
You're going to have a lot of fun in this course - as you are going to learn step by step how to build a working penetration testing lab but please keep in mind that the attacks taught in this course are designed to be confined to your lab environment.
It is imperative that you refrain from using the techniques taught in this course on real organization networks or systems. It is illegal to execute any cyber attacks against a target organization without the explicit written permission of an authorized individual in the target organization. Neither Securitypluspro.com nor it's employees will be held liable for any misuse or abuse of the material taught in the course.
Now with that out of the way, let's get started!
Alright, let's dive into the material!
Yes! Yes!
Alright, let's do this. I figured I'd start with my top for tips for helping you get the most out of this course.
So what do hackers look like? Are we talking about Chloe from 24? Trinity from the Matrix? Or something a little less glorious?
Have you ever meet a guy at a party, social event, networking event or whatever - who is trying to sound smart and everyone knows it?
Maybe he's tossing terms around like "Firewall" , "DHCP" and "ifconfig". And maybe he even looks cool too - but what does he really know?
In this quick video we'll teach you how to talk the talk so you can understand the complex world of ethical hacking and penetration testing.
So exactly how does all this hacking stuff work?
Do you just fire up a password cracking tool and start hammering away? Some people might go that route but the hackers that actually break into organizations and slip under the radar are typically using benign administrator tools in malicious ways.
In this guide you'll begin to grasp the stages of a well crafted attack.
Here are the weapons of warfare we will use in this course.
Alright, so now the question you've been waiting for: "Can my system handle the lab?"
The short answer is "Probably so" but here's how to know for sure.
And now it's time to unveil the lab we will build together.
This lab will give you everything you need to really learn how to hack and gain the experience you need to attack real world targets.
You're going to learn why you should use VMWare Workstation for your lab (and not VirtualBox).
We're also going to standup a Kali Linux attack box and in a special bonus lecture, I'm going to show you some really slick tricks for personalizing the user interface.
We'll compare the pro's and con's of VMware vs Virtualbox and then download VMware on to our Windows laptops.
In this lecture you'll install VMWare workstation. I also explain the significance of the Enhanced Keyboard Driver and three reasons why you should enable it.
There's are tons of settings in VMware but I'm only going to show you the most important features which will help us get our pentest lab setup as soon as possible. I'll also break down some common virtualization terms such as Guest and Host and show you how to config and edit your virtual network settings.
And now we're off to the races. In this short video we will download Kali and I'll teach you the #1 reason why you SHOULDN'T download the VMWare Kali LInux image for VMWare workstation. It's counter-intuitive I know... answer is inside.
You'll learn how to setup the Kali ISO in VMWare. Step-by-step we'll go through selecting the ISO, choosing our OS, naming the virtual machine, setting the save location, configuring the disk size, optimizing performance for our VM by using a single file and boosting the RAM. And we'll also configure the virtual network adapters in the virtual network editor. We'll finish by creating folders in VMWare so we can stay organized. All in less than 5 minutes so hold on!
This is the big boy! You'll see step-by-step how to Install Kali Linux from scratch. You'll learn about key rookie mistakes people make when Installing Kali Linux and also little tips and tricks for ensuring a smooth installation process. I'll explain how to make sure your network configuration works, how to chose your domain name and more importantly two really powerful tricks for creating a super secure yet memorable root password.
You'll also learn about the SWAP and "/" partitions and a whole lot more. You don't want to miss this video! I'll see you inside.
Now it's time to make Kali our own. We're going to install VMWare Tools, change the guest OS resolution, use apt-get to install and upgrade all the packages and even pimp out our terminal by making it look really 1337. We're also going to set an awesome wallpaper background. All that and more is coming at you in this jam packed lesson!
Here's another trick for making Kali look even more awesome. You want to look elite when you're hacking and your girlfriend comes in and is like... "you look like that guy on the Matrix... what was his name?" - yeah - you're instantly going to become 205 point cooler after completing this one. We're going to install a special dark theme in Kali! Let's go.
Popping XP like popcorn baby!
