Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Subscribe
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Hands-on Penetration Testing Labs 2.0
Rating: 4.4 out of 5(527 ratings)
5,911 students

Hands-on Penetration Testing Labs 2.0

Learn from a real penetration tester!
Created byJesse K, M.S., OSCP, CEH, Security+, Linux+, Network+, CISSP
Last updated 4/2020
English

What you'll learn

  • Enumeration
  • Remote and Local Exploitation
  • Vulnerability Scanning
  • SQL injection
  • Cross-site Scripting
  • Reverse shells
  • Nmap
  • Metasploit
  • Nikto
  • Dirb
  • Burp Suite
  • Penetration Testing
  • Kali Linux
  • Remote and local buffer overflows
  • Privilege escalation
  • Custom exploit development

Course content

1 section17 lectures3h 19m total length

  • Introduction3:33

    Welcome. This lecture consists of an introduction and overview of my Hands-on Penetration Testing Labs 2.0 course. I look forward to working with you!

  • Overview of Lab Commands and Tools9:43

    This lecture will  provide a technical explanation of many but not all of the commands and tools we'll be utilizing within this course. Also, in the resources attached to this lecture, there are multiple URLs that contain additional comprehensive information related to what is covered. If there's anything you're confused about or need further information on that you cannot find out on your own with research, please feel free to contact me via the Q&A system or direct messaging.

  • Bonus Lab - Kali Linux 20202:58

    This lecture will show you how and where to download and configure the latest version of Kali Linux, 2020, which is tailor made for my Udemy course Hands-on Penetration Testing Labs 4.0. It's also being made available for all other courses, as the newest version has some slight differences which may make an impact.

  • Download and Configure Kali Linux VM on VirtualBox9:52

    This video will show you how to download and configure Kali Linux within VirtualBox, using the most recent version as of January 2019. Kali Linux is an industry standard for pentesters, and will be the OS used to exploit numerous intentionally vulnerable VMs during this course.

  • Download and Configure Window 7 Analysis VM8:42

    This lab will show you how to download, configure, and setup a Windows 7 VM and the various tools we’ll be needing to perform analysis on binaries. We’re going to need Immunity Debugger and mona.py for efficient and effective analysis of applications and Windows-based exploit development. All of the things we need are free, and I’ll show you where and how to get them.

  • Download Vulnerable Lab VMs1:00

    Now we're going to download several intentionally vulnerable VMs from my Google drive, which I've set up to allow you to conveniently download from a single location. Alternatively, you can search for them on Google, as they're publicly available on vulnhub. There will be more setups required later on for specific VMs that require manual installation and configuration, but these are what we use to start. If you don't have enough storage for all the VMs, you can delete them as necessary during your progression through this course.

  • PwnLab VM Enumeration and Exploitation27:58

    This lab will consist of the enumeration and exploitation of an intentionally vulnerable VM. You should already have this VM downloaded at this point. If not, please refer to the previous lab (lecture 5) for instructions on how to acquire all vulnerable VM's from my Google drive.

  • Brainpan 1 VM Enumeration and Exploitation39:46

    This lab will consist of the enumeration and exploitation of an intentionally vulnerable VM. You should already have this VM downloaded at this point. If not, please refer to the previous lab (lecture 5) for instructions on how to acquire all vulnerable VM's from my Google drive.

  • Mr Robot 1 VM Enumeration and Exploiotation20:57

    This lab will consist of the enumeration and exploitation of an intentionally vulnerable VM. You should already have this VM downloaded at this point. If not, please refer to the previous lab (lecture 5) for instructions on how to acquire all vulnerable VM's from my Google drive.

  • SickOS VM Enumeration and Exploitation8:23

    This lab will consist of the enumeration and exploitation of an intentionally vulnerable VM. You should already have this VM downloaded at this point. If not, please refer to the previous lab (lecture 5) for instructions on how to acquire all vulnerable VM's from my Google drive.

  • SkyTower 1 VM Enumeration and Exploitation13:24

    This lab will consist of the enumeration and exploitation of an intentionally vulnerable VM. You should already have this VM downloaded at this point. If not, please refer to the previous lab (lecture 5) for instructions on how to acquire all vulnerable VM's from my Google drive.

  • Introduction to Hackthebox9:43

    This lab will provide an overview of Hackthebox, and show you how to get set up and start hacking their VMs. Hackthebox is one of the best platforms for pentesting hands-down, offering free and paid CTF style VMs to hack over their VPN. Obviously, the paid version has more content. However, the catch is, you have to hack your way into their site in order to get an invite code.     

