Hands on, Interactive, Penetration Testing & Ethical Hacking
3.9 (60 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
639 students enrolled

Hands on, Interactive, Penetration Testing & Ethical Hacking

Prep for OSCP, Learn Ethical Hacking and Penetration Testing, Metasploit, BYPASS AnitVirus, Pivoting, Powershell EMPIRE
3.9 (60 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
639 students enrolled
Created by Nick Smith
Last updated 6/2017
English [Auto-generated]
Current price: $34.99 Original price: $49.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 3 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Choose the right exploitation methods with 100% practical hands on examples of real life scenarios. Learn to use Metasploit and Powershell together to enhance your attack. Utilize 'Pivoting' techniques to route into internal networks from compromised perimeter nodes to gain further exploitation and keep your sessions alive with 'persistance'. We will also explore 'covering your tracks' and evading Antivirus & IDS Systems.
  • Be able to 'hack' into a system by understanding flaws and weakness's in configurations using your logic and problem solving skills.
  • Students are requested to have root access to a system with multiple Operating Systems to mirror exactly what the course describes to illustrate learning. Please make sure you have a 500GB HDD and create sufficient space on each Virtual Machine.
  • You need to have a passion for computing, with this you can go far. Without it, you will get bored.

This course has been designed to fill a hole in the market that no other course will give you with hands on step by step tutorials that this visual learning experience provides. This course allows you to follow, in real time, each stage of the engagement that you can tweak and train your skills from over and over again!

You will get the latest tools and techniques using Rapid 7's Superb tool, 'Metasploit', to exploit targets as well as run post exploitation techniques and utilize PowerShell with 'Empire

The course will visually engage with 'Empire', a post exploitation tool, used to harness the power of Powershell to further exploit Microsoft Windows Operating systems where poor configurations and overlooked policy have been deployed.

The course will start with an understanding of how to move around Metasploit, basic key strokes to get from one section of the framework to another, and together, we will exploit our first system, work out what we can and cant do, how to keep it if something goes wrong, and how to leave the session without being tracked. We will learn how to not be seen by Intrusion Detection Systems and Evade Anti-Virus Software used by professional Penetration Testers around the globe. The course will then look at Empire, again we will start with the basics of moving around, how to gain our sessions known as 'agents', escalate our privileges if required and migrate over to the Metasploit framework. This gives us the beast of both worlds!  

You will learn how to be professional in your methodology and help you to gain a foothold in the field.

I will teach you by visual learning and not simply speaking over presentations. Theory is good but this course will get you up and running with little to no knowledge at all. This is the course I really wish i had learning Penetration Testing as it answers the questions that are not a simple Google away.

Who this course is for:
  • This course is designed at anyone with a passion for Network Security. If your a Red Team member looking to exploit weakness's and expose vulnerabilities for you clients or a Blue Teamer looking to protecte your network perimeter or mitigate from insider threats these labs will help your understanding by using visual examples to prove methodology.
Course content
Expand all 23 lectures 03:06:06
+ Metasploit
14 lectures 02:00:14

In this video, we go over the key navigation points within Metasploit and touch on Handlers, Payloads, Jobs and sessions.

Preview 14:34

Learn how to gather information on your targets, this is arguably the most important phase of all. This is also known as "reconnaissance" and without it you wont be able to focus your energy in the right area. Spend a lot of time gathering as much information about your targets as this will help you to understand how to conquer them.

Understanding OS Finger Printing for Information Gathering Purposes

DescriptionLink https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi

"This module exploits a parsing flaw in the path canonicalization code of NetAPI32.dll through the Server Service. This module is capable of bypassing NX on some operating systems and service packs. The correct target must be used to prevent the Server Service (along with a dozen others in the same process) from crashing. Windows XP targets seem to handle multiple successful exploitation events, but 2003 targets will often crash or hang on subsequent attempts. This is just the first version of this module, full support for NX bypass on 2003, along with other platforms, is still in development."

Preview 07:00

In this lecture we gain a Command Shell (which is a DOS Prompt to you and I), and upgrade that DOS prompt to a meterpreter Shell. This will give us the ability to utilize more advanced exploitation techniques than simply having a shell and is usually the first point of getting any Command Shell. The Meterpreter session sits in memory so doesn't get triggered by Anti Virus Software of which is vital to being undetected whilst running through engagements.


