Master the basics of Kali Linux, set up a Kali virtual machine in VirtualBox, and learn essential commands for updating, installing, and uninstalling software.

Explore the Kali Linux interface and its left-side tool categories—information gathering, vulnerability analysis, password attacks, wireless attacks, and exploitation—and use the terminal to update the system.

Install and configure the Metasploitable machine in VirtualBox, download the required image, allocate 2 GB RAM, and set up an environment to practice vulnerability testing and basic exploitation.

Configure a distracter machine with your next operating system and ensure the attacker machine runs Linux on the same network as the tracking system, aligning network names for future use.

Explore a Kali Linux overview, navigate preinstalled tools by category—from information gathering to password attack—and learn key wireless tools like Kismet and Aircrack-ng.

Learn essential linux commands and the power of the terminal, a fast, text-based alternative to the graphic user interface, with a glimpse of ssh for remote access.

Learn basic Kali Linux navigation and command usage by listing directories, viewing home contents, and inspecting folder details with simple terminal commands.

Use the man command to access manuals for Linux commands, learn how to read a command's manual, and practice basic help and the clear command in Kali Linux.

Explore kali linux basics part 3 by using the cd command to change directories, list contents, and verify folders, enabling command-line file management without a gui.

Master Kali Linux basics by using the terminal to create folders and manage directories, demonstrating mkdir and navigation, and preview topics on the penetration journey, including network and website hacking.

Learn about the hyper text transfer protocol, the core web communication protocol. See how client requests trigger server responses over tcp/ip, evolving from static text to support complex apps.

Explain how HTTP requests use GET and POST, form a request line with a URL and query string, and include headers like host, referer, user-agent, and cookies.

Understand http responses, starting with the status line and a 200 ok code. See how headers such as server, cookies, pragma, expires, and content type shape the response body.

Explore http methods and their security implications, comparing get and post for resources and actions, noting query strings and referrer headers, and using head, options, and put.

The uniform resource locator is a unique identifier for web resources, pointing to pages, documents, or images, while web servers manage resources and handle moved or missing ones.

Explore the hyper text transfer protocol header, distinguishing general, request, and response aspects, and learn how these elements appear when testing web applications for security.

Explore the general header concepts, including connection management, content encoding, content length, content type, and transfer encoding, and how they shape request and response messaging.

Explore request headers and their role in web interactions, covering accept, accept encoding, authorization, cookies, host, if-modified-since, entity tag, origin, referer, and user agent.

Learn how http response headers govern access, caching, and authentication, including access-control-allow-origin, cache-control, etag, expires, location, pragma, server, set-cookie, and www-authenticate.

Explore how cookies store data on client machines, how set-cookie headers govern expiry, domain, path, and security attributes, and how cookies can influence web app security and information gathering.

explore how http status codes signal the results of client requests, from 100 continue and 200/201 success to 301/302 redirects, 304 not modified, and common client and server errors.

Explore the five-layer network model from the physical layer to the application layer, and examine cables, devices, and the protocols they use to communicate.

Explore the tcp/ip physical layer, examining how physical devices interconnect with cables and connectors to transmit signals and support bits and addressing.

Explore the data link layer, detailing Ethernet and Wi-Fi frames, MAC addressing, and the Internet Ethernet protocol that enables data delivery across physical links.

Explore the network layer, where the Internet Protocol (IP) delivers data across a collection of networks, enabling Internet communication.

Explore the transport layer, including the transmission control protocol and the European user data protocol, and how IP directs data to the right application on hosts.

Learn how application layer protocols enable a browser to browse the internet, send emails, and watch videos, and how the PKP model describes data delivery from network to application.

Discover whois information for a domain, including registrar, creation and expiry dates, and contact details, and learn how nameservers reveal location for social engineering.

Learn to perform DNS lookups with nslookup on Linux and Windows, using interactive and non-interactive modes to display IP addresses and query name servers for domains like google.com.