We're going to p0wn this box. We're going to hack it and I'm going to walk you through the process every step of the way. This is our attack module and you're going to love it.
In order to setup Windows XP you'll need to find a legal copy of XP. Now that can prove to be difficult but it's not impossible. Despite it's ancient age, XP isn't free. In this lesson I'll show you two places to look for XP and we'll update VMWare tools on the guest OS.
If you can't find a legal copy of XP online (I bid you don't use torrents or warez sites unless you want to get infected and like getting in trouble with the law). Instead, there's a clever trick I figured out for extracting XP from an executable that Microsoft gives us for free. You can't find this trick yet online (trust me I looked!)
You would be surprised if I told you how many organizations are actually still running Windows Server 2008 in their enterprises. That's why we're not setting up a Windows Server 2016 or 2012 domain controller; it's going to be Windows 2008 all the way!
Awesome! Now we're going to zip through the Windows 2008 installation... don't worry it's super simple - almost doesn't even warrant a video lecture but this video is so short you might as well watch it so you can avoid key rookie mistakes.
You're going to become a sysadmin!? huh? Yup, I know it's not what you signed up for but learning basic system administration like configuring a domain controller is a key skill that penetration testers need to know in the real world. That's part of the reason we're going to setup a domain controller (DC) from scratch. In addition, we need a DC in our environment so it reflects the infrastructure of real-world targets.
We're going to breeze through the installation so don't expect anything in depth here but I'll explain what I'm doing so you can practice on your own.
Oh yes! We have to perform the basics before we can hack so in this super short lesson I'll show you how to confirm connectivity between your Kali attack box and Windows DC, We'll finish the lesson off by launching an nmap OS fingerprinting scan against the target to confirm connectivity. It's short and fun so let's not waste anytime!
Metasploitable2 is a w e s o m e. It's a vulnerable linux distro that contains tons of exploitable flaws and is the PERFECT way to practice your penetration testing hacking skills in a safe non-destructive way. In this lecture we'll go and download Metasploitable2. Then we'll set it up in our pen testing lab and look at our first vulnerable web app.
It's time to hack. Let's do this baby!
That's right - today you're going to launch your offensive strike against our XP box. The firewall is enabled but that doesn't matter - we're going to craft a phishing email, send it to the victim's inbox and when he clicks it we'll get a reverse TCP shell in Kali! I'll explain everything I'm doing in this video. Let's go!
Yes Yes! Now we're going to install nessus on Kali. I wish it shipped by default but it doesn't so in this lesson you'll learn how to download, install and activate the free home version of nessus and then I'll show you how to use it against our vulnerable target in the next lecture.
In this quick lecture you're going to learn what to do after you've installed nessus.
We're going to configure nessus through the web interface. We're going to:
You'll also learn how to make sure your VMWare Workstation adapters are properly configured to allow all magic to work
In this lecture you're going to learn how to scan a target with nessus and then analyze the report so you can stage an attack against your Windows 2008 victim.
We're going to use the Metasploit Framework to knock over the box and then I'll show you how an incident responder might detect the attack.
According to OWASP, most organization are breached through the web app. That's why in this lecture you're going to learn relevant skills for attacking web based applications (all from within the comfort of your own lab)
It's going to be a lot of fun so let's jump in!
nikto is a powerful but often misunderstood and underrated web app scanner. In this lecture you'll learn about the hidden power of nikto by running a scan against our metasploitable2 target.
Yes!
Okay SQL Injection (also known as SQLi) is one of the most prevalent security vulnerabilities in almost every web application on the planet.
In this lecture not only will you learn step by step how to use Burp Suite to aid a SQLi attack, but you'll also learn the mechanics behind exactly what a SQLi is (and why it works and is so deadly). We're going to look at the source code of the application and craft an attack to bypass a Javascript client-side validation weakness.
You're going to have a lot of fun here so gear up and let's go!
Here's my personal list of resources for honing your penetration testing and ethical hacking skills. This is my personal catalog of resources that I use to hone my skills and I wanted to share it with you because I know it will benefit you.
