Name: Practical Guide to Windows Pentesting with Kali Linux
Rating: 4.5 (21 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created byPackt Publishing

Last updated 4/2019

English

What you'll learn

Detect vulnerable ports and learn how to exploit them
Pentest your website and hack data with different types of attacks
Crack passwords to gain elevated access to resources
Exploit well-known Windows vulnerabilities.
Create persistent access to an exploited machine and maintain a stable backdoor.
Collect valuable information from the exploited host.

Course content

2 sections • 56 lectures • 9h 0m total length

The Course Overview2:53
This is an introduction and course outline.
Pre-Installed Kali Linux10:50
How to download virtualBox and run a prebuilt install of Kali Linux.
Download VirtualBox
Download prebuilt Kali
Run prebuilt Kali VirtualBox
Installing Kali Linux from Scratch7:19
Installing a fresh copy of Kali with an ISO.
Download VirtualBox
Download the right Kali ISO
Install Kali
Updating, Downloading and Installing Apps10:24
How to use the terminal to update, download, install, change permissions, and run applications in Kali.
Update Kali
Download and install from the terminal
Change permissions and run the app from the terminal
Running Services on Kali4:00
How to start, stop, and check statuses on Kali services.
Stop standard services
Start standard services
Check service status
Understanding Different Types of Tools2:51
Footprinting the network—making use of publically available resources.
Understand the “whois” tool
Understand the “Netcraft” tool
Understand the “nslookup” tool
Footprinting the Network8:46
In this video, use the different passive reconnaissance tools.
Use the “whois” tool
Use the “Netcraft” tool
Use the “nslookup” tool
Manipulating Google7:43
In this video, you will see how to manipulate the internet.
Manipulate Google searches with dorks
Perform an exploit
Scanning with NMAP and Zenmap7:29
After getting IPs, we scan to look for open ports.
Scan with the NMAP tool
Scan with the ZenMAP tool
Using Maltego10:26
This video covers how to data-mine with Maltego.
Open Maltego
Register a copy of Maltego
Scan with Maltego
Installing OpenVAS4:13
In this video, learn how to install OpenVAS.
Understand OpenVAS
Install OpenVAS
Scanning with OpenVAS5:13
In this video, learn how to find vulnerabilities.
Scan for vulnerabilities with OpenVAS
Installing Nessus8:46
This video shows how to install Nessus.
Register a copy of Nessus
Download Nessus
Install Nessus
Scanning with Nessus5:08
In this video, learn how to find vulnerabilities.
Scan for vulnerabilities with Nessus
Exploiting with Metasploit4:38
In this video, learn how to take control of a target machine.
Understand how Metasploit works
Understand the framework
Know what a payload, Meterpreter, and exploit are
Metasploit and MSFvenom10:34
In this video, learn how to use Metasploit and venom to write custom payload.
Perform an exploit on a target machine
Using Armitage7:32
In this video, learn how to use Armitage.
Select your target, payload, and meterpreter
Execute an exploit via the Metasploit GUI
Other Ways to Exploit7:41
In this video, learn how to exploit with scripts.
Take remote control by means of an exploit-db script
What Is Yuki and How Do We Install It8:09
This video covers auto pentesting with Yuki.
What is Yuki?
Download Yuki from GIT
Install and configure Yuki
Scanning with Yuki4:44
In this video, learn how to perform an auto-pentest scan
Scan with Yuki
Installing, Configuring, and Scanning with Sniper6:07
In this video, learn auto-pentesting with Sniper.
What is Sniper?
Download Sniper from GIT
Install and configure Sniper
Using Individual Tools6:33
How to use some individual tools?
How to use WafW00f to check for firewalls?
Harvest information with the harvester
Find web server vulnerability problems with Nikto
Understanding Cross-Site Scripting3:48
In this video, understand an XSS attack
Learn Persistent XSS
Learn Non-Persistent XSS
Learn DOM based XSS
Implementing an XSS Attack7:51
How to perform an XSS attack?
XSS discovery to check for this weakness
Perform a basic XSS attack
SQL Injection Theory1:58
What is SQL injection?
Uses of SQLi
Implementing a SQL Attack12:31
In this video, learn how to perform an SQLi attack.
SQLi vulnerability checker
Perform SQL attacks on a web server
Cracking Passwords with John the Ripper7:05
How to crack passwords with John-the-Ripper?
Create a local account
Crack password of local account using the “john” wordlist
Cracking Passwords with Hydra5:21
How to crack passwords with wordlists and Hydra?
Crack the client password
Use Kali “rock you” wordlist
Checking AD Password Strengths of Users10:27
In this video, you will learn how to check Active Directory user passwords.
Export AD passwords
Brute-force the passwords
Crack the hashes
Using Software to Bypass Local Passwords4:40
How to bypass local account passwords?
Make use of software to perform a bypass
Monitoring Resources5:21
In this video, you will learn how resources can make or break a test.
Learn to check a space
Monitor RAM in password attacks
Resource management across base and virtual machines
Gathering Your Findings5:35
In this video, you will learn where to get information for the reports
Best practices to gather findings
Report Presentation9:33
The better the test, the better the report.
The need for a good report
Learn how to structure the report
Test your knowledge

