches across Google, Jigsaw, Twitter, and other databases to gather emails, IPs, and hostnames for lawful reconnaissance within legal boundaries.

Explore scanning and enumeration within a defined scope, identify active machines and open ports, map services, and build a prioritized, structured inventory to guide penetration testing.

Identify active hosts on a network using icmp echo requests, trace routes, and common admin tools while mapping topology and inspecting shared resources and permissions for internal visibility.

Identify active services on targets using legitimate connections, background network mapping, and scanners like Nmap, covering TCP and UDP ports, service discovery, and SSL considerations.

Organize pen test data into a chronological, report-ready record and map networks with topology tools, documenting hosts and open ports for export to Excel formats.

Recognize that automation incurs costs, and plan sequentially to avoid disruptively scanning legacy systems, aware of VPN, office IP, and firewall effects.

demonstrates mapping the network with nmap to identify live hosts and fingerprint services, using -iL input files, diverse target formats, and discovery options for balanced speed and stealth.

Master Nmap syntax to tailor scans with port ranges, scan flags, version and service fingerprinting, script scanning, and output options while learning timing, resumption, and results formats.

Demonstrates using nmap for hosts discovery in the reconnaissance stage, converting IP ranges into networks, creating a networks file, and running verbose scans to identify live hosts across blocks.

Learn nmap service discovery with host and port scanning, along with service and operating system fingerprinting, to identify open ports and running services and generate reports.

Explore how Nmap's scripting engine enables discovery, vulnerability checks, and targeted scans for web services, with scripts that map hosts, identify versions, and test for vulnerabilities.

Explore masscan and the map tool to map networks and identify open ports, focusing on ports 80 and 443, with rate control to balance speed and uplink impact.

The internet is inherently insecure by design, so penetration tests must assess how clients mitigate these weaknesses, while tracing security origins from early science networks to bolted-on protections.

Explore sniffing and spoofing in network traffic, including arp spoofing that enables a man-in-the-middle, and how crypto and ssl mitigate these threats.

Explore sniffing tools like Wireshark with a gui to inspect protocols and reconstruct sessions, and tshark for a console alternative; extend with a Python module to build custom network tools.

Exploit spoofing on local and wifi networks, route traffic via Linux configuration, and use tools like Ettercap or a Ruby-based framework to sniff and analyze SSL stripping.

Test tcpdump to capture wifi traffic and save it to a capture file, then inspect packets with a readable display and filter by ports 80 and 443 using Wireshark.

Explore Wireshark's interface, select a network interface, apply filters, and capture traffic to analyze DNS and ICMP packets and TCP streams.

Explore how to intercept and sniff network traffic with Ettercap, configuring interfaces, ARP spoofing, target selection, logging, and SSL stripping to analyze captured packets.

Demonstrate how Burp Suite intercepts traffic by installing a certificate to observe encrypted data and perform a man-in-the-middle. It discusses why SSL alone is not enough.

Discover how Scapy acts as both server and client to craft and analyze spoofed packets, enable cache poisoning experiments, and study low-level packet manipulation techniques with Python scripting.

Explore practical attacks against Windows and Linux, study their architecture from bootstrapping to kernel, including firmware trust, protection rings, hypervisor concepts, and administrative permissions, with virtualization considerations.

Examine how operating system accounts and password hashes in the SAM database protect access, compare legacy and modern hash schemes, and relate memory corruption to secure development lifecycle practices.

Examine use-after-free and memory corruption risks, including non-zero freed memory and exposure of cryptographic data, and explore Windows defenses like data execution prevention and randomly assigned memory areas.

Explore windows hacking basics by examining enumeration of ipc file shares, smb services, password dumping, and privilege escalation to understand post exploitation and credential theft.

Learn how to dump hashes from active directory, compare LM and NTLM weaknesses, and perform offline and memory-based password cracking with rainbow tables, John the Ripper, and the Volatility framework.

Explore how attackers compromise Linux hosts by targeting services, user accounts, and rootkits; compare local and remote exploits, persistence techniques, and the Linux–Windows security landscape.

Explore publicly disclosed exploits from the Mendus Boyd framework and volatility framework, examine memory corruption taxonomy, and study Windows privilege escalation fundamentals for web services exploitation.

Demonstrates a Windows XP remote exploitation workflow using Metasploit against Amaranth's 0 8 0 6 7 vulnerability. Learn about module taxonomy, including exploits, auxiliaries, and post-exploitation payloads.

Demonstrates using the windows msf exploit within the framework to identify remote hosts, configure modules, and launch a meterpreter payload with reverse connections, including background exploitation and saving settings.

Demonstrates post-exploitation techniques on a remote Windows session, including migrating between processes, data collection, screenshot and webcam access, persistence, and stealthy network configuration for assessment.

Demonstrates a post-exploitation workflow on a Windows environment using Mimikatz to dump hashes and establish persistence while discussing evading antivirus in a controlled lab.

Demonstrates dumping hashes and cracking passwords using wordlists, rules, and mangling, with incremental options and combining cracking tools to show practical techniques.

Explore hashcat with various attack modes, from straight to hybrid with masks, using password databases from Linux, Windows, and Mac, and discuss hardware and multi-core clustering for speed.

Learn post exploitation with Windows PowerShell, performing file and directory operations, WMI queries, and interactive sessions. Use Get-Credential to obtain user credentials, escalate to administrator, and automate information extraction tasks.

Explore hands-on online and offline password cracking strategies, test multiple tools such as Medusa and Cain and Abel, and analyze Windows security responses while practicing ethical hacking techniques.

