
“By the end of this course, you will be able to perform hands-on Windows penetration testing by executing 45 ethical hacks and exploits, from reconnaissance and enumeration to exploitation, privilege escalation, persistence, and reporting.”
In this lesson, you’ll learn how to download and install Oracle VirtualBox on a Windows 10 or 11 system. We’ll cover where to find the correct installer, how to configure installation options, and ensure your system is ready to run virtual machines. By the end, you’ll have VirtualBox fully set up and prepared for building and managing virtual environments.
This lesson walks you through downloading and installing the Oracle VirtualBox Extension Pack to unlock advanced features. You’ll learn how to add support for USB 2.0/3.0 devices, virtual remote desktop, disk encryption, and more. By the end, your VirtualBox setup will be enhanced with the tools needed for a complete virtualization experience.
In this lesson, you’ll learn how to create a virtual installation of Kali Linux using Oracle VirtualBox. We’ll cover downloading the Kali ISO, setting up the virtual machine, and configuring resources like CPU, memory, and storage. By the end, you’ll have a fully functional Kali Linux environment ready for penetration testing and ethical hacking practice.
In this lesson, you’ll learn how to build a fully automated Windows 10 installation from the ground up using deployment scripts, answer files, and post-install automation techniques. Instead of manually clicking through every setup screen, you’ll create a streamlined process that installs Windows 10 with minimal user interaction.
This walkthrough covers preparing the installation media, configuring unattended setup files, automating user creation, applying system settings, installing drivers, and deploying software automatically after installation. You’ll also see how automation is used in real-world IT environments, cybersecurity labs, virtual machine deployments, and enterprise imaging workflows.
By the end of this lesson, you’ll have a repeatable Windows 10 deployment process that saves time, reduces errors, and can be reused for labs, testing environments, training systems, or production-ready workstation setups.
In this lesson, you will learn how to transfer the PowerShell-Lab folder from your host computer to the Windows 10 target VM. The PowerShell-Lab folder contains the scripts used throughout the course to configure, validate, and prepare the target machine for cybersecurity and DFIR exercises. By the end of this lesson, the folder will be successfully copied to the Windows 10 desktop and ready for use in future labs.
In this lesson, you will learn how to transform your clean Windows 10 lab machine into a vulnerable target using the PowerShell-Lab scripts. These scripts apply a series of controlled security misconfigurations that will be used throughout the course for vulnerability assessments, digital forensics investigations, and cybersecurity exercises. By the end of this lesson, your Windows 10 VM will be ready for the hands-on labs that follow.
In this lesson, you will learn how to automate the installation and configuration of Metasploitable3 (Windows Server 2008) using Packer, Vagrant, and VirtualBox. Rather than manually installing the operating system and vulnerable services, you will use an automated build process to create a repeatable lab environment suitable for penetration testing, vulnerability assessments, and cybersecurity training. By the end of this lesson, you will have a fully functional Metasploitable3 Windows Server 2008 virtual machine ready for use in the hands-on labs that follow.
In this lesson, you’ll learn how to set up a Windows Server 2016 virtual machine using Oracle VirtualBox. We’ll walk through downloading the ISO, configuring VM settings such as memory, storage, and networking, and completing the installation. By the end, you’ll have a fully functional Windows Server 2016 environment ready for labs, testing, or cybersecurity practice.
In this lesson, you’ll learn how to use Nmap to scan and analyze Windows systems for open ports, services, and potential vulnerabilities. We’ll cover essential commands, interpreting scan results, and understanding how attackers use this information during reconnaissance. By the end, you’ll be able to perform basic Nmap scans on Windows targets and apply the results to strengthen system security.
In this lesson, you’ll explore how Nmap can identify running services and detect operating systems on Windows targets. We’ll cover service version scanning, OS fingerprinting, and how to interpret the results to assess potential weaknesses. By the end, you’ll understand how attackers gather detailed system information—and how defenders can use the same techniques to strengthen security.
Master the basics of Nmap scanning by identifying open ports and running services on Windows targets. This lesson demonstrates essential scan types, explains how attackers map network surfaces, and highlights why defenders need regular vulnerability and port assessments.
Learn to discover live hosts and basic services using Nmap. Hands-on coverage of ping/ARP discovery, TCP/UDP scan types, timing and stealth options, interpreting output, and exporting results for triage.
