Learn Ethical Hacking From Scratch
4.5 (81,247 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
364,782 students enrolled

Learn Ethical Hacking From Scratch

Become an ethical hacker that can hack computer systems like black hat hackers and secure them like security experts.
4.5 (81,247 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
364,782 students enrolled
Last updated 7/2020
English, French [Auto], 5 more
  • German [Auto]
  • Italian [Auto]
  • Polish [Auto]
  • Portuguese [Auto]
  • Spanish [Auto]
Current price: $135.99 Original price: $194.99 Discount: 30% off
23 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 14.5 hours on-demand video
  • 2 articles
  • 22 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • 135+ ethical hacking & security videos.
  • Start from 0 up to a high-intermediate level.
  • Learn ethical hacking, its fields & the different types of hackers.
  • Install a hacking lab & needed software (on Windows, OS X and Linux).
  • Hack & secure both WiFi & wired networks.
  • Understand how websites work, how to discover & exploit web application vulnerabilities to hack websites.
  • Use 30+ hacking tools such as Metasploit, Aircrack-ng, SQLmap.....etc.
  • Discover vulnerabilities & exploit them to hack into servers.
  • Hack secure systems using client-side & social engineering.
  • Secure systems from all the attacks shown.
  • Install & use Kali Linux - a penetration testing operating system.
  • Learn linux basics.
  • Learn linux commands & how to interact with the terminal.
  • Learn Network Hacking / Penetration Testing.
  • Network basics & how devices interact inside a network.
  • Run attacks on networks without knowing its key.
  • Control Wi-Fi connections without knowing the password.
  • Create a fake Wi-Fi network with internet connection & spy on clients.
  • Gather detailed information about networks & connected clients like their OS, ports ...etc.
  • Crack WEP/WPA/WPA2 encryptions using a number of methods.
  • ARP Spoofing / ARP Poisoning.
  • Launch various Man In The Middle attacks.
  • Access any account accessed by any client on the network.
  • Sniff network traffic & analyse it to extract important info such as: passwords, cookies, urls, videos, images ..etc.
  • Intercept network traffic & modify it on the fly.
  • Discover devices connected to the same network.
  • Inject Javascript in pages loaded by clients connected to the same network.
  • Redirect DNS requests to any destination (DNS spoofing).
  • Secure networks from the discussed attacks.
  • Edit router settings for maximum security.
  • Discover suspicious activities in networks.
  • Encrypt traffic to prevent MITM attacks.
  • Discover open ports, installed services and vulnerabilities on computer systems.
  • Hack servers using server side attacks.
  • Exploit buffer over flows & code execution vulnerabilities to gain control over systems.
  • Hack systems using client side attacks.
  • Hack systems using fake updates.
  • Hack systems by backdooring downloads on the fly.
  • Create undetectable backdoors.
  • Backdoor normal programs.
  • Backdoor any file type such as pictures, pdf's ...etc.
  • Gather information about people, such as emails, social media accounts, emails and friends.
  • Hack secure systems using social engineering.
  • Send emails from ANY email account without knowing the password for that account.
  • Analyse malware.
  • Manually detect undetectable malware.
  • Read, write download, upload and execute files on compromised systems.
  • Capture keystrokes on a compromised system.
  • Use a compromised computer as a pivot to hack other systems.
  • Understand how websites & web applications work.
  • Understand how browsers communicate with websites.
  • Gather sensitive information about websites.
  • Discover servers, technologies & services used on target website.
  • Discover emails & sensitive data associated with a specific website.
  • Discover subdomains associated with a website.
  • Discover unpublished directories & files associated with a target website.
  • Discover websites hosted on the same server as the target website.
  • Exploit file upload vulnerabilities to gain control over target website.
  • Discover, exploit and fix code execution vulnerabilities.
  • Discover, exploit & fix local file inclusion vulnerabilities.
  • Discover, exploit & fix SQL injection vulnerabilities.
  • Bypass login forms and login as admin using SQL injections.
  • Exploit SQL injections to find databases, tables & sensitive data such as usernames, passwords...etc
  • Read / Write files to the server using SQL injections.
  • Learn the right way to write SQL queries to prevent SQL injections.
  • Discover reflected XSS vulnerabilities.
  • Discover Stored XSS vulnerabilities.
  • Hook victims to BeEF using XSS vulnerabilities.
  • Fix XSS vulnerabilities & protect yourself from them as a user.
  • Discover MITM & ARP Spoofing attacks.
  • Basic IT Skills
  • No Linux, programming or hacking knowledge required.
  • Computer with a minimum of 4GB ram/memory.
  • Operating System: Windows / OS X / Linux.
  • For WiFi cracking (10 lectures ONLY) - Wireless adapter that supports monitor mode (more info provided in the course).

