Ethical Hacking - A Hands-On Approach to Ethical Hacking
4.5 (819 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
63,594 students enrolled

Ethical Hacking - A Hands-On Approach to Ethical Hacking

Ethical Hacking - A Complete Hands-On Training on Offensive Ethical Hacking and Penetration Testing Using Kali Linux
4.5 (819 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
63,596 students enrolled
Created by Prof. K
Last updated 8/2020
English
English [Auto]
Current price: $13.99 Original price: $19.99 Discount: 30% off
23 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 9.5 hours on-demand video
  • 7 articles
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Use virtualization as it applies to penetration testing.
  • Discover, scan and exploit network vulnerabilities.
  • Demonstrate the ability to perform an entry level penetration test.
  • Hack and secure wired networks
  • Hack secure systems using client-side and social engineering attacks
  • Create a virtual install of Kali Linux
  • Learn linux fundamentals
Requirements
  • Complete Module 01 - Virtual Network Lab Build
  • A laptop or desktop capable of running two simultaneous virtual installs in conjunction with their host operating system.
  • Basic networking skills, IP addressing, familiarization with ports and services, configure a network adapter, use PING, IFCONFIG, IPCONFIG
  • Reliable LAN or cable connection for Internet access.
  • A host machine running Windows 7, 8.1 or 10 (preferred). MAC and Apple machines will work but a Windows host is preferred.
  • A minimum of 4 GB of RAM (8 GB preferred)
  • Basic computer fundamentals.
  • Basic operating system fundamentals.
Description

Course Overview

This course provides learners with a basic level of competency using a  hands-on approach to gaining practical experience as a penetration tester or an ethical hacker (white, grey or black).

This course provides a fundamental look at offensive security concepts and techniques using a virtual install of Kali Linux and three different target victims, Windows XP, Server 2008 and Linux (Metesploitable2).  This course provides a 100% hands-on approach to learning to be an ethical hacker or a pentester.

How is the course structured?

The course uses short video tutorials, hands-on labs, virtualization, and open source tools for step-by-step learning of ethical hacking fundamentals; the same tools and open-source software are used by professional penetration testers and ethical hackers.

This course provides videos, labs, and links for downloading the free and open-source software used throughout this course.

You will able to build a virtual install of Kali Linux and Windows XP for the virtual lab environment. You should complete the first lab of this course before enrolling.  Starting with lab 2, we will begin scanning and attacking a Windows XP  victim. If the first lab cannot be completed, there is no need to enroll in the course since all labs that follow are dependent on the first lab being completed.

You will learn how intruders escalate privileges and what steps can be taken to stop them, the importance of a strong firewall, the importance of keeping systems and software updated and the use of complex passwords.

You will also learn how to launch DDoS Attacks, Buffer Overflows, keylogging, and password hacking.  Completion of the course will help prepare an individual for an entry-level position as a pen-tester or ethical hacker. On completing this course,  you will receive a course completion.

If you would like to discuss ethical hacking, watch someone else talk about technology or write a  paper, there are plenty of other courses to choose from. To successfully complete this course students must demonstrate the fundamental concepts of offensive hacking. In other words, learners will learn something by doing.

Course Objectives

  1. Demonstrate the use of offensive security tools and techniques.

  2. Proficiency in the use of the CLI (Command Line Interface) of Linux.

  3. Use Linux as a hacking platform.

Who should take this course?

Network administrators, cybersecurity students, entry-level penetration testers, anyone who wants to be an ethical hacker, concerned parents,  concerned spouses, law enforcement and anyone with a solid background in technology.

Who should not take this course?

Anyone suffering from technophobia (the fear of learning new technology).  Anyone not having a good understanding of the OSI model, or the TCP/IP  suite.

What are the course requirements, Knowledge level?

  • A  good understanding of basic networking concepts, the TCPI/IP stack, how devices communicate, and basic troubleshooting of network connectivity issues.

  • How to use a computer, a mouse and a keyboard.

  • How to configure a static IP address on a Network adapter.

  • How to check for connectivity using PING, IPCONFIG, and IFCONFIG.

  • This course will not cover or review the OSI model, discuss IP addressing or any basic networking concepts. Students are expected to have these skills when they enroll.

​Hardware

  • PC, laptop or desktop capable of virtualization. (Virtualization enabled BIOS).

  • A minimum of 4 GB of RAM, (8 GB or more of RAM recommended).

  • Administrative access to the host operating system. (You own the machine).

  • LAN or cable connection for Internet access. (Cannot use a wireless connection).

  • High-speed internet access using a reliable Internet connection. (5mb or higher throughput).