In this lesson, you’ll learn how to use the Nmap Scripting Engine (NSE) to probe and analyze Windows services in greater depth. We’ll cover selecting useful scripts, running them against common Windows targets, and interpreting the results to uncover misconfigurations and vulnerabilities. By the end, you’ll know how to leverage NSE to expand Nmap’s capabilities beyond simple scanning.
In this lesson, you’ll learn how to perform vulnerability scans using Nessus against Windows systems. We’ll cover installing and configuring Nessus, running basic and advanced scans, and reviewing the results to identify critical weaknesses. By the end, you’ll understand how to use Nessus as a powerful tool for uncovering vulnerabilities and improving Windows system security.
In this lesson, you’ll learn how to use OpenVAS to scan Windows systems for vulnerabilities. We’ll walk through installing and configuring OpenVAS, running targeted scans, and analyzing the results to uncover security gaps. By the end, you’ll know how to apply OpenVAS as an open-source alternative to commercial vulnerability scanners to strengthen Windows security.
In this lesson, you’ll discover how to use Shodan to identify systems exposed on the internet. We’ll cover creating targeted search queries, interpreting results, and recognizing common misconfigurations that leave hosts vulnerable. By the end, you’ll understand how attackers leverage Shodan for reconnaissance—and how defenders can use the same insights to reduce exposure
Build a compact, reusable Bash script to automate port scans and basic service checks. Covers argument parsing, invoking nmap/netcat, parallel scanning (xargs/background jobs), output formatting (CSV/JSON), simple logging and error handling, and running safely in an isolated lab for repeatable testing.
In this lesson, you’ll learn how to use banner grabbing and service fingerprinting to identify applications and services running on Windows systems. We’ll cover simple manual techniques, automated tools, and how attackers use this information to plan exploits. By the end, you’ll know how to gather detailed service data and apply it to both offensive testing and defensive hardening.
In this lesson, you’ll learn how to use WinPEAS (Windows Privilege Escalation Awesome Script) to perform local enumeration on Windows systems. We’ll cover running the tool, interpreting its output, and identifying misconfigurations or weaknesses that attackers often exploit. By the end, you’ll know how to leverage WinPEAS to uncover privilege escalation opportunities and strengthen system defenses.
In this lesson, you’ll learn how to use the built-in Windows netsh command to extract saved Wi-Fi profiles and reveal stored credentials. We’ll cover listing available profiles, exporting configuration details, and identifying exposed passwords. By the end, you’ll understand how attackers exploit this simple technique—and how to secure wireless credentials on Windows systems.
In this lesson, you’ll learn how to use Recon-ng, a powerful reconnaissance framework, to gather intelligence on Windows-based infrastructures. We’ll cover setting up modules, running targeted queries, and collecting data on domains, hosts, and services. By the end, you’ll understand how Recon-ng streamlines reconnaissance and how the information it uncovers can be applied in penetration testing and defense.
In this lab, you will learn how to use DNSRecon, a powerful DNS enumeration tool, to identify and gather critical information about a target domain. You’ll practice running common queries to uncover records such as A, MX, NS, and TXT, and see how attackers leverage this data for reconnaissance. By the end of the lesson, you’ll understand how DNSRecon fits into the footprinting phase of ethical hacking and how to interpret results for security assessments.
Learn how to generate custom payloads using msfvenom, focusing on bind and reverse TCP shells. This lesson walks you through creating payloads, understanding how attackers establish remote access, and testing them in a controlled lab environment.
Explore how attackers leverage web payloads to compromise vulnerable servers. You’ll learn how to deploy a PHP Meterpreter shell, gain remote access through a browser, and test exploitation techniques against web applications in a safe lab setup.
In this lab, you will learn how to generate a hidden bind TCP payload using Msfvenom, a versatile tool in the Metasploit framework. You’ll walk through the process of creating the payload, configuring it for stealth, and preparing it for deployment on a target system. By the end, you’ll understand how bind shells work, the risks they pose, and how security teams can detect and defend against them.
In this lab, you will learn how to generate a hidden bind shell payload using Msfvenom, a versatile tool in the Metasploit framework. You’ll walk through the process of creating the payload, configuring it for stealth, and preparing it for deployment on a target system. By the end, you’ll understand how bind shells work, the risks they pose, and how security teams can detect and defend against them.