Welcome this comprehensive Ethical Hacking course! This course assumes you have NO prior knowledge in hacking and by the end of it you'll be able to hack systems like black-hat hackers and secure them like security experts!

This course is highly practical but it won't neglect the theory; we'll start with ethical hacking basics, breakdown the different penetration testing fields and install the needed software (on Windows, Linux and Mac OS X), then we'll dive and start hacking straight away. From here onwards you'll learn everything by example, by analysing and exploiting different systems such as networks, servers, clients, websites .....etc, so we'll never have any boring dry theoretical lectures.

The course is divided into a number of sections, each section covers a penetration testing / hacking field, in each of these sections you'll first learn how the target system works, the weaknesses of this system, and how to practically exploit theses weaknesses to hack into this system, not only that but you'll also learn how to secure systems from the discussed attacks. By the end of the course you will have a strong foundation in most hacking or penetration testing fields.

The course is divided into four main sections:   

1. Network HackingThis section will teach you how to test the security of both wired & wireless networks. First, you will learn network basics, how they work, and how devices communicate with each other. Then it will branch into three sub sections:   

  • Pre-connection attacks: in this subsection you'll learn a number of attacks that can be executed without connecting to the target network, and without the need to know the network password; you'll learn how to gather information about the networks around you, discover connected devices, and control connections (deny/allow devices from connecting to networks).

  • Gaining Access: Now that you gathered information about the networks around you, in this subsection you will learn how to crack the key and get the password to your target network weather it uses WEP, WPA or even WPA2.

  • Post Connection attacks: Now that you have the key, you can connect to the target network, in this subsection you will learn a number of powerful techniques that allow you to gather comprehensive information about the connected devices, see anything they do on the internet (such as login information, passwords, visited urls, images, videos ....etc), redirect requests, inject evil code in loaded pages and much more! All of these attacks work against both wireless and wired networks. You will also learn how to create a fake WiFi network, attract users to connect to it and use all of the above techniques against the connected clients.

2. Gaining AccessIn this section you will learn two main approaches to gain full control or hack computer systems:

  • Server Side Attacks:  In this subsection you will learn how to gain full access to computer systems without user interaction. You will learn how to gather useful information about a target computer system such as its operating system, open ports, installed services, then use this information to discover weaknesses and vulnerabilities and exploit them to gain full control over the target. Finally you will learn how to automatically scan servers for vulnerabilities and generate different types of reports with your discoveries.

  • Client Side AttacksIf the target system does not contain any weaknesses then the only way to hack it is by interacting with the users, in this subsection you'll learn how to get the target user to install a backdoor on their system without even realising, this is done by hijacking software updates or backdoornig downloadeds on the fly. This subsection also teaches you how to use social engineering to hack into secure systems, so you'll learn how to gather comprehensive information about system users such as their social accounts, friends, their mails.....etc, you'll learn how to create trojans by backdooring normal files (such as an image or a pdf) and use the gathered information to spoof emails so they appear as if they're sent from the target's friend, boss or any email account they're likely to interact with, to social engineer them into running your torjan.

3. Post ExploitationIn this section you will learn how to interact with the systems you compromised so far. You’ll learn how to access the file system (read/write/upload/execute), maintain your accessspy on the target (capture key strikes, turn on the webcam, take screenshots....etc) and even use the target computer as a pivot to hack other systems.

4. Website / Web Application HackingIn this section you will learn how websites work, how to gather information about a target website (such as website owner, server location, used technologies ....etc) and how to discover and exploit the following dangerous vulnerabilities to hack into websites:

  • File Upload.

  • Code Execution.

  • Local File Inclusion.

