
Master ethical hacking from zero to hero through the six-step process, Linux basics, netcat, and batch scripting. Explore application security, HTTP, DNS, OWASP vulnerabilities, and essential web hacking tools.
Explore what ethical hacking is, including penetration testing and white hat roles, and learn how ethical hackers identify vulnerabilities to protect data and strengthen security.
Explore the six-step ethical hacking process, from reconnaissance to final reporting, including environmental scanning, gaining and maintaining system access, clearing breach traces, and delivering actionable recommendations.
Explore the strong career potential of ethical hacking with salaries around 91,000 to 117,000 USD, rising demand due to ransomware, and the need for ongoing education and upskilling.
Explore why hackers favor Linux for its open source nature, transparency, granular control, and powerful scripting, with most hacking tools built for Linux driving web servers and security testing.
learn to boot up kali linux by downloading from the official site and installing it in virtualbox, then configure hostname, user, disk, and desktop environment for ethical hacking.
Explore the Linux filesystem hierarchy from root to /bin, /usr, /proc, /var, and /home, learning how directories host binaries, config files, devices, and logs.
Learn basic linux commands and terminal navigation, including ls, clear, pwd, cd, mkdir, and man pages, with tips on directories, hidden files, and using which, locate, and sudo.
Manage Kali Linux services with systemctl to start and enable SSH and Apache, verify active status, and check listening ports 22 and 80 using netstat and ss.
Manage packages on a Debian-based system with apt for update, upgrade, install, search, and remove, and use dpkg for installed packages, with examples like Metasploit framework and MySQL.
Explore how bash environment variables like PATH and HOME influence your terminal, create and export custom variables, and track process IDs and exit statuses across sub processes.
Learn how to use the Kali Linux CLI history feature to view and re-run past commands with shortcuts like shift+1 and shift+7, and search commands with control+r.
Explore Kali Linux CLI piping and redirection, mastering standard input, standard output, and standard error, plus practical use of ls, cat, wc, and /dev/null for appending and stream control.
Master text searching and manipulation on Kali Linux CLI with grip for regular expressions, sed for substitution, cut for fields, and Swk for text processing.
Edit files on the Kali Linux CLI with nano and vim, learn insert mode, save with control x or write out, and quit with wq or exclamation mark.
Learn to compare files in Kali Linux using cp to copy, diff to show differences, and vim diff for visual comparison, with basic file editing steps.
Explore Kali Linux CLI process management by controlling foreground and background jobs, using bg, fg, and job commands, suspending with Ctrl-Z, quitting with Ctrl-C, and forcing termination with kill -9.
monitor file and command activity in Kali Linux CLI using tail -n 5 and tail -f, then employ watch to observe real time access logs and local connections.
Learn how to download files using Kali Linux CLI with wget and curl, save outputs as index.html or with a custom name, and fetch PDFs or packages efficiently.
Customize the bash environment by creating aliases like se for 'ls -l' and persisting them in the .bashrc for automatic use in new terminals.
Explore netcat (nc) as a versatile network tool to read and write data over tcp/udp, set up listening or reverse shells, and simulate attacker and victim scenarios.
Create your first bash script on the desktop, add a shebang and a comment, make it executable with chmod +x, then run it to print hello there.
Explore bash scripting variables, declare and print strings, use command substitution with backticks and $(), combine variables with commands, handle script arguments, and read user input.
Master bash scripting with if, else, and elif statements, testing numbers and strings, reading input, and printing true or false using common test operators.
Master Bash scripting loops by building for and while constructs, iterating over sequences and file contents, using command substitution, and printing values and IP ranges.
Master bash scripting functions in budget script: define, call, and return values using a function name, parentheses, braces, and echo inside.
Discover web application security essentials, including common attacks like XSS, SQL injection, CSRF, and DDoS, and how dynamic and static testing (DAST and SAST) identifies and fixes vulnerabilities.
Explore how web applications run, from client-side HTML and JavaScript to server-side app logic and database, through DNS lookup and the HTTP request–response cycle.
Explore how the Hypertext Transfer Protocol enables web communication, detailing client-server requests and responses, headers, status codes, and security with TLS/SSL and proxies.
Translate domain names into machine-friendly ip addresses to load web pages, using dns lookups through root, tld, and authoritative name servers, with caching at browser and system levels.