Software

  • Any 64-bit Windows operating system. (preferred)

  • A current 64-bit version of Mac or a Linux operating system.

  • Installation of VMWare Player (free edition) for Windows and Linux users. (Links provided in the lab).

  • Installation of Virtualbox for MAC. (Links provided in the lab).

  • Installation of 7zip (Links provided in the lab).

  • Copy of Kali ISO or Kali VMWare or Virtualbox image. (Links provided in the lab).

  • Copy of Windows XP SP2 (Links provided in the lab).

  • Copy of Server 2008 SPI 32 bit (Links provided in the lab).

  • Copy of Metesploitable2 (Links provided in the lab).

 

Who this course is for:
  • Anyone a wanting pure 100% hands-on learning experinece.
  • Anyone wanting to learn the basics network penetration.
  • Anyone wanting to apply basic hacking concepts.
  • Anybody wanting to learn how hackers hack computer systems
  • Anybody wanting to learn how to secure their systems from hackers
Course content
Expand all 57 lectures 09:33:01
+ Course Overview
1 lecture 03:57

In this section, you are given a brief overview of how the course is built.  

Preview 03:57
+ Building Your Virtual Lab Enviorment
4 lectures 42:22

In this first lab, students will create a virtual install of Kali Linux using VirtualBox depending on their host platform and personal preferences.

Preview 13:28

In this lab, you will learn how to install the CSI Investigator Suite. CSI Linux was developed by Computer Forensics, Incident Response, and Competitive Intelligence professionals to meet the current needs of their clients, government agencies, and the industry. CSI Linux Investigator is a Virtual Machine Appliance that contains 3 different virtual machines.

Preview 10:55

Windows XP is our victim or target for the labs. Though some of these labs will work using newer operating systems as targets, Windows XP is still relevant in roughly 75% of all networks making it a viable target.

Preview 07:48

A short video on troubleshooting connectivity issues between Kali and your target machines. Use this video to ensure your Kali and other virtual machines have connectivity between them.

Preview 10:11
+ Optimizing Kali
1 lecture 09:55

In this short video presentation, you will learn how to install an additional 300+ pentesting tools using a free Python3 script called Katoolin3.

Video and Lab - Install Additional Tools Using Katoolin3
09:55
+ Anonymity - Remaining Anonymous While Hacking Online
3 lectures 26:24

In this lab, you will learn how to stay anonymous while hacking online using TOR and Proxychains. Remaining anonymous while hacking is easy, it just requires some configuration which you will learn in this lab.

Video and Lab – Remaining Anonymous Online using TOR and Proxychains
09:45

In this lab, you will learn how to hide your identity on the Internet using anonsurf. Anonsurf is a script made by the ParrotSec team that completely anonymizes you with just one click of a button using TOR proxies. Anonsurf automatically routes ALL your traffic through TOR, including your DNS requests to prevent DNS leaks.

Video and Lab - Using anonsurf on Kali Linux to Stay Anonymous
08:06

In this lab, you will learn how to improve your online privacy by using the CIS Linux Gateway to better hide your location and prevent DNS leaks.

Video and Lab - Lab – Ensuring Anonymity Using the CSI Linux Gateway
08:33
+ Passive reconnaissance
3 lectures 22:54

In this lab, you will learn to gather passive information from the Internet using Maltego. This lab uses the community edition built into our Kali Linux that is limited to private or non-commercial use and the number of results that can be displayed in a graph.  It is capable of gathering a significant amount of passive information about a prospective entity in a single sweep of the Internet.

Video and Lab - Information Gathering Using Maltego
09:30

In this short video, you will learn how to use some of the OSINT tools provided with CSI Linux Investigator.

Video and Lab - Conducting OSINT Using CSI Linux Investigator
08:23

In this lab, students will learn to use Metagoofil to extract data from publicly available documents and images. Metagoofil is an information-gathering tool designed for extracting metadata of public documents (pdf, doc, xls, ppt ,docx, pptx, xlsx) belonging to a target company.     

Video - Using Metagofil inside CSI Linux Analyst
05:01
+ Conducting a Passive Reconnaissance Using Shodan
3 lectures 30:07

In this short video and lab presentation, you will learn how to prepare and use the CSI Linux Analyst and CSI Gateway for secure anonymous access while using the Shodan search engine.

Video and Lab - Preparing CSI Analyst to Use Shodan
06:27

In this short video and lab, you will learn how to locate vulnerable devices connected to the Internet using Shodan.

Video and Lab - Using Shodan to Find Vulnerable Devices
15:33

In this short video and lab, you will be introduced to some of the more advanced search filters that can be used with Shodan.