  • Remote File Inclusion.

  • SQL Injection.

  • Cross Site Scripting (XSS).

At the end of each section you will learn how to detect, prevent and secure systems and yourself from the discussed attacks. 

All the techniques in this course are practical and work against real systems, you'll understand the whole mechanism of each technique first, then you'll learn how to use it to hack into the target system, so by the end of the course you'll be able to modify the these techniques to launch more powerful attacks, and adopt them to suit different situations and different scenarios.

With this course you'll get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you within 15 hours.



  • This course is created for educational purposes only, all the attacks are launched in my own lab or against systems that I have permission to test.

  • This course is totally a product of Zaid Sabih & zSecurity and no other organisation is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANISATION IS INVOLVED.

Who this course is for:
  • Anybody interested in learning ethical hacking / penetration testing
  • Anybody interested in learning how hackers hack computer systems
  • Anybody interested in learning how to secure systems from hackers
Course content
Expand all 138 lectures 14:38:40
+ Introduction
3 lectures 12:34

This is a teaser lecture, in it I show you an example of the things you'll be able to do at the end of the course, in this lecture I show you how to hack into a Windows 10 machine and turn on its web cam without asking the user to do anything.

As this is a teaser, I won't be going into details about how this is achieved, but don't worry about that as I will break this down to you through out the course and you will understand exactly how to do it.

This is just one example, by the end of the course you'll learn much more attacks and you'll be able to target all operating systems.

Preview 06:32

Welcome to the course, this lecture will give you a full outline of the structure of the course, and will give you an over view of what you will learn in each section.

Course Introduction & Overview

In this lecture you will learn what is meant by a hacker and what is the difference between white hat, grey hat and a black hat hacker. We will talk about why do we teach/learn hacking, benefits of it and job opportunities.

What Is Hacking & Why Learn It ?
+ Setting up a Hacking Lab
3 lectures 24:37

In this course, we will be using a number of operating systems, Kali for hacking and 2 others as target machines, in this section you will learn how to install all of these machines as virtual machines inside your current operating system, this allows us to use all of the machines at the same time, it also completely isolates these machines from your main machine therefore your main machine will not be affected if anything goes wrong.

Everything shown here will work on Windows, Linux and OS X.

Lab Overview & Needed Software

This lecture will give you an overview of the software you need for this course,  how to install it, and how to install Kali Linux as a virtual machine inside any operating system, whether it is Windows, Linux or OS X.

Installing Kali 2020 As a Virtual Machine

In this lecture, you will learn how to store the current state of a virtual machines and how to use these restore points, this is very useful because it allows you to go back or forward to different configurations of the operating system.

Creating & Using Snapshots
+ Linux Basics
2 lectures 16:31

In this lecture we will have a basic look on Kali linux just to get you comfortable with using it.

You will learn how to use its main applications, browse files, connect to the internet ....etc.

Basic Overview of Kali Linux

In this lecture you will learn how to interact with the linux terminal and run linux commands.

The Terminal & Linux Commands
+ Network Hacking
5 lectures 27:15

This is an introduction lecture for the network penetration testing section, it will give you an overview of the structure of this section and what you will learn in it

Preview 02:21

Before jumping to network hacking you need to know some basics about networks, in this lecture you will learn how networks work and how devices communicate with each other.

Networks Basics

This video will teach you how to connect a USB device to Kali, as an example I will be connecting a wireless adapter to it so I can interact with wireless networks and try to hack them form Kali.

Connecting a Wireless Adapter To Kali

MAC address (Media Access Control) - is a unique identifier assigned to network interfaces.

In this lecture you'll learn what is is, how its used, and how to change it using Kali Linux.

What is MAC Address & How To Change It

This lecture will clarify why is it possible to capture any packet around us even if it's not directed to our device, you will learn about two wireless modes: monitor and managed mode, you shall learn what is the difference between them, when do we use each of them and how to correctly enable monitor mode on your wireless card.

Wireless Modes (Managed & Monitor)
+ Network Hacking - Pre Connection Attacks
4 lectures 31:54

This is the first lecture in the "pre connection section", in this lecture you will learn how to use airodump-ng to see all the access points (WiFi Networks) and associated clients that are within your wireless range and gather information about them.

