Ethical Hacking - A Hands-On Approach to Ethical Hacking
- 9.5 hours on-demand video
- 7 articles
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.
Try Udemy for Business- Use virtualization as it applies to penetration testing.
- Discover, scan and exploit network vulnerabilities.
- Demonstrate the ability to perform an entry level penetration test.
- Hack and secure wired networks
- Hack secure systems using client-side and social engineering attacks
- Create a virtual install of Kali Linux
- Learn linux fundamentals
- Complete Module 01 - Virtual Network Lab Build
- A laptop or desktop capable of running two simultaneous virtual installs in conjunction with their host operating system.
- Basic networking skills, IP addressing, familiarization with ports and services, configure a network adapter, use PING, IFCONFIG, IPCONFIG
- Reliable LAN or cable connection for Internet access.
- A host machine running Windows 7, 8.1 or 10 (preferred). MAC and Apple machines will work but a Windows host is preferred.
- A minimum of 4 GB of RAM (8 GB preferred)
- Basic computer fundamentals.
- Basic operating system fundamentals.
Course Overview
This course provides learners with a basic level of competency using a hands-on approach to gaining practical experience as a penetration tester or an ethical hacker (white, grey or black).
This course provides a fundamental look at offensive security concepts and techniques using a virtual install of Kali Linux and three different target victims, Windows XP, Server 2008 and Linux (Metesploitable2). This course provides a 100% hands-on approach to learning to be an ethical hacker or a pentester.
How is the course structured?
The course uses short video tutorials, hands-on labs, virtualization, and open source tools for step-by-step learning of ethical hacking fundamentals; the same tools and open-source software are used by professional penetration testers and ethical hackers.
This course provides videos, labs, and links for downloading the free and open-source software used throughout this course.
You will able to build a virtual install of Kali Linux and Windows XP for the virtual lab environment. You should complete the first lab of this course before enrolling. Starting with lab 2, we will begin scanning and attacking a Windows XP victim. If the first lab cannot be completed, there is no need to enroll in the course since all labs that follow are dependent on the first lab being completed.
You will learn how intruders escalate privileges and what steps can be taken to stop them, the importance of a strong firewall, the importance of keeping systems and software updated and the use of complex passwords.
You will also learn how to launch DDoS Attacks, Buffer Overflows, keylogging, and password hacking. Completion of the course will help prepare an individual for an entry-level position as a pen-tester or ethical hacker. On completing this course, you will receive a course completion.
If you would like to discuss ethical hacking, watch someone else talk about technology or write a paper, there are plenty of other courses to choose from. To successfully complete this course students must demonstrate the fundamental concepts of offensive hacking. In other words, learners will learn something by doing.
Course Objectives
Demonstrate the use of offensive security tools and techniques.
Proficiency in the use of the CLI (Command Line Interface) of Linux.
Use Linux as a hacking platform.
Who should take this course?
Network administrators, cybersecurity students, entry-level penetration testers, anyone who wants to be an ethical hacker, concerned parents, concerned spouses, law enforcement and anyone with a solid background in technology.
Who should not take this course?
Anyone suffering from technophobia (the fear of learning new technology). Anyone not having a good understanding of the OSI model, or the TCP/IP suite.
What are the course requirements, Knowledge level?
A good understanding of basic networking concepts, the TCPI/IP stack, how devices communicate, and basic troubleshooting of network connectivity issues.
How to use a computer, a mouse and a keyboard.
How to configure a static IP address on a Network adapter.
How to check for connectivity using PING, IPCONFIG, and IFCONFIG.
This course will not cover or review the OSI model, discuss IP addressing or any basic networking concepts. Students are expected to have these skills when they enroll.
Hardware
PC, laptop or desktop capable of virtualization. (Virtualization enabled BIOS).
A minimum of 4 GB of RAM, (8 GB or more of RAM recommended).
Administrative access to the host operating system. (You own the machine).
LAN or cable connection for Internet access. (Cannot use a wireless connection).
High-speed internet access using a reliable Internet connection. (5mb or higher throughput).
Software
Any 64-bit Windows operating system. (preferred)
A current 64-bit version of Mac or a Linux operating system.
Installation of VMWare Player (free edition) for Windows and Linux users. (Links provided in the lab).
Installation of Virtualbox for MAC. (Links provided in the lab).
Installation of 7zip (Links provided in the lab).
Copy of Kali ISO or Kali VMWare or Virtualbox image. (Links provided in the lab).