Check it out!
In this lecture we're going to dig into the following resources:
If you know of any other awesome resources leave a comment below for your classmates!
In this lecture we're going to dig into the following resources:
If you know of any other resources I missed, please leave a comment so everyone else in the class can see and learn!
Alright, let's dig into some more great resources:
In the next lecture we'll dig into my tip three resources to learn about SQL injection in detail.
Here are my top three resources to learn about SQL injection online:
If you know of any other excellent SQLi tutorials please share below in the comments!
In this lecture you'll learn about the some awesome vulnerable Linux distributions and old applications which are ready to be hacked.
As always, share any of your own discoveries in the comments below!
CTF's stand for "Capture the Flag" games in the context of information security refers to a multiplayer online game where computer security enthusiasts, ethical hackers and penetration testers can come together and test their skills against each other and against vulnerable targets.
There are a few good ones that are free such as SANS Netwars which is often offered for free at BSides conferences.
In this lecture we'll cover two popular online CTF sites:
Leave a comment if you know of any solid free CTF resources online.
In this bonus lecture we'll show you how to get into a cybersecurity career.
I'll tell you a little big about my story, the balance between experience and certifications.
Here is a list of the resources mentioned in this lecture:
Share your thoughts in the comments below! If you have any questions post them in the comments so we can start a dialogue.
Thanks again for purchases this course and best of luck on your journey deeper into the awesome world of cybersecurity! You now have a complete ethical hacking lab and the knowledge and skills to make a real impact in the world.
Do You Have What It Takes?
Have you ever wondered how hackers breach systems? How does malware work? How do hackers crack passwords, gain unauthorized access to social sites such as Facebook or impersonate legitimate users by stealing credentials?
What if it were possible to pass the CompTIA Security+ exam without just reading a book or watching a video?
What if you could actually create real-life attack scenarios in the comfort of your own home using the very tools the attackers use?
Maybe You Have Questions...
The cybersecurity sector is a hot field. According to Symantec, "the demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million" and the 2014 Cisco Annual Security Report warned that there was an estimated 1 million openings in cybersecurity.
Cybersecurity positions are on the rise. Cybersecurity was the top IT priority in the Obama administration and appears to be a priority for Trump as well. There is a deep need for talented, professional white-hat hackers who can protect critical infrastructure and make a positive difference in the world.
This is what most people do...
Most people who want to get into cybersecurity make the rookie mistake of wading through endless blogs, books (Messer and Myers), Youtube videos, magazines and Reddit forums trying to read everything they can about hacking.
With this approach, you'll probably gain some good head knowledge about how to hack, but if a potential employer gave you an Ethernet jack and a laptop and said:
Here, go break into our enterprise - you've got 30 minutes.
Would you know what to do?
The raw truth
Most professional hackers can gain domain administrator rights before lunch.
It's not hard but if you don't know where to begin it can be extremely challenging.
Do it right the first time
That's where the Weekend Pen-Testing Lab Creation Boot camp comes in. This intensive two-day boot camp shortcuts your time investment by training you to build a professional-grade penetration testing lab.
This is a hands-on course that will transform you into a confident penetration tester (even if you have no prior experience).
The boot camp is a step-by-step system for building a practice lab so you can gain the experience you need to become a professional penetration tester. You can then use your lab not only as a platform to pass the CompTIA Security+ exam but also other more advanced certifications such as the CEH "Certified Ethical Hacker" and others.
By the end of this course, not only will you know how to hack but you'll have the infrastructure in place to hone your tradecraft and become an excellent candidate for entry level penetration testing jobs.
If you do the work, complete the exercises and practice your hacks - you will succeed. You will be building a professional pen-testing lab using the very same attack tools the bad guys use to breach organizations and compromise systems.
Are you up for the challenge?
When you finish this course, you will:
Here's what you'll get
Here's what you'll create
Your time is now.
Your Investment
When you signup today you will get:
So let us ask you the question: do you have what it takes to be a hacker?
After taking this course you will be able to confidently say: yes!