Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Development Tools No-Code Development
Business
Entrepreneurship Communications Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certification Network & Security Hardware Operating Systems Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design Design Thinking 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA Amazon AWS CompTIA Security+ AWS Certified Developer - Associate
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting InDesign Character Design Canva Figure Drawing
Life Coach Training Neuro-Linguistic Programming Personal Development Mindfulness Meditation Personal Transformation Life Purpose Emotional Intelligence CBT
Web Development JavaScript React CSS Angular PHP WordPress Node.Js Python
Google Flutter Android Development iOS Development Swift React Native Dart Programming Language Mobile Development Kotlin SwiftUI
Digital Marketing Google Ads (Adwords) Social Media Marketing Google Ads (AdWords) Certification Marketing Strategy Internet Marketing YouTube Marketing Email Marketing Retargeting
SQL Microsoft Power BI Tableau Business Analysis Business Intelligence MySQL Data Modeling Data Analysis Big Data
Business Fundamentals Entrepreneurship Fundamentals Business Strategy Online Business Business Plan Startup Blogging Freelancing Home Business
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee
IT & Software Network & Security Ethical Hacking

Hands-on: Complete Penetration Testing and Ethical Hacking

Learn Phishing, Password Cracking, Network Scanning, Metasploit Framework with Hands-On examples and become Hacker
Rating: 4.5 out of 54.5 (1,252 ratings)
9,014 students
Created by Muharrem AYDIN
Last updated 2/2021
English
English [Auto]
30-Day Money-Back Guarantee

What you'll learn

  • Setting Up The Laboratory
  • Install Kali Linux - a penetration testing operating system
  • Install Windows & vulnerable operating systems as virtual machines for testing
  • Discover vulnerable applications
  • Vulnerability scanning, Exploit, Post Exploit, Payload
  • Gain control over computer systems using server side attacks
  • Exploit vulnerabilities to gain control over systems
  • Gathering password hashes, cracking passwords, taking screenshots, logging keystrokes etc.
  • Using backdoors to persist on the victim machine
  • Information Gathering Over the Internet Tools
  • Web App Hacking Tools
  • Social Engineering Toolkit (SET) for Phishing
  • The very latest up-to-date information and methods
Curated for the Udemy for Business collection

Requirements

  • A strong desire to understand hacker tools and techniques
  • Be able to download and install all the free software and tools needed to practice
  • All items referenced in this course are Free
  • A strong work ethic, willingness to learn and plenty of excitement about the back door of the digital world

Description

Welcome to my "Hands-on: Complete Penetration Testing and Ethical Hacking! " course.

My name is Muharrem Aydin (White-Hat Hacker), creator of the three best-selling Ethical Hacking and Penetration Testing courses on Udemy.

This time I’ve designed "Hands-on: Complete Penetration Testing and Ethical Hacking!, for YOU!

My "Hands-on: Complete Penetration Testing and Ethical Hacking!  is for everyone! If you don’t have any previous experience, not a problem!  This course is expertly designed to teach everyone from complete beginners, right through to pro hackers. You'll go from beginner to extremely high-level and I will take you through each step with hands-on examples.

And if you are a pro Ethical Hacker, then take this course to quickly absorb the latest skills, while refreshing existing ones.

Good news is:

★★★★★ All applications and tools recommended are free. So you don’t need to buy any tool or application.

My course, just as my other courses on Udemy, is focused on the practical side of penetration testing and ethical hacking but I also will share with you the theory side of each attack. Before jumping into Penetration Testing or other practices with Ethical Hacking tools you will first learn how to set up a lab and install needed software on your machine.   In this course, you will have a chance keep yourself up-to-date and equip yourself with a range of Ethical Hacking skills.

When you finish this course you will learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. I am coming from field and I will be sharing my 20 years experience with all of you. So you will also learn tips and tricks from me so that you can win the battle against the wide range of cyber adversaries that want to harm your environment.  