Video and lab - Using Shodan to Search for Vulnerable Databases
08:07
+ NMap
3 lectures 49:24

In this first lab, students will use Nmap to investigate their network and identify potential targets. In this lab, students will be introduced to network discovery using Nmap, and becoming familiar the using CLI in Linux.

Video and Lab - Introduction to NMap
16:35

The Nmap scripting engine is one of Nmap's most powerful and, at the same time, most flexible features. It allows users to write their own scripts and share these scripts with other users for the purposes of networking, reconnaissance, etc. These scripts can be used for:

  •  Network discovery
  • More sophisticated and accurate OS version detection
  • Vulnerability detection
  • Backdoor detection
  • Vulnerability exploitation

In this lab, you will look at the scripts that have been shared and are built into Kali and will examine how to use them to do thorough recon on our target, to increase the possibility of success, and reduce the possibilities of frustration.

Video and lab - NMap Scripting Engine (NSE)
18:35

EternalBlue, sometimes written as ETERNALBLUE, is an exploit believed to have been developed by the U.S. National  Security Agency (NSA). It was leaked by the Shadow Brokers hacker group  on April 14, 2017, and was used as part of the worldwide WannaCry  ransomware attack on May 12, 2017.

For this lab, students will be using NMap to look for the vulnerability. EternalBlue  exploits a vulnerability in Microsoft's implementation of the Server  Message Block (SMB) protocol. This vulnerability is denoted by entry  CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog.  The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.

Video and lab - Scanning for WannaCry Ransomware
14:14
+ Scanning for Vulnerabilities Using NESSUS
3 lectures 37:30

In this lab, students will learn how to automate the installation of NESSUS using containerization. Students will be introduced to the Docker program which provides a sandbox for the running of applications called containers. Containers are self-contained images that come preconfigured with all the necessary dependencies, software and files to operate without having the call on the operating system. This course has at least three labs that we use containerization for the installation of certain types of software.

Video and Lab - Installing NESSUS Using Docker
14:34

In this Lab, students will learn how to discover vulnerabilities on their home or business network (The Windows XP Victim should be up and running as part of your network).   In this Lab, you will use the industry vulnerability scanner, NESSUS.  NESSUS is considered the industry standard for vulnerability scanners. There are plenty of commercial-grade scanners on the market and they all have their good and bad points but NESSUS is considered the gold standard.

Video and lab - Scanning for Vulnerabilities Using Nessus
11:05

In this video, students learn how to interpret their Nessus scan results.

Video - Using Your Nessus Scan Results
11:51
+ Scanning for Vulnerabilities Using OpenVAS
2 lectures 19:26

In this lab, you will install the Docker program into your Kali machine and then download and install OpenVAS as a container to run inside of Docker.

Video and Lab - Installing OpenVAS Using Docker
09:01

In this lab, you will conduct a vulnerability scan of your network using OpenVAS.

Video and Lab - Scanning for Vulnerabilities Using OpenVAS
10:25
+ Exploiting Windows XP
5 lectures 38:03

In this lab, you will learn to use the all-in-one pentesting/hacking suite called Metasploit and perform a DOS attack on a Windows XP target.

Video and Lab- Using Metasploit to Launch a DOS Attack Against Windows XP
08:39

In this lab, we see how easy Meterpreter can be used to establish a reverse shell with Windows XP using a well-known SMB exploit. We will also see how to detect any countermeasures that may be running on the remote target. We will establish a remote desktop session using a VNC payload and capture keystrokes to include logon passwords using Meterpreter.

Video and Lab - Establishing A VNC Shell Using Meterpreter
17:35

In this lab, we see how easy Meterpreter can be used to create a backdoor into a Windows machine using nothing more than built-in system tools. We will also see how easy it is to detect and disable the Windows firewall if it is running on our victim machine. Lastly, we’ll want to remove any traces of our presence from the Windows log files.     

Video and Lab - Using Meterpreter to backdoor Windows XP
11:30

Often times we can exploit an operating system by looking for vulnerabilities with the applications that are running. In this lab, we will use a well-known vulnerability found in a popular streaming media server called Icecast.

Lab - Exploiting Vulnerable Applications on Windows XP SP2
00:18

In this lab,  students will learn to attack Windows XP using MS11-006 vulnerability provided by Metasploit. According to the Metasploit website:

This module exploits a stack-based buffer overflow in the handling of thumbnails within.MIC files and various Office documents. When processing a thumbnail bitmap containing a negative 'biClrUsed' value, a  stack-based buffer overflow occurs. This leads to arbitrary code execution. In order to trigger the vulnerable code, the folder containing the document must be viewed using the "Thumbnails" view.

Lab - Hacking Windows XP via MS11-006 Windows Shell Graphics Processing
00:00