
Outline the scope and structure of the ethical hacking course, from beginner to advanced levels, setting learning objectives and key topics for students.
Explore what ethical hacking is by defining access to remote systems and reading restricted data to test security, and learn about blackhead hackers, delighted hackers, and great hackers.
Demonstrates how saved usernames and passwords can be viewed in Firefox, including viewing login data and revealing passwords, and discusses how to stop this and keep secure.
Enable a master password in Firefox to protect saved usernames and passwords, learn how to set strong credentials, view stored logins, and reset or remove the master password when needed.
Explore how saved usernames and passwords in Google Chrome can be accessed, viewed, and exported, highlighting privacy and security risks for browser users.
Explore browser security weaknesses and how inspect element can reveal passwords in Chrome, while noting Firefox protections around administrator and master passwords to emphasize robust password safeguards.
Explore how Thunderbird manages user credentials by viewing and securing saved passwords, setting a master password, and understanding password storage and safety within email applications.
Examine how email clients like Microsoft Outlook can reveal usernames and passwords, and preview common tools used to hack passwords, within an ethical hacking framework.
Explore tools to reveal and export passwords stored in firefox, chrome, outlook, and thunderbird using password recovery utilities and browser password viewers.
Explore a portable launcher with a suite of over 200 freeware tools for Windows, offering password recovery, browser data access, network insights, no installation, and no spyware.
Create a hacking lab using virtualization to run multiple virtual machines with different operating systems on one computer. Isolate the host, practice attacks, and safely test new techniques and websites.
Download and install VirtualBox across Windows, macOS, and Linux, then install the extension pack to enable USB device support and VM functionality, and prepare to install a Linux VM later.
Install Kali Linux 2020.3 in a virtual machine using VirtualBox, import the image, allocate two gigabytes of RAM and CPUs, boot, and log in as Carly to access hacking tools.
Set the super user password from the default Carly account in the terminal, then switch to the root user and log in to secure the system after Linux 20-20 installation.
Learn to update and upgrade Kali Linux using update and full upgrade commands to install the latest system updates; timing depends on internet speed.
Learn to disable the lock screen in a Linux desktop environment by navigating to display settings and turning off the lock screen to avoid repeated password prompts.
Explore Kali Linux’s categorized applications for information gathering, vulnerability analysis, and web application analyses, and learn to navigate the filesystem, switch workspaces, and launch tools like Firefox.
Navigate the linux terminal with pwd, ls, and cd; explore file structure and use man and --help for quick command guidance.
Compare bridged networking and NAT for virtual machines, showing how bridged networking places the guest on the same network as the host and DHCP assigns IPs.
Explore essential network commands, including IP, ping, ARP, and routing tables, to identify interfaces, addresses, MAC addresses, and how traffic travels across gateways.
master viewing, creating, and editing files using echo and append redirection. use touch and nano to create files and script edits for exploit development.
Start and stop Kali services such as Apache2 to run a web server, verify via browser, edit /var/www/html, and explore alternatives like Python's http server.
Explore proxies and vpn services to route your traffic with encryption, bypass firewalls and geo blocks, and learn about accessing the dark web with Tor.
Explore how Tor browser enables online anonymity by routing traffic through multiple nodes with multi-layer encryption, accessing the dark web, while noting slower speeds and legal considerations.
Learn how to install Tor browser on Linux by creating a dedicated non-root user, downloading from official sources, extracting the package, and launching Tor for anonymous browsing.
Explore how the dark web operates as a hidden part of the deep web, accessed via Tor with onion domains and Bitcoin commerce, plus privacy considerations.
Explore the dark web with Tor, navigate dot onion sites, assess anonymity and privacy, and exercise caution around illegal content while testing security.
Discover how proxychains hides your real IP by routing traffic through proxies like Tor and SOCKS on Kali Linux. Learn to prevent DNS leaks and cover footprints to maintain anonymity.
Configure proxychains and Tor on Linux to route traffic through socks proxies, verify anonymity with browser tests, and manage dynamic IP addresses for secure browsing.
Understand what a MAC address is, how it reveals hardware identity on a local network, and learn to view and change it with macchanger and ifconfig in a Linux VM.
Learn to change a mac address in a virtual machine with ifconfig and observe its effect on connectivity. Use virtualbox settings to randomize the mac while keeping the manufacturer unchanged.
This lecture explains what OWASP is, reviews the top ten web vulnerabilities, and compares 2013 and 2017 updates, including injection, broken authentication, XSS, insecure deserialization, and insufficient login and monitoring.
Explore what injection means in web apps, how untrusted data injected into queries or commands enables attacks, and how escaping and parameterized queries prevent it.
Explore broken authentication vulnerabilities, including bypass and brute-force attacks, lack of rate limits and poor session management, leading to temporary or permanent account takeover; learn strong authentication and token-based safeguarding.