Here is the list of  what you’ll learn by the end of course,    

Setting Up The Laboratory
Set Up Kali Linux from VM
Set Up Kali Linux from ISO File
Set Up a Victim: Metasploitable Linux
Set Up a Victim: OWASP Broken Web Applications
Set Up a Victim: Windows System


Penetration Test

Penetration Test Types
Security Audit
Vulnerability Scan
Penetration Test Approaches: Black Box to White Box
Penetration Test Phases: Reconnaissance to Reporting
Legal Issues Testing Standards


Network Scan

Network Scan Types
Passive Scan With Wireshark
Passive Scan with ARP Tables
Active Scan with Hping
Hping for Another Purpose: DDos


Nmap for Active Network Scan

Ping Scan to Enumerate Network Hosts
Port Scan with Nmap
SYN Scan, TCP Scan, UDP Scan
Version & Operating System Detection
Input & Output Management in Nmap
Nmap Scripting Engine
How to Bypass Security Measures in Nmap Scans
Some Other Types of Scans: XMAS, ACK, etc.
Idle (Stealth) Scan


Vulnerability Scan

Introduction to Vulnerability Scan
Introduction to a Vulnerability Scanner: Nessus
Nessus: Download, Install & Setup
Nessus: Creating a Custom Policy
Nessus: First Scan
An Aggressive Scan
Nessus: Report Function


Exploitation

Exploitation Terminologies
Exploit Databases
Manual Exploitation
Exploitation Frameworks
Metasploit Framework (MSF)
Introduction to MSF Console
MSF Console & How to Run an Exploit
Introduction to Meterpreter
Gaining a Meterpreter Session
Meterpreter Basics
Pass the Hash: Hack Even There is No Vulnerability

Post-Exploitation

Persistence: What is it?
Persistence Module of Meterpreter
Removing a Persistence Backdoor
Next Generation Persistence
Meterpreter for Post-Exploitation with Extensions: Core, Stdapi, Mimikatz...
Post Modules of Metasploit Framework (MSF)
Collecting Sensitive Data in Post-Exploitation Phase


Password Cracking

Password Hashes of Windows Systems
Password Hashes of Linux Systems
Classification of Password Cracking
Password Cracking Tools in Action: Hydra, Cain and Abel, John the Ripper...

OSINT (Open Source Intelligent) & Information Gathering Over the Internet

Introduction to Information Gathering
Using Search Engines to Gather Information
Search Engine Tools: SiteDigger and SearchDiggity
Shodan
Gathering Information About the People
Web Archives
FOCA - Fingerprinting Organisations with Collected Archives
Fingerprinting Tools: The Harvester and Recon-NG
Maltego - Visual Link Analysis Tool

Hacking Web Applications

Terms and Standards 
Intercepting HTTP & HTTPS Traffics with Burp Suite
An Automated Tool: Zed Attack Proxy (ZAP) in Details
Information Gathering and Configuration Flaws
Input & Output Manipulation
Cross Site Scripting (XSS)
Reflected XSS, Stored XSS and DOM-Based XSS
BeEF - The Browser Exploitation Framework
SQL Injection
Authentication Flaws
Online Password Cracking
Authorisation Flaws
Path Traversal Attack
Session Management
Session Fixation Attack
Cross-Site Request Forgery (CSRF)


Social Engineering & Phishing Attacks

Social Engineering Terminologies 
Creating Malware - Terminologies
MSF Venom
Veil to Create Custom Payloads
TheFatRat - Installation and Creating a Custom Malware
Embedding Malware in PDF Files
Embedding Malware in Word Documents
Embedding Malware in Firefox Add-ons
Empire Project in Action
Exploiting Java Vulnerabilities
Social Engineering Toolkit (SET) for Phishing
Sending Fake Emails for Phishing
Voice Phishing: Vishing

Network Fundamentals

Reference Models: OSI vs. TCP/IP
Demonstration of OSI Layers Using Wireshark
Data Link Layer (Layer 2) Standards & Protocols
Layer 2: Ethernet - Principles, Frames & Headers
Layer 2: ARP - Address Resolution Protocol
Layer 2: VLANs (Virtual Local Area Networks)
Layer 2: WLANs (Wireless Local Area Networks)
Introduction to Network Layer (Layer 3)
Layer 3: IP (Internet Protocol)
Layer 3: IPv4 Addressing System
Layer 3: IPv4 Subnetting
Layer 3: Private Networks
Layer 3: NAT (Network Address Translation)
Layer 3: IPv6
Layer 3: DHCP - How the Mechanism Works
Layer 3: ICMP (Internet Control Message Protocol)
Layer 3: Traceroute
Introduction to Transport Layer (Layer 4)
Layer 4: TCP (Transmission Control Protocol)
Layer 4: UDP (User Datagram Protocol)
Introduction to Application Layer (Layer 5 to 7)
Layer 7: DNS (Domain Name System)
Layer 7: HTTP (Hyper Text Transfer Protocol)
Layer 7: HTTPS