Explore the OWASP top ten vulnerabilities and their practical remediation. Learn about injection, broken authentication, and cross-site scripting, with strategies like parameterized queries, MFA, and SCA scans.
Dirb, a web content scanner, uses word lists to discover directories and pages by issuing requests, even if the main index is missing, with non-recursive scans and a delay.
Explore Burp Suite, a GUI-based proxy tool for web application security testing, and learn to set up the community edition, configure manual proxies, and handle certificates for intercepting traffic.
Demonstrates using an open source web server scanner to test for dangerous files and programs, showing host input, max time settings, and its value for practical labs.
Explore essential network concepts, including topology types (bus, ring, star, mesh, hybrid), key terminology (hostname, IP address, MAC address, port, socket), and services like DNS, ARP, DHCP.
Explore the OSI model as a seven-layer conceptual framework that describes networking functions from physical transmission to application services, covering data link, network, transport, session, presentation, and application layers.
Explore Wireshark, the world's leading network protocol analyzer, to inspect traffic at a microscope level with deep protocol support, live capture, offline analysis, and powerful display filters across platforms.
Install Wireshark across Windows, Linux, Mac, and VirtualBox by downloading from wireshark.org and choosing the installer, portable, or source options.
Choose the correct interface and start capturing with Wireshark to observe packets, including TCP packets, then explore filters to target specific IP protocols.
Learn to filter packets by a specific IP address using the display filter ip.addr, observe source and destination traffic, and preview filtering by source or destination in the next lecture.
Filter traffic to a specific source IP and destination IP, and combine conditions with and/or operators to target two IPs, noting that source and destination cannot be the same.
Apply filters to display http and dns traffic, capture requests and responses between local and Google, and inspect protocol details like http status and dns packets.
Set tcp and udp filters to a specific port to capture packets by source or destination port, then observe traffic to google.com and verify whether port 888 is open.
Explore how to display tcp packets that contain a specific term by inspecting http get requests and responses, including host headers and destination addresses.
Learn to filter http get and post requests by selecting the method and capturing results live, including using the -X option for post requests.
Filter out specific protocols using not and or operators, with brackets and case sensitivity, to exclude DNS or ARP while capturing other traffic.
Learn how netcat captures passwords in plain text and how to monitor the traffic with Wireshark, illustrating why netcat is not for secure communication.
Explore how ftp, a plain text file transfer protocol, exposes passwords to man-in-the-middle attacks and demonstrates a hands-on capture of credentials, urging replacement with sftp.
Capture ftp traffic with wireshark to extract a file and observe the transfer in the tcp stream, revealing plaintext data and warning about ftp's insecurity.
Learn how unencrypted http transmits usernames and passwords in plain text by observing an example site, highlighting the risks of http versus https and credential theft.
Capture files, images, and other content from HTTP traffic, save them locally, and recognize the serious security risks of non-HTTPS websites for login and development.
Explore port scanners essentials, including TCP and UDP concepts, IP addressing, and port ranges from well-known to dynamic. Compare scan techniques like SYN, CONNECT, and stealth as used by Nmap.
Explore how Nmap, a network scanner utility, performs host discovery and vulnerability scanning by analyzing IP packets to detect remote hosts, operating systems, and services.
Set up a hacker lab by installing VirtualBox, Kali Linux, and a Metasploit testing machine, then configure a local network with bridge adapters for Nmap scans in the next lecture.
Learn Nmap scanning techniques, including UDP scan, FIN scan, TCP connect scan, stealth scans, version detection, TCP SYN scan, and ID scan, to identify open ports and alive hosts.
Execute an nmap scan against an IP address to reveal open ports, such as FTP and Telnet, and demonstrate scanning a hostname like google.com to identify port 443 and HTTP.
Perform an Nmap ping scan by sending icmp echo requests to a subnet such as 8.0/24 to identify hosts up on the network.
Run nmap to scan all ports by default beyond the first 1000. Use -p to specify a port range or specific ports like 80, 443, and 112 to test open.
Demonstrates scanning multiple IP addresses to map Metasploit and a second machine, revealing one host is up and ports are closed, then scan all ports.