Discover how Netcraft provides a comprehensive site report to gather target information, including hosting details, IP addresses, DNS data, domain registrar, and SSL information for reconnaissance.

Explore the demitry information gathering tool to collect IPs, subdomains, and emails, saving results to a file for targeted reconnaissance.

Learn how reverse IP and reverse DNS lookups reveal all websites on a hosting server, helping pen testers map the attack surface and assess security.

Learn how DNS translates domain names to IP addresses, how reverse DNS works, and how to use Robtex to gather DNS records, name servers, IPs, and subdomains for reconnaissance.

Explore what subdomains are and why discovering them matters for security, then learn basic subdomain discovery techniques and tools used in penetration testing.

Learn how brute force attacks work by testing multiple username and password combinations on a login page, using an admin/password example, to illustrate gaining access during penetration testing.

Perform a brute force attack with Burp Suite to automate credential guessing. Configure the browser proxy, intercept login requests, and use Intruder with cluster bomb to test usernames and passwords.

Explore cross site scripting types—stored, reflected, and DOM-based—by injecting JavaScript into web pages, causing client-side execution and highlighting security risks in bug bounty and penetration testing.

Explore reflected cross-site scripting (xss) as a common vulnerability where user inputs are reflected in server responses, enabling malicious scripts via crafted links or forms.

Identify and exploit reflected cross-site scripting by testing input reflection and JavaScript payloads, and understand how crafted links may trigger malware downloads.

Advance attacking demonstrates bypassing weak input filters, reflecting inputs, and using case-insensitive payloads to reveal exploitable vulnerabilities in websites for bug bounty.

Explore how stored XSS embeds malicious code on the server, such as in a database or messages, and how every user who fetches the page sees and executes it.

Examine how to test web app input handling with stored and reflected vulnerabilities on a message board, including input length limits and bypassing filters.

Explore advanced attacking techniques in web security, focusing on cross-site scripting, including stored and reflected XSS, and how input filtering and payload manipulation affect security.

Explore how file upload vulnerabilities in web applications allow attackers to upload malicious code via image uploads, potentially execute on the server, deface pages, or access sensitive data.

Explore how to identify and exploit a file upload vulnerability on a website, including uploading arbitrary files, bypassing filters, and inspecting server responses to assess security.

Advance attacking explores techniques for testing web application defenses, including escalating security levels, inspecting and modifying requests with Burp Suite, and examining file upload handling through black-box testing.

Explore sql injection basics, showing how unsanitized input in login and other forms lets attackers access or manipulate data in an rdbms, and why understanding sql matters for white-hat testing.

Explore the anatomy of a relational database, with tables of rows and columns, where each record has an id, name, username, and password, with millions of records and injection vulnerabilities.

Explore the basic SQL select syntax by querying the user table with where name equals John Smith, illustrating how to select all fields or specific data from users.

Explains sql injection basics by showing how or 1=1 bypasses login, using select all from users to access accounts and revealing how attackers exploit input fields.

Explore sql basics for web testing, including selecting login sessions, grouping by user, ordering by longest sessions, and key keywords like insert, update, delete, join, and union, with injection risks.

Learn how inner, left, right, and full joins combine users and logins to retrieve related data, and preview the union concept in SQL basics for pen testing.

Learn how union combines data from two queries with matching data types, column counts, and order, and how union based sql injection can reveal passwords from users and admin tables.

Explore practical sql injection on a live website, identify vulnerable inputs, and test with apostrophes to trigger errors. Reveal how injected queries expose user details.

Master union-based sql injection by determining the target table's column count with order by, incrementing column indices, and using comments to reveal results.

Explore union-based sql injection techniques to enumerate databases, tables, and columns using information_schema, and extract user data with group_concat through union queries in a hands-on hacking lab.

Explore remote and local file inclusion vulnerabilities that let attackers control executed files, enable remote code execution on the web server, and potentially deface websites.

Discover how local file inclusion vulnerabilities arise when unsanitized user input reaches an include function, enabling attackers to read sensitive server files and expose credentials.