  • Active VM Enumeration and Exploitation12:44

    This lab will show you how to enumerate and exploit the retired Hackthebox VM, Active.

  • Windows 2008 Setup, Enumeration and Exploitation (Metasploitable 3)16:03

    This lab will show you how to setup, enumerate, and exploit one of the only available intentionally vulnerable Windows Server 2008 VMs, Metasploitable 3.

  • Apache Struts Setup and Exploitation5:00

    In this lab, we'll be setting up a local vulnerable Apache Struts application with docker, utilizing a standalone exploit to show proof of concept.

    Apache Struts is an open source web application framework for developing Java EE web applications. There are several critical vulnerabilities which pertain to certain versions of Apache Struts, several of which result in remote code execution. Due to its importance, I wanted to include a hands-on demo of Apache Struts to show its potential.

  • Introduction to Hack.me2:01

    This lab will provide an overview of Hack.me and show you how to get started with it. Hack.me is an open source collection of vulnerable sites that can be utilized anywhere for free, but requires registration. All you need to register is a valid e-mail address.

    Hack.me is supported by the creators of eLearnsecurity, which is one of the best cybersecurity training providers I've ever used. At the time of this recording, I've only completed their Web Application Penetration Testing cert, known as eWPT, but I plan to do their other certs over the next few years to support my continuing education units for my other certs.

  • Wordpress Enumeration and Exploitation7:23

    This lab will cover two of hack.me's vulnerable Wordpress exercises. Instructions on how to sign up for it are in the previous lab.

Requirements

  • Windows host (preferred, course tested with Windows 10, although other OS's should work)
  • VirtualBox
  • 8 GB RAM (the more the better)
  • Basic Linux skills
  • Several free vulnerable VMs (will include comprehensive lab setup instruction)

Description

NOTE: This is independent from my other course, Hands-on Pentration Labs 1.0 - they both have original content and you're not required to buy one or the other by itself.

Welcome to my Hands-on Penetration Testing Labs 2.0 course. You can think of this as part 2 of my other course which has a similar name. This lecture will provide an overview of what you can expect for the remainder of this course.

First of all, this course is extremely hands-on. This means we're not going to be doing much talking about the theory of penetration testing, we're going to be diving into hands on technical application right away. We'll be using VirtualBox as a software hypervisor to build a host-only lab environment. Not only will this help you gain insight into penetration testing, but will give you the skills and resources to create your own environment to test and research beyond what you learn in this course.

The lab is going to consist of Kali Linux, and a variety of intentionally vulnerable Linux and Windows VMs. Some of the things we'll be covering are enumeration and vulnerability scanning and local and remote exploitation with industry standard penetration testing tools such as nmap, dirb, and nikto, Metasploit and standalone exploits. We're also going to focus upon exploit development, covering in detail how to craft a buffer overflow exploit for a custom Linux and Windows binary.

In order to accomplish this goal of buffer over flow exploit development and debugging, we're going to be creating a Windows 7 analysis and attack machine. This will have industry standard tools for exploit dev such as Immunity Debugger. We're also going to learn how to use Kali Linux's built in gnu debugger for this purpose.

The technology and methodology used is in this course is current at the time of this recording, which is January 2019. If you're watching this after the stated date, don't be worried too much, as this content should still be highly relevant for aspiring penetration testers.

I will also be introducing you to several free training platforms which I've found to be extremely helpful prior to earning my many hands-on penetration testing certs including OSCP and eWPT. This training has also helped sky rocket my progress as a skilled senior penetration tester and subject matter expert.

I truly hope that you enjoy my course and I'm very excited to be working with all of you. If you have any trouble, please don't hesitate to reach out to me via the Q&A system or by direct message. However, please make sure you include a detailed and specific question, not something like "I can't get it to work".

Also, I highly encourage independent research and attempting to find answers on your own. This is the single most important skill as a penetration tester, the ability to find solutions to problems you haven't yet encountered.

I ask you to please go through the majority of this course prior to leaving a review so that you can accurately measure the course's quality in entirety. I always appreciate constructive feedback, and encourage students to reach out to me if they think anything valuable could be added to the coursework.

Thanks, and have fun!

Who this course is for:

  • Penetration Testers
  • Cyber Security Students
  • Cyber Security Analysts
  • Aspiring Penetration Testers
  • Aspiring Cyber Security Analysts
  • Technology Enthusiasts
  • OSCP Candidates
  • CEH Candidates
  • Pentest+ Candidates

Report abuse