Network Layer & Layer-2 Attacks

Creating Network with GNS3
Network Sniffing: The “Man in the Middle” (MitM)
Network Sniffing: TCPDump
Network Sniffing: Wireshark
Active Network Devices: Router, Switch, Hub
MAC Flood Using Macof
ARP Spoof
ARP Cache Poisoning using Ettercap
DHCP Starvation & DHCP Spoofing
VLAN Hopping: Switch Spoofing, Double Tagging
Reconnaissance on Network Devices
Cracking the Passwords of the Services of Network Devices
Compromising SNMP: Finding Community Names Using NMAP Scripts
Compromising SNMP: Write Access Check Using SNMP-Check Tool
Compromising SNMP: Grabbing SNMP Configuration Using Metasploit
Weaknesses of the Network Devices
Password Creation Methods of Cisco Routers
Identity Management in the Network Devices
ACLs (Access Control Lists) in Cisco Switches & Routers
SNMP (Simple Network Management Protocol) Security


You'll also get:

  • Lifetime Access to The Course

  • Fast & Friendly Support in the Q&A section

  • Udemy Certificate of Completion Ready for Download


Enroll now to become professional Ethical Hacker!

IMPORTANT: This course is created for educational purposes and all the information learned should be used when the attacker is authorised.
  
 






Who this course is for:

  • People who want to start from scratch and to move more advanced level
  • Leaders of incident handling teams
  • People who want to take their Hacking skills to the next level
  • People who are cyber security experts
  • People who want transition to Cyber Security
  • Incident handlers
  • System administrators who are on the front lines defending their systems and responding to attacks
  • Other security personnel who are first responders when systems come under attack

Featured review

Ignatius Josiah Heng
Ignatius Josiah Heng
17 courses
9 reviews
Rating: 5.0 out of 5a year ago
I know almost everything you mentioned so far. I'm here more for learning the processes and methodology. I'm quite familiar with pentest fundamentals as I subscribe & play Hack-The-Box labs. My favorite command: nmap -v -sS --script '*-vuln*' <target_ip>

Course content

16 sections • 265 lectures • 19h 22m total length

  • Preview07:34

  • Preview00:40
  • Virtualisation Platforms
    01:29
  • Enabling Virtualization (VT-x or AMD-V) in BIOS
    00:42
  • Lab's Architecture Diagram
    01:29
  • Using VirtualBox vs VMware
    00:18
  • Installing & Running Oracle VM VirtualBox
    05:02
  • Installing Kali using the VMware Image - Step 1
    03:13
  • Installing Kali using the VMware Image - Step 2
    04:47
  • Installing Kali using the VMware Image - Step 3
    04:30
  • Installing Kali using the ISO file for VMware - Step 1
    02:49
  • Preview06:48
  • Installing Kali using the ISO file for VMware - Step 3
    02:41
  • Installing Kali on VirtualBox using the OVA file - Step 1
    03:14
  • Installing Kali on VirtualBox using the OVA file - Step 2
    06:44
  • Installing Kali on VirtualBox using the OVA file - Step 3
    04:11
  • Installing Kali using the ISO file for VirtualBox - Step 1
    02:49
  • Installing Kali using the ISO file for VirtualBox - Step 2
    06:49
  • Installing Kali using the ISO file for VirtualBox - Step 3
    04:23
  • Metasploitable Linux
    03:12
  • Metasploitable for VirtualBox
    00:31
  • OWASP Broken Web Applications
    05:24
  • Free Windows Operating Systems on VMware
    05:54
  • Free Windows Operating Systems on Oracle VM VirtualBox
    02:55
  • Windows Systems as Victim
    00:59
  • Configuring NAT Network for VirtualBox: Revisited
    01:07
  • Connections of Virtual Machines
    02:58

  • Content of the Section
    02:34
  • Definition of "Penetration Test"
    02:13
  • Penetration Test Types
    00:28
  • Security Audits
    04:41
  • Vulnerability Scan
    02:45
  • Preview03:08
  • Penetration Test Approaches
    02:44
  • Planning a Penetration Test
    04:24
  • Penetration Test Phases
    07:00
  • Legal Issues & Testing Standards
    04:18
  • Quiz - Introduction to Penetration Test
    3 questions