Understand how attackers use HTML smuggling to deliver hidden malware through seemingly harmless web pages. This lesson walks you through building and testing a smuggling payload, showing how modern browsers can be abused to bypass traditional email and network defenses.
Learn how attackers exploit SQL injection vulnerabilities in Windows IIS web applications to bypass authentication and extract sensitive data. This lesson guides you through crafting malicious queries, executing them in a safe lab, and understanding how poor input validation leads to critical security risks.
Explore the weaknesses of the legacy rlogin protocol and insecure configurations: set up an isolated VM running a vulnerable rlogin service, inspect authentication traffic and logs, conceptually reproduce an exploit to observe impact (session hijacking, plaintext creds), and apply detection and hardening: disable rlogin, enforce SSH with strong configs, and monitor/authenticate logs — all in an authorized, isolated lab environment.
Step-through a hands-on exploit of the known backdoor in VSFTPD 2.3.4: build an isolated vulnerable VM, select and configure the Metasploit module, deliver a payload to obtain a shell, inspect target logs and artifacts, and perform safe cleanup. Lesson closes with detection and hardening: patching, removing anonymous FTP, and tuning monitoring—all in an authorized lab environment.
Hands-on primer for using Netcat as a Swiss-army networking tool: create listeners and bind/reverse shells, perform TCP/UDP connections, banner grabbing, simple file transfers, port forwarding, and one-line scripting. Includes chaining with Nmap/Metasploit, lab setup, logging, and cleanup for repeatable, isolated testing.
Explore how attackers create persistent backdoors by installing malicious services on Windows systems. This lesson demonstrates step-by-step how to configure services for persistence, test their reliability after reboots, and understand why service hardening is vital for defense.
Master how attackers leverage PowerShell to establish a reverse shell for remote access on Windows systems. This lesson walks you through generating the payload, executing it in a lab, and analyzing how PowerShell’s flexibility makes it a powerful post-exploitation tool.
Learn how attackers can launch an automated Meterpreter session to create persistent backdoors. This lesson demonstrates how to configure automated tasks for automatic execution, maintain access after reboots, and spot the security gaps that make scheduled jobs a common persistence technique.
In this lesson, you’ll learn how to disable User Account Control (UAC) in Windows with PowerShell commands. We’ll walk through the step-by-step process, explain what UAC does, and demonstrate how to adjust or disable it using automation. By the end, you’ll be able to manage UAC settings directly from PowerShell, giving you more control and efficiency in system administration tasks.
Uncover how attackers bypass User Account Control (UAC) to escalate privileges on Windows systems. This lesson demonstrates common bypass methods, explains why UAC can be a weak security layer, and shows how to test these techniques safely in a lab.
Identify and confirm unquoted service-path vulnerabilities by enumerating services, inspecting image paths and permissions, reproducing the issue safely in an isolated VM to collect indicators, and applying practical fixes (quoting service paths, tightening permissions, and enabling monitoring).
Quick, hands-on walk-through of how unquoted service paths lead to local privilege escalation on Windows. Inspect service configurations, identify vulnerable binaries, and exploit the issue safely to demonstrate escalation from standard user → SYSTEM. Covers detection techniques, PoC exploitation, and hardening steps to remediate.
Learn how to use Hydra, a powerful brute-force tool, to crack login credentials across common network services. This lesson shows you how attackers perform dictionary and brute-force attacks, test weak passwords in a lab, and understand why enforcing strong authentication policies is critical for defense.
Explore how attackers use Medusa, a fast and parallel brute-forcing tool, to crack authentication on network services. This lesson covers launching attacks, comparing Medusa with Hydra, and recognizing how strong credential policies and account lockouts help defend against these threats.
Learn how attackers leverage Mimikatz to dump password hashes from Windows memory and crack them for credential access. This lesson guides you through extracting hashes, using offline cracking tools, and understanding the importance of modern authentication defenses.
Understand how attackers exploit NTLM hash reuse to authenticate without plaintext passwords. This lesson demonstrates pass-the-hash attacks in a Windows environment, shows how adversaries move laterally with stolen hashes, and highlights defenses like Kerberos, credential guard, and strong password policies.