Identify and protect against sensitive data exposure by enforcing access controls, encrypting data at rest and in transit, avoiding insecure storage, and disabling caching of sensitive responses.
Explore xml external entities, a vulnerability in xml parsers that process external references, risking data disclosure and remote code execution. Prevent xxe by validating input and disabling external entities.
Learn how security misconfiguration arises from default credentials and unpatched flaws in web servers and DNS. Fix it by removing default configurations, updating software, and disabling unnecessary features.
Identify broken access control vulnerabilities and privilege escalation types, including horizontal and vertical escalation and insecure direct object references, and enforce server-side access control with token invalidation on logout.
Cross site scripting enables attackers to execute JavaScript in a victim's browser, hijack sessions and take over accounts, with reflected, stored, and DOM XSS and mitigations like escaping and sanitisation.
Explain insecure deserialization, where untrusted data can lead to remote code execution, data tampering, and exposure of sensitive files; emphasize integrity checks, blocking hostile objects, and thorough logging.
Identify and audit web components to prevent issues from known vulnerabilities and outdated software. Patch systems and disable unused features to prevent remote code execution, malware, and server takeovers.
Examine insufficient logging and monitoring that enables real time attacks when logs are not captured or alerted. Learn how comprehensive logging, monitoring, alerting, and incident management protect against information leakage.
Explore information gathering through whois lookup to reveal domain ownership, IP address, DNS records, hosting, server software, and creation dates, while noting privacy limits.
Learn to identify technologies used on a target website, including hosting, domain, analytics like Google Analytics, WordPress, and client-side versus server-side languages.
Explore dns information for target websites, including dns records, name servers, ip addresses, and reverse lookups; examine hosting history and the role of social engineering in gaining access.
Explore how websites on the same server share an IP address and how penetration testing can reveal vulnerabilities across multiple sites, highlighting server-wide access risks.
Explore subdomains and how unadvertised or beta subdomains reveal vulnerabilities and access points. Learn to use information gathering with dns dumpster to map subdomains and assess security risks.
Learn to use Maltego for comprehensive information gathering across people, websites, and companies, building graphs with transformers to reveal external links and enhance social engineering skills.
Identify a target within a bug bounty program, review program scope and rules of engagement, and begin information gathering, including subdomain and web application enumeration, to stay within scope.
Learn a realistic approach to gathering target emails with Hunter.io, discovering email formats, and compiling name-based lists for credential testing in penetration testing scenarios.
Learn how theharvester gathers target information by querying multiple data sources (Google, Bing, LinkedIn, Baidu, Twitter, Yahoo, Hunter) for emails and subdomains from a specified domain.
Learn to identify and enumerate subdomains during web information gathering to expand scope in penetration tests and bug bounties, using Sublist3r and related tools.
Discover subdomain hunting using crt.sh and certificate fingerprinting, identify registered certificates, and probe for alive subdomains with tools like sublethal to expand the scope beyond main domains.
Explore project discovery's subdomain records across bug bounty programs, watch for new subdomains, and download comprehensive lists to enumerate vulnerable targets for bug bounties.
Explore Google dorks and search operators to locate subdomains and potentially sensitive files, teaching ethical hackers to research, narrow results, and identify risks.
Ethical Hacking: Beginners to Advanced level.
Latest Kali Linux 2020: Hack into systems like a black hat hacker using the best hacking tools.
This course is going to highly practical.
What we cover in this course:
Physical Hacking Gain access to all the usernames and passwords stored in system in just 1 click.
Kali Linux 2020 latest version Setup and installation process, Terminal & Linux commands, Network commands
Hide your ip address Stay anonymous while performing attacks and accessing dark web.
OWASP Top 10 Security Risks & Vulnerabilities
Information Gathering All the tools and techniques to gather information of your user or website.
Bug Bounty Programs Choose your target, find bug against the program and earn money.
Hack into servers Discovering information related to servers and exploiting it. And practice attacks on Metasploitable virtual machine.
Website Hacking Discovering sensitive files and data on website, SQL injections and exploiting database. Use automated tools for sql injections and website hacking.
OWASP ZAP For penetration testing of your website/web application. It helps you find the security vulnerabilities in your application.
Burp Suite One of the most popular penetration testing and vulnerability finder tools, and is often used for checking web application security. Used to evaluate the security of web-based applications and do hands-on testing.
Social Engineering Hack any website or social media credentials, Powerful Beef Framework and how cybercriminals steal data.
Shodan Search engine on which we see all the devices which are connected on the Internet.
Github Recon for Bug Bounty Why Github is important for bug bounty hunters, especially in the recon phase?
Hack Android Phones using shell access
We will cover all aspects with different techniques and tools. We will start with terminology and integrate it the practical usage and hand on experiences.
At the end of the course, you will easily understand what hacking is and how you can take necessary precautions for yourself or for your organization.
This course is focused on the practical side and includes the beginner to advanced level sessions. So you don’t need to have a previous knowledge of Kali Linux or Ethical Hacking.