  • Preview00:14
  • Content of the Section
    01:07
  • Basic Terms of Networking
    05:36
  • Reference Models
    00:24
  • TCP/IP (Networking) Basics
    13:43
  • OSI Reference Model vs. TCP/IP Reference Model
    02:32
  • Network Layers in Real World
    07:59
  • Layer 2 - Data Link Layer
    03:50
  • Layer 2: Ethernet - Principles, Frames & Headers
    04:06
  • Preview06:10
  • Layer 2: Analysing ARP Packets
    03:14
  • Layer 2: VLANs (Virtual Local Area Networks)
    04:03
  • Layer 2: WLANs (Wireless Local Area Networks)
    07:01
  • Layer 3 - Network Layer
    01:36
  • Layer 3: IP (Internet Protocol)
    02:49
  • Layer 3: IPv4 Addressing System
    01:56
  • Layer 3: IPv4 Packet Header
    02:56
  • Layer 3: Subnetting - Classful Networks
    02:35
  • Layer 3: Subnetting Masks
    02:59
  • Layer 3: Understanding IPv4 Subnets
    03:09
  • Layer 3: IPv4 Address Shortage
    01:41
  • Layer 3: Private Networks
    03:59
  • Layer 3: Private Networks - Demonstration
    03:01
  • Layer 3: NAT (Network Address Translation)
    04:30
  • Layer 3: IPv6, Packet Header & Addressing
    08:30
  • Layer 3: DHCP - How the Mechanism Works
    09:23
  • Layer 3: ICMP (Internet Control Message Protocol)
    02:02
  • Layer 3: Traceroute
    09:50
  • Layer 4 - Transport Layer
    02:39
  • Layer 4: TCP (Transmission Control Protocol)
    06:59
  • Layer 4: TCP Header
    02:27
  • Layer 4: UDP (User Datagram Protocol)
    03:56
  • Layer 5-7 - Application Layer
    00:55
  • Layer 7: DNS (Domain Name System)
    05:56
  • Layer 7: HTTP (Hyper Text Transfer Protocol)
    03:09
  • Layer 7: HTTPS
    01:56
  • Summary of Network Fundamentals
    01:23
  • Quiz - Network Fundamentals
    4 questions

  • Content of the Section
    00:35
  • Network Scan Types
    02:50
  • Passive Scan with Wireshark
    06:35
  • Passive Scan with ARP Tables
    06:20
  • Active Scan with Hping
    04:25
  • Preview04:03

  • Introduction to Nmap
    04:14
  • Ping Scan
    04:59
  • TCP/IP (Networking) Basics
    09:26
  • TCP/IP Model on an Example
    05:19
  • TCP & UDP Protocols Basics
    07:11
  • Introduction to Port Scan
    01:12
  • SYN Scan
    06:07
  • Details of the Port Scan
    08:15
  • Preview07:11
  • UDP Scan
    04:11
  • Version Detection in Nmap
    07:10
  • Operating System Detection
    05:58
  • Input & Output Management in Nmap
    08:28
  • Nmap Scripting Engine: Introduction
    03:40
  • Preview07:43
  • Nmap Scripting Engine: First Example
    02:21
  • Nmap Scripting Engine: Second Example
    02:48
  • Nmap Aggressive Scan
    00:08
  • How to Bypass Security Measures in Nmap Scans
    06:07
  • Timing of the Scans
    05:45
  • Some Other Types of Scans: XMAS, ACK, etc.
    02:55
  • Idle (Zombie) Scan
    07:44
  • Quiz - Network Scan and Nmap
    6 questions

  • Introduction to Vulnerability Scan
    09:19
  • Introduction to Nessus
    01:57
  • Nessus® Home vs Nessus® Essentials
    00:52
  • Nessus: Download
    01:40
  • Nessus: Install & Setup
    03:42
  • Preview05:39
  • Nessus: First Scan
    07:07
  • An Aggressive Scan
    04:23
  • Results of an Aggressive Scan
    07:17
  • Results of an Aggressive Scan with Windows Systems
    02:45
  • Nessus: Report Function
    02:21