Scan the top ports with a Metasploit command, set the number of boards and your machine's ip address, and observe how expanding the port range changes results.
Create a text file with IP addresses and use nmap -iL to scan the listed hosts, exploring how to target specific ports with -p while using safe test machines.
Learn to save nmap scan results to a file by specifying the target ip and choosing an output format such as text or xml, creating a usable result file.
Disable DNS name resolution to speed up nmap scans by using the -n option when scanning a target IP on a local network.
use nmap to enable os detection and service version detection with fast execution, test targets, and reveal details such as ftp anonymous access and potential exploitable services.
Learn how to use a command with -sV to detect daemon and service versions on a target IP, revealing state and service information with verbose output.
Master port scanning with nmap by choosing tcp or udp scans, entering the target IP address, and understanding the need for root privileges for certain scans.
Learn to detect CVEs with nmap and the NSE scripting engine, scanning for vulnerabilities and identifying exploitable services like ftp with backdoors.
Explore denial-of-service concepts using the Nmap scripting engine to simulate slow loris attacks, illustrating how to test and harden networks while emphasizing ethical use.
Learn to use nmap's brute force script against an ftp server by setting port 21 and target IP, while noting brute forcing is slow and not a modern method.
Learn to detect malware infections on remote hosts using nmap's http-malware-host script and Google malware checks, highlighting ethical hacking and defensive testing for organizations.
Learn Nmap firewall and IDS evasion techniques, including fragment packet scans with dash F, decoy and zombie scans, MAC spoofing, and data length manipulation.
Explore Python's role in security, highlighting its readability, interpretive nature, object-oriented design, open-source ecosystem, and extensive libraries that boost productivity and rapid debugging for cybersecurity professionals.
Discover how to install Python on Linux, including Python 3.8 and Python 2.7, understand the interpreter, and set up Visual Studio Code for Python development to build ethical hacking tools.
Create and run a hello world program in Python 3 in the terminal, using a lightweight editor like vim, and view output in the console while exploring interpreter basics.
Discover fundamental Python data types—integers, floats, booleans, strings, lists, tuples, sets, dictionaries—and learn about classes, modules, and the None value.
Explore Python numbers by printing integers and floats, performing arithmetic, and using the type function to identify data types and exponentiation.
Explore Python math functions from the standard library, including round, abs, cosine, and sine, and learn to consult official docs for accurate usage.
Understand python operator precedence, with brackets as the highest priority, followed by exponential, then multiplication and division, and finally addition and subtraction, illustrated by 3+4 and (3+4)*2 examples.
Learn to declare and use variables in python, including integers and floats. Print results, compute sums with var one and var two, and place multiple variables on one line.
This lecture demonstrates Python strings, dynamic typing, and concatenation, with multi-line literals, while stressing not to hard-code passwords and to use environment variables or secret managers in production.
Master string concatenation by combining strings only, resolve type mismatches when appending numbers, and learn how to convert integers to strings in the next lesson.
Learn how to convert between integers and strings using str and int, check types with type, and safely concatenate strings by applying conversions.
Learn how escape sequences use backslashes to handle characters like single quotes and double quotes and new lines, avoid syntax errors, and represent backslashes by doubling them.
Master formatted strings by embedding variables into messages with braces and the format function, and use zero-based indexing to display dynamic user and age values.
Explore string indexes as a sequence of characters, using zero-based indices and end-exclusive slicing with examples like 0 to 2 and 0 to 3.
Explore the boolean datatype, with true and false as 1 and 0, and learn to test and print booleans. Use the bool() function to convert integers to true or false.
Explore how lists form a sequence of objects and how to define them with brackets. Learn indexing from zero, slice to retrieve subsets, and mix strings, numbers, booleans, and floats.
Learn built-in Python list methods such as append, clear, copy, count, extend, index, insert, pop, remove, reverse, and sort, and how to search official docs and resources like W3Schools.
Explore matrices and arrays, multi-dimensional indexing, and the print function; learn zero-based indexing and retrieving characters from a matrix, with image processing and pixel use cases for ethical hacking.
Explore the none type and how a variable with none differs from zero, white space, and nothing, showing that none means an arbitrary value or not set yet.
Explore dictionaries in programming by creating key-value pairs, printing values by keys, nesting dictionaries in lists, and accessing specific data like name and age.