Packet Sniffing Basics

In this lecture you will learn what are the 2 bands used on WiFi networks and how to use airodump-ng to capture data sent over these bands

WiFi Bands - 2.4Ghz & 5Ghz Frequencies

In this lecture , we shall learn how to launch airodump-ng on a specific AP , and store all packets in a capture file.

Targeted Packet Sniffing

Deauthentication attacks allow us to disconnect (disassociate) any client that is connected to any network that is within our wifi range even if the network uses encryption (such as WEP/WPA/WPA2) and even if we do not know the encryption key (the WiFi password).

Preview 06:50
+ Network Hacking - Gaining Access - WEP Cracking
5 lectures 26:07

In this section we shall learn how to break WEP/WPA/WPA2 encryption and determine the network key.

Preview 01:09

This lecture explains the weaknesses in WEP encryption and how we can use these weaknesses to break it and hack Wi-Fi networks that use it.

Theory Behind Cracking WEP Encryption

In this video we shall learn the basics of cracking WEP encryption and you'll learn how to hack an active Wi-Fi network that uses WEP.

WEP Cracking Basics

In this lecture we shall learn the theory behind cracking WEP encrypted APs with no or idle clients.

To do this we will inject packets in the traffic, but before we can do that we need to authenticate our wifi card with the target AP so that it does not ignore our requests as AP's only accept packets from associated devices, therefore we shall learn how to fake authenticate our wifi card with the target AP so that it starts accepting packets from us.

Fake Authentication Attack

This method can be used to crack idle or clientless AP's .

In this method , after successfully associating with the target AP , we will wait for an ARP packet , we will then capture this packet and inject it into the traffic , this will force the AP to generate a new ARP packet with a new IV , we capture this new packet and inject into the traffic again , this process is repeated until the number of IV's captured is sufficient enough to crack the key.

ARP Request Replay Attack
+ Network Hacking - Gaining Access - WPA / WPA2 Cracking
5 lectures 34:41

This is an introduction to WPA/WPA2 cracking , we shall learn the main difference between WPA2 and WEP and why WPA2 is more difficult to crack.

Introduction to WPA and WPA2 Cracking

In this lecture we shall learn how to exploit the WPS feature to crack WPA and WPA2 encrypted AP's without a wordlist attack and without the need to any connected clients.

Hacking WPA & WPA2 Without a Wordlist

In this lecture we shall learn how to capture the handshake from the target AP.

Capturing The Handshake

To crack WPA/WPA2 we need to use a wordlist, you can download ready wordlists from the internet or create your own as shown in this lecture.

Creating a Wordlist

In this lecture we will use the wordlist created in the previous lecture to crack the WPA2 key using aircrack-ng.

Cracking WPA & WPA2 Using a Wordlist Attack
+ Network Hacking - Gaining Access - Security
2 lectures 08:28

In this lecture you will learn how to secure your network and protect it from the above attacks. 

Securing Your Network From Hackers

In this lecture you will learn how to access your router's admin panel and configure it correctly to protect it from the above attacks and make it nearly impossible to hack.

Configuring Wireless Settings for Maximum Security
+ Network Hacking - Post Connection Attacks
1 lecture 02:10

This is an introduction to the post-connection attacks section, it will give you an outline of what we shall learn in this section and go over some important notes.

Preview 02:10
+ Network Hacking - Post-Connection Attacks - Information Gathering
4 lectures 27:04

In this lecture you will learn how to set up a virtual Windows machine to try and hack into it to practice penetration testing.

Installing Windows As a Virtual Machine

Information gathering is one of the most important steps in penetration testing. In this lecture we will learn how to use netdiscover to discover devices connected to the same network as us, we will be able to find their IP and MAC address.

Discovering Devices Connected to the Same Network

In this lecture we shall learn how to use zenmap (the GUI for nmap) to discover all connected devices and gather detailed information about these devices, such as their operating system, open ports and even services using these ports.

Gathering Sensitive Info About Connected Devices (Device Name, Ports....etc)

In this lecture you'll learn how to use Zenmap to gather even more information such as exact programs running on each open port, the operating system and more!

Gathering More Sensitive Info (Running Services, Operating System....etc)