Upgrading Command Shells to Meterpreter

During any Penetration Test, you will come across techniques that might, by design, perform a Denial Of Service which will leave the machine you are attacking, frozen, Blue Screened if in Windows, or simply reboot. It is important to know what these are so you don't accidentally try them. Your scope with your client will probably not allow you to perform DOS attacks intentionally, so make sure you're confident of what you're doing before your do it. This example in Windows (MS12020) has an availability checker that you can report to your clients the susceptibility of the DOS.

Denial Of Service - MS12-020 MS Remote Desktop Use After Free

This time we look at the 'Web script Delivery' module. This module is a great module to learn as it gives you a quick and easy route to gather a new session to the box if you already have access to it. Say you manage to find the credentials and RDP onto a box, you can generate a script in PowerShell, run it and receive a session back on that box.

This also comes in PHP and Pearl flavors if these are relevant to your scenario.

This demonstration shows the bare bones of how to create a session, but in reality it would be rather unlikely for the victim to copy the code into a command box as shown in the video.

Part of being on the attacker side is to think of ways to execute code like this. You could for example, embed the code into a Macro of a Windows Excel or Word Document to automatically run when the file is opened.

Exploitation - Web Script Delivery in PowerShell

Using an AutoRunScript can be a great technique to automate tasks and also allow you to speed up manual tasks & remove human error. This is great for migrating process's to evade antivirus when touching disk. 

Preview 05:08

During your pentest, you will you will need to move around into different machines and gather credentials in order to do so. Here we look at how to gather hashes and crack them to re use these on other systems.

We look at using the popular tools like JTR (John The Ripper) & OPHCrack   

Post Exploitation - Gathering Hashes - Cracking with JTR and OPHCRACK

Here we look at harnessing the power of Mimikatz.

Mimikatz is a post exploitation tool to gather passwords from compromised machines. Mimikatz isn't documented very well from within the Metasploit Module, so it's useful to see it in action fully. 

Post Exploitation - Mimikatz Usage for Password Recovery

Pass the Hash or PTH - Is a post exploitation method designed to allow you to give the NTLM Hash discovered from a previous exploit or from a 'hashdump' directly into the password field. This is an incredibly useful method when you don't have the time nor the resources to crack the hashes and need to gain further access and compromise your next machine. 

Post Exploitation - 'Pass the Hash' - (update) What it is and how to use it

In this lecture we look at Pivoting.

Pivoting is used to access internal networks by utilizing the initial exploited machine.

Post Exploitation - 'Pivoting' (Compromise Sessions through Sessions!)

This Lecture looks at the 'ask' module. This module is uses as a Privilege Escalation Tactic that displays a message to the user 'asking' the user if it's 'ok' to run a program. If the user agrees, and has local admin privileges, then a new session is spawned with NT AUTHORITY\SYSTEM.

Post Exploitation - Using the 'ask' Module

This lecture is all about Persistence

Persistence is the method of resuming a session after the compromised machine has crashed, been restarted on simply that the session has died for some other reason.


After we have completed our engagement we now need to remove all traces that we connected. In this video we look at clear the windows Event log in Event Viewer. We wouldn't want anyone to know what we've been doing now would we ....

Covering Your Tracks! - Don't Get Caught.....
+ Powershell Empire
9 lectures 01:05:52

In this video we look at how to install, update and configure Empire ready for use.

Installation and Basic Setup

In this video we look at the key commands needed to move around the Empire application to familiarize ourselves with the application. 

Navigation around the Console, Shortcut Keys, Searching and Time Saving Key Tips

In this video we will look at the differences between different types of encoded payloads. Starting from a standard powershell payload to a base64 encoded payload and how these are executed by looking at the pros and cons of how they are deployed.

Creating Base64 encoded Powershell Stagers

This time we look at the creating a Windows component script-let file that we execute by using the "unregister" function! This is a nifty way to create shells. 

As always we also bypass Anti-Virus and Endpoint Security Systems as the payload inside the script-let doesn't touch disk-space.. 

Creating a Component Scriptlet Stager to create shells!

This time we look at how we interact with our Empire Agents that are now established on our system.

Interacting with 'Agents'
Privilege Escalation - 'Bypass UAC' - 3 Different Methods!

This video looks out attempting privilege escalation using the 'BypassUAC' method through Empire.

Privilege Escalation - 'Ask' Module

 Like with all things in PenTesting, you don't always get the results you want! 

This video is about trying different methods to achieve our goal. 

Migrate to a 'SYSTEM' user and *Try to use mimikatz!

Now we go to migrate between Empire and Metasploit in order to use different modules when we have issues with one application. 

If at first you don't succeed..... 

Empire to Metasploit to Harvest passwords