The Course Overview2:15
This video provides an overview of the entire course.
Disclaimer1:30
Hacking is a legal gray zone, thus students need to understand that due diligence has to be practiced.
Understand what ethical means
Warn students that they need to understand the laws of their country
This course is for educational purposes only
Test Lab Architecture2:08
We need a windows environment where all exercises in the course can be executed.
Understand the architecture of the network
Understand how the three machines relate to each other
Get ready to install the test machines
Setting Up Kali4:12
Kali Linux is used as the attacker’s machine. It needs to be installed.
Download Kali
Download Virtual box
Import Kali to Virtual box
Setting Up Target Win 1024:57
Most of the attacks will be done against a Windows 10 machine that symbolizes a standard enterprise workstation. It has to be configured carefully so that all exercises could be run.
Download the evaluation version of Windows 10
Create a new virtual machine and install Windows 10
Do additional configuration
Setting Up Target Win 20167:07
Enterprise environments usually run Windows Servers. In our test network it will be a Windows 2016 that will act as the domain controller as well.
Download the evaluation version of Windows Server 2016
Create a new virtual machine and install Windows Server 2016
Save the virtual machine
Creating the Domain16:42
The Windows machine should connect to an internal network that also runs an Active Directory Domain.
Turn the Windows 2016 to a domain controller
Join the new domain with the Windows 10
Create dummy service on the Windows 10
Scanning21:03
To define the attack surface, we would like to know as much about the target network as possible.
Identify all running hosts on the network
Identify all open TCP ports
Identify all running UDP port
Service Identification20:02
To be able to exploit services we need to know exactly what they are.
Find out what kind of service is running on a port
Identify the program that is running the service
Identify the exact version of the program
Using Public Exploits20:06
Exploit development is very time consuming and complex. In most penetration tests publicly available exploits are used.
Find a suitable exploit on the Internet
Understand and modify the exploit as necessary
Run the exploit and get access to the machine
Exploiting with Metasploit9:54
A more extensive framework is needed to efficiently do testing. The Metasploit Framework offers various tools that will be used in every stage of a pentest.
Find suitable exploit in Metasploit
Choose payload for the exploit
Run the exploit
Social Engineering14:15
Although not real exploitation but lot of real attacks rely on files that are that are executed by a victim user after a social engineering attack.
Choose a payload that should be executed by the victim
Create a malicious executable with the payload
Social engineer the target user to run you executable
Evading Anti-Virus30:19
Modern Anti-Virus programs such as Windows Defender can detect a wide variety of malicious actions. Evading these tools is a typical cat-and-mouse game.
Choose a legitimate Windows executable that will be used to carry the payload
Download and run shelter to inject the malicious payload into the executable
Run a handler to receive the connect back shell
Final Word on Exploitation1:48
We learnt a lot in this section and it should be practiced.
Review what we learnt
Explain how exploitation can be practiced
Practice the given steps
About Post-Exploitation1:38
We need to understand where we in the penetration test are and what are the at this point.
Understand what the post-exploitation phase is about
Meterpreter12:07
Usable and stable backdoor is needed to properly interact with the exploited machine.
Create a meterpreter payload
Execute a payload handler
Get to know the meterpreter shell
Privilege Escalation16:34
After a successful exploit the attacker inherits the privileges of the exploited application. If that is not administration or system privilege, then further exploits are needed to achieve maximum privileges on the target machine.
Look for a process that runs as SYSTEM
Try to find a way to manipulate that process
Get the SYSTEM process to execute our payload
Collecting Credentials13:12
Credentials are valuable assets that can be used in further attacks. Thus harvesting them on newly compromised machines is essential.
Harvest Windows password hashes
Harvest passwords from HeidiSQL
Collect credentials from memory
Password Brute-Force11:52
Most modern systems only store password hashes. The plain text passwords can be still recovered though.
Understand how hash functions wor
Run dictionary attack with hashcat
Run dictionary attack with John the Ripper
Achieving Persistence41:00
The attackers’ first connection could be broken by various events, such as a reboot. To avoid losing the machine it should be made sure that a persistent backdoor is installed.
Understand various ways to achieve persistence
Use PowerSploit to create a persistent backdoor
Execute the backdoor on the target machine
Pivoting13:51
A compromised machine could allow access to a network segment that was previously not reachable. Using these techniques, the traffic can be tunneled through the compromised host.
Understand the concept of pivoting
Use the Metasploit autoroute module to route traffic to the new network
Use a SOCKS proxy and proxychains to access the internal network by tools outside of Metasploit
Pass-the-Hash Attack25:58
Usually only password hashes are stored by Windows. However these can be still used to compromise other machines.
Understand the legitimate use of using password hashes
Dump password hashes with mimikatz
Take over the domain controller with mimikatz
Review And Next Steps1:49
We will see some important measures that should be taken after this course to get success in the penetration testing.
Test your knowledge