  • Content of the Section
    00:43
  • Exploitation Terminologies
    06:13
  • Exploit Databases
    01:56
  • Manual Exploitation
    05:39
  • Exploitation Frameworks
    03:36
  • Metasploit Framework (MSF): Introduction
    01:22
  • Architecture of Metasploit Framework
    05:01
  • Introduction to MSF Console
    02:13
  • MSF Console: Initialisation
    02:16
  • MSF Console: Search Function & Ranking of the Exploits
    03:37
  • MSF Console: Configure & Run an Exploit
    08:14
  • Preview00:54
  • Running the First Exploit in Meterpreter
    02:12
  • Meterpreter Basics on Linux
    08:36
  • Meterpreter Basics on Windows
    05:51
  • Pass the Hash: Hack Even There is No Vulnerability
    04:00
  • Pass the Hash: Preparation
    03:49
  • Pass the Hash: Gathering Some Hashes
    02:15
  • Pass the Hash: Try Other Assets
    10:25

  • Introduction to Post-Exploitation
    03:28
  • Persistence: What is it?
    01:28
  • Persistence Module of Meterpreter
    08:55
  • Preview05:00
  • Persist on a Windows 8 Using Meterpreter's Persistence Module
    02:56
  • Another Way of Persistence: Persistence Exe - I
    04:40
  • Another Way of Persistence: Persistence Exe - II
    04:32
  • Meterpreter for Post-Exploitation
    01:37
  • Meterpreter for Post-Exploitation: Core Extension
    01:45
  • Meterpreter for Post-Exploitation: Core Extension - Session Commands
    02:31
  • Meterpreter for Post-Exploitation: Core Extension - Channel Command
    02:43
  • Meterpreter for Post-Exploitation: Core Extension - Migrate Commands
    03:34
  • Meterpreter for Post-Exploitation: Stdapi Extension
    01:05
  • Meterpreter for Post-Exploitation: Stdapi Extension - File System Commands
    05:19
  • Meterpreter for Post-Exploitation: Stdapi Extension - System Commands
    04:13
  • Meterpreter for Post-Exploitation: Stdapi Extension - User Interface Commands
    04:08
  • Meterpreter for Post-Exploitation: Incognito Extension
    03:26
  • Meterpreter for Post-Exploitation: Mimikatz Extension
    Preview03:53
  • Post Modules of Metasploit Framework (MSF)
    02:01
  • Post Modules: Gathering Modules
    01:21
  • Post Modules: Managing Modules
    06:51
  • Quiz - Exploitation and Post Exploitation
    5 questions

  • Introduction to Password Cracking
    03:06
  • Password Hashes of Windows Systems
    03:30
  • Password Hashes of Linux Systems
    02:33
  • Classification of Password Cracking
    02:11
  • Password Cracking Tools
    00:08
  • Hydra: Cracking the Password of a Web App
    10:01
  • Password Cracking with Cain & Abel
    01:01
  • Cain & Abel - Step 1: Install & First Run
    02:39
  • Cain & Abel: Gathering Hashes
    04:40
  • Cain & Abel: Importing Hashes
    04:31
  • Preview04:19
  • Cain & Abel: A Brute Force Attack
    03:32
  • John the Ripper
    07:28

Instructor

Muharrem AYDIN
Computer Engineer, Cyber Security Expert, IT Lawyer
Muharrem AYDIN
  • 4.3 Instructor Rating
  • 7,347 Reviews
  • 47,417 Students
  • 20 Courses

After 20+ years of software engineering experience with titles of software developer, product manager, and integration architect, I have been working in cyber security domain for last 15 years. I am not only a cyber security expert but also the head and kick-starter of a cyber security consultancy unit. 

In security field, I have performed dozens of penetration tests for institutes from different sectors: finance, military, state agencies, and telcos.

I have been consulting different companies in security field which includes global banks such as ING Bank, HSBC, CitiBank and more.

In addition, I am an adjunct instructor in a university and teaching cyber security for years.

I involved in technical areas and has taken responsibilities in: 

Penetration tests (Pentests) and security audits

Cyber security training & consultancy

Source code analysis & secure software development

Cyber security incident response

Information security management system (ISMS) consultancy 

Open source cyber security systems, such as OpenVAS, OSSEC, OSSIM, Snort, Suricata, mod security

I'm creating my courses by using my know-how and 10 years of experience. As a result, our first course "Hacking Web Applications and Penetration Testing: Fast Start!" has gained "Best Seller" reputation in its category. 

I have risen a lot of cyber security experts from scratch, and you are the next.


  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Featured courses
Udemy
© 2021 Udemy, Inc.