Copy of Windows XP SP2 (Links provided in the lab).
Copy of Server 2008 SPI 32 bit (Links provided in the lab).
Copy of Metesploitable2 (Links provided in the lab).
- Anyone a wanting pure 100% hands-on learning experinece.
- Anyone wanting to learn the basics network penetration.
- Anyone wanting to apply basic hacking concepts.
- Anybody wanting to learn how hackers hack computer systems
- Anybody wanting to learn how to secure their systems from hackers
In this section, you are given a brief overview of how the course is built.
In this first lab, students will create a virtual install of Kali Linux using VirtualBox depending on their host platform and personal preferences.
In this lab, you will learn how to install the CSI Investigator Suite. CSI Linux was developed by Computer Forensics, Incident Response, and Competitive Intelligence professionals to meet the current needs of their clients, government agencies, and the industry. CSI Linux Investigator is a Virtual Machine Appliance that contains 3 different virtual machines.
Windows XP is our victim or target for the labs. Though some of these labs will work using newer operating systems as targets, Windows XP is still relevant in roughly 75% of all networks making it a viable target.
A short video on troubleshooting connectivity issues between Kali and your target machines. Use this video to ensure your Kali and other virtual machines have connectivity between them.
In this lab, you will learn how to hide your identity on the Internet using anonsurf. Anonsurf is a script made by the ParrotSec team that completely anonymizes you with just one click of a button using TOR proxies. Anonsurf automatically routes ALL your traffic through TOR, including your DNS requests to prevent DNS leaks.
In this lab, you will learn to gather passive information from the Internet using Maltego. This lab uses the community edition built into our Kali Linux that is limited to private or non-commercial use and the number of results that can be displayed in a graph. It is capable of gathering a significant amount of passive information about a prospective entity in a single sweep of the Internet.
In this lab, students will learn to use Metagoofil to extract data from publicly available documents and images. Metagoofil is an information-gathering tool designed for extracting metadata of public documents (pdf, doc, xls, ppt ,docx, pptx, xlsx) belonging to a target company.
The Nmap scripting engine is one of Nmap's most powerful and, at the same time, most flexible features. It allows users to write their own scripts and share these scripts with other users for the purposes of networking, reconnaissance, etc. These scripts can be used for:
- Network discovery
- More sophisticated and accurate OS version detection
- Vulnerability detection
- Backdoor detection
- Vulnerability exploitation
In this lab, you will look at the scripts that have been shared and are built into Kali and will examine how to use them to do thorough recon on our target, to increase the possibility of success, and reduce the possibilities of frustration.
EternalBlue, sometimes written as ETERNALBLUE, is an exploit believed to have been developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack on May 12, 2017.
For this lab, students will be using NMap to look for the vulnerability. EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.
In this lab, students will learn how to automate the installation of NESSUS using containerization. Students will be introduced to the Docker program which provides a sandbox for the running of applications called containers. Containers are self-contained images that come preconfigured with all the necessary dependencies, software and files to operate without having the call on the operating system. This course has at least three labs that we use containerization for the installation of certain types of software.
In this Lab, students will learn how to discover vulnerabilities on their home or business network (The Windows XP Victim should be up and running as part of your network). In this Lab, you will use the industry vulnerability scanner, NESSUS. NESSUS is considered the industry standard for vulnerability scanners. There are plenty of commercial-grade scanners on the market and they all have their good and bad points but NESSUS is considered the gold standard.
In this lab, we see how easy Meterpreter can be used to establish a reverse shell with Windows XP using a well-known SMB exploit. We will also see how to detect any countermeasures that may be running on the remote target. We will establish a remote desktop session using a VNC payload and capture keystrokes to include logon passwords using Meterpreter.
In this lab, we see how easy Meterpreter can be used to create a backdoor into a Windows machine using nothing more than built-in system tools. We will also see how easy it is to detect and disable the Windows firewall if it is running on our victim machine. Lastly, we’ll want to remove any traces of our presence from the Windows log files.
In this lab, students will learn to attack Windows XP using MS11-006 vulnerability provided by Metasploit. According to the Metasploit website:
This module exploits a stack-based buffer overflow in the handling of thumbnails within.MIC files and various Office documents. When processing a thumbnail bitmap containing a negative 'biClrUsed' value, a stack-based buffer overflow occurs. This leads to arbitrary code execution. In order to trigger the vulnerable code, the folder containing the document must be viewed using the "Thumbnails" view.