Demo introduces attacking Linux targets, exploring an interactive post-exploitation shell, information gathering, privilege escalation, and use of exploit databases and GitHub resources for payloads and exploits.

Explore the web security architecture, detailing the web platform vs application layers, back-end and front-end roles, middleware, and restful and SOAP APIs.

Explore the web platform architecture, including web servers, application servers, and databases, and compare relational and non-relational databases, while examining cloud service models (saas, paas, iaas) and security considerations.

Identify the web server and its software, scan for service banners and version, and assess indicators of compromise, default credentials, and persistence methods to plan a controlled, safe penetration test.

Analyze the platform, including languages, frameworks, libraries, databases, and protocols, and examine security concerns from memory corruption risks to framework and template injection.

Explore platform components including relational and non-relational databases (Redis, json documents), data exchange via rest, soap, and json packets, and identify entry-point vulnerabilities through input tampering at the platform level.

Examine how misconfiguration and default credentials enable attacks, and adopt trust but verify through authentication and authorization, including session hijacking, cookie theft, injection attacks, and data leakage.

Explore the OWASP top 10 vulnerability classes and the dynamic testing guide v4 for web apps, and see how injections stem from input validation flaws.

Explore the OWASP top 10 pt. 2, including broken authentication and session management, XSS variants, insecure direct object references, misconfigurations, and CSRF, with real-world attack vectors.

Demonstrates how poor threat modeling and cross-team misalignment can create business logic vulnerabilities despite solid security controls, and shows analyzing client-server flows and token misuse risks.

Examine how data flows through an application's workflow and how input validation, session integrity, and rate limits affect security. Challenge assumptions and test business logic to uncover flaws.

Explore essential offensive security tools and methodologies for web app testing, including Burp Suite, Zap, Skipfish, and extensions, plus best practices for safe, effective scanning.

Explore intentionally vulnerable applications and configurable virtual machines to practice hacking skills, learn from real-world bug bounty resources, and reference guides like web hacking 101 and the vulnerability disclosure process.

Demonstrate offensive security with the OWASP Mutillidae vulnerable web app, guiding installation, isolated virtual machines, and exploration of exploitation techniques like injection authentication bypass to teach web app security.

Demonstrate how crafting input in a login form can bypass authentication by exploiting SQL queries, causing 1=1 to always return true and grant access in a lab setting.

Demonstrate sqlmap, an automated injection scanner that uses requests, headers, and cookies, with batch and wizard modes to enumerate dbms, dump data, or obtain a shell.

Practice sqlmap to test web application injection, intercept traffic, craft post data, and dump databases and tables to reveal schemas and user data, while exploring payload techniques.

Master Burp Suite for web app security testing by configuring a proxy, intercepting and replaying requests, using intruder, repeater, scanner, and spider to identify authentication flaws, injections, and cross-site scripting.

Explore Burp Suite to identify cross-site scripting vulnerabilities, generate and export reports, and test payloads with XSS Hunter, while demonstrating client-side and server-side protection bypass and exploitation workflows.

Demonstrates mitmproxy as a console-based, extendable proxy for inspecting and modifying traffic; shows disabling upstream certificate verification, domain filtering, and using nikto to uncover server vulnerabilities.

Explore skipfish demos, including Google's open-source version and subgraph vaga GUI, and learn to run fast security scans, configure an output directory, monitor progress, and identify threats.

Review the long scan results in this Skipfish demo, note colorful reports with limited global visibility, possible injection vectors, and many false positives along with resource constraints.

Explore social engineering basics in ethical hacking, including the threat of a motivated insider, reconnaissance and open source intelligence, psychology, and strategies to mitigate human-related risks.

Explore social engineering methods used in high-tech and low-tech attacks, including phishing, spear phishing, vishing, rogue wifi access points, tailgating, piggybacking, and dumpster diving, with practical prevention insights.

Explore tools and techniques for ethical social engineering, uncovering psychological principles like scarcity, authority, liking, consistency, social proof, and reciprocity to sharpen attack simulations.

Learn to apply anchoring, priming, and risk appetite in social engineering, read microexpressions and gestures across cultures, synchronize behavior to build situational trust.

Explore how the social engineering toolkit enables credential harvesting, mass and spear phishing, and content creation for emails and cloned websites, using APIs and MIME-type email structures.

Explore social engineering and ethical hacking through phishing demonstrations, shoulder surfing, and toolkit insights, highlighting Defcon and GHDB and practical threats.

Set up a controlled lab for social engineering practice using a cloud-based box with a public IP, a plausible domain, and a cloned site to harvest credentials.

Explore the social engineering toolkit for penetration testing, including web site templates, credential harvesting, and prebuilt attack vectors like spearfishing, with hands-on setup and logging.

Demonstrate credential harvesting via social engineering by persuading a user to visit a site, observe login attempts, and capture the username, password, and other form data saved in log files.

Learn how the social engineering toolkit can clone a website and deliver a signed Java applet, with payloads and a listener, amid antivirus challenges.

Demonstrates automating an attack by scripting execution steps with templates, using an automate tool to run chosen options and parameters for faster results.

Examine anti-virus evasion in social engineering, testing mail, server, and endpoint defenses using reconnaissance and open source intelligence to understand a cat-and-mouse game.

This demo walks through antivirus evasion and post-exploitation workflows, showing how to generate and encode payloads with MSF, test against Windows defenses, and use veil framework for obfuscation.