See how attackers brute-force credentials to compromise Windows services like RDP and SMB. This lesson walks you through launching brute-force attacks in a lab, explains how weak passwords expose critical services, and highlights defensive measures such as account lockouts and multi-factor authentication.
Learn what SMB authentication is, why weak passwords fail, and how brute-force attacks work in theory. This concise, hands-on lesson covers building an isolated lab, reading authentication logs, assessing password policy weaknesses, and applying practical mitigation and detection techniques to harden systems—always within the boundaries of legal and ethical testing.
Master Metasploit’s password-focused modules and workflows: credential discovery (service-specific brute-force and auxiliary scanners), password spraying, hash harvesting and cracking integration, credential replay and pivoting, and post-exploitation credential harvesting. Includes lab setup, module selection and tuning, automation with resource scripts, output parsing, trade-offs (speed vs. stealth), and practical detection/mitigation steps.
Learn how attackers capture and crack WPA2-PSK handshakes to break into Wi-Fi networks. This lesson demonstrates capturing packets, using wordlists to recover keys, and understanding why strong passphrases and WPA3 upgrades are essential for wireless security.
In this lesson, you’ll explore how to identify Web Application Firewalls (WAFs) protecting a target site using WAFW00F, a popular security tool. You’ll see how WAFW00F fingerprints different firewall technologies, reveals protection layers, and helps penetration testers adjust their approach during assessments. By the end, you’ll understand how to run WAFW00F, interpret its results, and use this knowledge to plan more effective testing strategies.
Learn how hping3 can craft and transmit forged TCP/IP packets to simulate attacks and unusual traffic patterns for lab-based network testing. This lesson covers what packet spoofing is, how hping3 enables you to manipulate headers and flags, how to interpret target responses and logs, and how defenders utilize these techniques to validate the effectiveness of firewalls, IDS/IPS, and logging—all within controlled, authorized test environments. By the end, students will recognize spoofed traffic signatures and know how to use hping3-derived tests to enhance detection and response capabilities.
Learn to run vulnerability scans against web applications with OWASP ZAP. This lesson covers launching ZAP, using the spider and passive/active scanners, intercepting and modifying requests with the proxy, and triaging findings in the alerts panel. You’ll export actionable reports and learn how to tune scans (exclude false positives, set attack strength) so results are useful for developers and security teams. By the end, students will be able to confidently run ZAP scans and translate the results into remediation steps.
Learn how attackers abuse the HTTP PUT method on misconfigured Windows web servers to upload malicious files. This lesson demonstrates testing for the vulnerability, exploiting it to gain access, and reviewing best practices administrators can use to secure web services.
If you already have a foundation in ethical hacking and want to take your skills to the next level, Windows Exploitation: 45 Ethical Hacks & Exploits is the perfect course for you. Designed for intermediate learners, this course bridges the gap between basic penetration testing concepts and advanced exploitation techniques by focusing specifically on the Windows environment—the most widely targeted operating system in the world.
You’ll work through 45 carefully selected hacks and exploits, each demonstrated step-by-step through video lessons and practical labs. From privilege escalation and persistence methods to misconfigurations, remote access attacks, and post-exploitation strategies, you’ll gain real-world skills used by professional penetration testers and red teamers.
Each lab is hands-on, guiding you through the process of setting up, attacking, and analyzing vulnerable Windows systems in a safe virtualized environment. Along the way, you’ll learn to leverage powerful tools such as Metasploit, PowerShell, WinPEAS, and MSFVenom, and discover how attackers weaponize Windows weaknesses to gain control of machines.
By the end of the course, you will:
Confidently exploit Windows vulnerabilities across multiple attack vectors.
Use scripts and payloads to establish persistence and escalate privileges.
Understand common misconfigurations and how they are abused.
Develop a workflow for structured pentesting in Windows domains.
Build the skills needed to progress toward advanced red teaming and OSCP-level labs.
This course is designed for students who have completed beginner-level ethical hacking or pentesting training and are ready to push beyond reconnaissance and scanning into hands-on exploitation and attack execution.
If you’re serious about becoming a skilled penetration tester, security analyst, or red team operator, this intermediate course will give you the tools, knowledge, and experience to stand out in the cybersecurity field.