Explore Python dictionary methods, including copy, get, items, update values, and clear, and learn how these methods save you a lot of trouble and efforts.
Explain tuples as read-only data structures in Python, showing immutability and lack of item assignment, contrasted with lists through index-based access and examples.
Learn conditional statements in Python, including if else and nested if, with proper indentation and four spaces. Explore boolean variables, comparison operators, and printing outputs.
Learn how the Python for loop works, including syntax, indentation, and printing inside the loop, and observe how the final i value appears after the loop.
Use the range function to drive a for loop and print indices from 0 to 9, explaining end-exclusivity. To get 10, set the end value to 11 per the example.
Demonstrate a while loop starting at zero, printing i while i < 5, and incrementing i to prevent an infinite loop, producing output 0 through 4 before i reaches five.
Explore break, continue, and pass in Python loops, showing how break exits a loop, continue skips an iteration, and pass serves as a placeholder.
Define and call Python functions with def, parameters, and return to perform tasks like adding ten to a value. Explore built-in functions, and learn local versus global scope across calls.
Learn to use *args and **kwargs to accept multiple parameters, distinguish positional and keyword arguments, and inspect them as dictionaries.
Learn how Python packages and modules are organized, create a main file and a functions directory, and use imports to call functions across files.
Handle Python user input and convert values to integers with try/except error handling. Explore finally blocks, alternative formats, and simple ways to show friendly messages when errors occur.
Open, read, and write files in Python using the open function and modes, then print content and practice closing files for safe access.
Explore Python file I/O and exception handling, opening files in various modes, using try-except blocks to handle file not found and IO errors, and create or write when needed.
Write a Python port scanner from scratch, import socket and piglet, print an ASCII banner, resolve the target IP, and iteratively test ports 1–99 with timeout and error handling.
Build a Python web directory discovery tool with requests, loading directories from a file, forming URLs, and printing discovered paths. Demonstrate testing with Metasploit and emphasize authorized targets.
Develop and test a Python web login brute-force script using a large word list, posting credentials, and color-coded output to reveal valid username and password, while emphasizing ethical use.
Explore how SSH tunnels transport arbitrary data within an encrypted session, enabling local port forwarding, remote port forwarding, and dynamic port forwarding for secure access to remote web services.
Master SSH local port forwarding to access internal resources behind a firewall by mapping a local port to an internal resource through a public server.
Set up kali linux environment with two virtual machines, configure iptables to restrict access, and demonstrate ssh local port forwarding to reach an internal resource via a public server.
Expose a local web server to collaborators by using remote port forwarding with a public SSH server, mapping a local port to a remote port via -R.
Learn remote port forwarding with SSH -R to access internal resources from a client, contrasting it with local forwarding, and mapping via a remote SSH server.
Learn how ssh dynamic port forwarding turns your client into a sox five proxy by binding a local port and forwarding traffic through a remote server to bypass content filters.
Practice dynamic SSH port forwarding to bypass firewalls, routing internet traffic through a remote server, and configure proxychains to use localhost:1950 for simulated web access and testing.
What is Ethical Hacking?
Ethical hacking is an authorized practice of detecting vulnerabilities in an application, system, or organization’s infrastructure and bypassing system security to identify potential data breaches and threats in a network. Ethical hackers aim to investigate the system or network for weak points that malicious hackers can exploit or destroy. They can improve the security footprint to withstand attacks better or divert them.
The company that owns the system or network allows Cyber Security engineers to perform such activities in order to test the system’s defenses. Thus, unlike malicious hacking, this process is planned, approved, and more importantly, legal.
Ethical hackers aim to investigate the system or network for weak points that malicious hackers can exploit or destroy. They collect and analyze the information to figure out ways to strengthen the security of the system/network/applications. By doing so, they can improve the security footprint so that it can better withstand attacks or divert them.
Ethical hackers are hired by organizations to look into the vulnerabilities of their systems and networks and develop solutions to prevent data breaches. Consider it a high-tech permutation of the old saying “It takes a thief to catch a thief.”
They check for key vulnerabilities include but are not limited to:
Injection attacks
Changes in security settings
Exposure of sensitive data
Breach in authentication protocols
Components used in the system or network that may be used as access points