Requirements

Basic understanding of penetration testing would be an advantage

Description

Kali Linux is the premier platform for testing and maintaining Windows security. Managing Windows security has always been a challenge for any security professional. As Windows is the most popular operating system in the corporate environment, this course will help you detect and tackle attacks early to save your organization data and money.

With this practical course, you will start off with learning how to gather information about the target network and websites to discover all the vulnerable ports. Once you find the necessary info, you’ll learn to bypass security restrictions using exploitation tools to access the target system, hack websites using various pentesting tools. Moving further you'll be mastering master various exploitation and post exploitation techniques such as Pass-The-Hash techniques.

By the end of this video tutorial, you will be able to successfully identify and tackle the flaws and vulnerabilities within the Windows OS (versions 7, 8.1, 10) using Metasploit and Kali Linux tools & collect valuable information from the exploited host.

Contents and Overview

This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.

The first course, Learning Windows Penetration Testing Using Kali Linux you’ll start by gathering information about the target network and websites to discover all the vulnerable ports. Moving on, you’ll learn to bypass security restrictions using exploitation tools to access the target system. Also, you’ll hack websites using various pentesting tools and learn how to present your test reports. By the end of the course, you’ll be able to find, exploit, and prevent security vulnerabilities in Windows OS using Kali Linux.

The second course, Practical Windows Penetration Testing will follow a typical penetration test scenario throughout. At each stage, you will be shown all the necessary tools and techniques, and how they are applied. The whole course is hands-on to guarantee that you gain practical knowledge. You will start by setting up the environment and learn service identification and network scanning techniques. You will master various exploitation and post exploitation techniques. You will also learn to proxy traffic and implement the most famous hacking technique: the pass-the-hash attack. By the end of this video tutorial, you will be able to successfully identify and tackle the flaws and vulnerabilities within the Windows OS (versions 7, 8.1, 10) using Metasploit and Kali Linux tools.

About the Authors:

Taking education on security to a completely new level, Angelique Keyter is devoted to making a difference in the world of cybercrime. She has numerous years of hacking and lecturing behind her and focuses her time on making a difference in her community and teaching people how to fight an unseen criminal. Angelique is a certified hacker, Linux professional, and Microsoft solutions expert with more than 20 years of experience. She is a mother of twins and spends a lot of time studying new things and learning new concepts. She believes that you are never too old to learn. She has a passion for gaming and geeky stuff from hacking to robotics to forensic psychology. She is a focused person with a witty sense of humor, always ready to help or play football with her boys.
Gergely Révay, the instructor of this course, hacks stuff for fun and profit at Multinational Corporation in Germany and in the USA. He has worked as a penetration tester since 2011; before that, he was a quality assurance engineer in his home country, Hungary. As a consultant, he did penetration tests and security assessments in various industries, such as insurance, banking, telco, mobility, healthcare, industrial control systems, and even car production.

Who this course is for:

This course is for IT professionals, security enthusiasts, and security professionals who are willing to learn how to find, exploit, and prevent security vulnerabilities in Windows OS using Kali Linux as well as penetration testing on the Windows platform.

What you'll learn

Explore related topics

Course content

Learning Windows Penetration Testing Using Kali Linux33 lectures • 3hr 46min

Practical Windows Penetration Testing23 lectures • 5hr 14min

Requirements

Description

Who this course is for: