Welcome to my comprehensive course on using Android as a penetration testing tool, you will start as a beginner with no previous knowledge about penetration testing. The course will start with you from scratch, from preparing your Android device and computer, installing the needed apps and will finish up with examples of real life scenarios that will give you full control over various computer systems.
This course focuses on the practical side penetration testing without neglecting the theory behind each attack, for each attack you will learn how that attack works and then you will learn how to practically launch that attack, this will give you full understanding of the conditions which allow this attack to be successfully executed, this knowledge will help you to detect and sometimes prevent this attack from happening. The the attacks explained in this course are launched against real devices in my lab.
The Course is Divided into four main sections:
NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.
NOTE: This course is totally a product of Zaid Sabih and No other organization is associated for certification exam for the same. Although, you will receive Course Completion Certification from Udemy, apart from that No OTHER ORGANIZATION IS INVOLVED.
This lecture explains what you need to do in order to prepare your Android device for penetration testing, it will not go in detail of how to do each step as that is explained in the next lectures.
This lecture will just give you a quick view of the home menu of NetHunter, it will also show you the lab that I will be using during this lecture.
This lecture will give you an overview of what software you need to install for this course, and how it can be installed.
You will also see how to install Kali as a virtual machine.
In this lecture you will learn how to install Kali Linux using the iso image.
Skip this lecture if the method above works for you and you're happy enough with it.
This lecture will show you how to discover all WiFi networks around you, you will also be able to see important information about these networks and how far they are.
This lecture shows you how to prepare your Android device to be used in cracking WiFi keys.
Once this is done the cracking process is the same weather it is from your phone or laptop, there fore it is not explained in this course as it is not specific to Android devices.
I have a full course explaining how to crack WiFi keys, so if you are interested into learning that please send me a private message and I will give you that course for $10 only.
This lecture will show you how to use Wifi Analyser to discover the connected devices to your network, this is a quick method but will only show basic info about these devices.
In this lecture we will use a new app called Zanti2, we will use it to discover connected devices and show more info about them than the previous method such as the open ports in the discovered devices.
In this lecture, we will use Zanti's advanced scan option which uses nmap to show more info about the connected devices such as the services (programs) that use the open ports we discovered in the previous vidoe.
This lecture will give you an overview of the attacks and concepts that you will learn in this section of the course.
This section will cover a number of attacks to spy on a target and capturing sensitive data such as usernames and passwords.
This lecture will give you a brief description of each MITM (Man In The Middle) attack that you will learn in this section, these attacks will basically place you in the middle of the connection between you and the target, allowing you to capture and read everything the target send or recieve, not only that but you'll also be able to modify the data sent/recieved
This is the first method that you will learn on becoming the man in the middle, this attack works by connecting your device to any computer (MAC/Linux/Windows), once you connect your Android to the target device, the android device will fool the target device that it is a network card forcing all the traffic to be redirected through your device, this means that anything the target person does on the internet (including usernames and passwords) will flow through your Android device which allows you to read/modify this info.
After launching the badUSB attack, the data will flow through the device, in this lecture you will learn how to store this data on file and read it using Wireshark.
In this lecture we shall learn how to bypass HTTPS/SSL so that we can sniff passwords from HTTPS enabled web pages such as hotmail and yahoo.
In this video we shall learn how to control DNS requests made by the target computer.
This can be very useful in many cases, for example redirect requests from live.com to a fake login page or to a paeg asking them to download a backdoored update.
In this lecture you will learn how ARP Poisoning works, one of the most dangerous and effective MITM attacks.
This video will teach you how to use a tool called arpspoof to arp poison a network and become the man in the middle.
This video show you how to use Zanti2 to do arp poisoning.
This video shows you how to capture downloaded files and replace them with any other file.
Here we will have a look on other attacks that you can do while being the man in the middle like replacing all images loaded by the target person, injecting html code and executing java script at the target computer.
This is the 3rd method to become the man in the middle, in this method we will create a fake AP with internet connection so that when people connect to it we will automatically be the man in the middle.
In this video we well have a look on Mana-Toolkit (the tool that we will use to create the fake AP) and the setup we need to successfully run a fake access poing.
In this lecture you will learn how to configure mana and start the AP.
In this video you will learn how to store the data sent in the fake AP and analyse it to find sensitive data such as passwords.
In this lecture we shall learn two methods to detect ARP poisoning attacks.
In this lecture we shall learn how to use Wireshark to detect ARP Poisoning attacks and other suspicious activities in the network, we will also learn how to protect against ARP Poisoning attacks.
This lecture will give you a quick overview of the methods and attacks that you will learn in this section.
In this section you will learn a number of attacks that will give you full control over the target computer.
In this video you will lean how to set up your Android device so that it can be used to login to Windows and OSX computers without a password.
This video shows you how to bypass Windows and OSX logins using your android device., ie: logging in without a password.
This lecture will teach you how to create an undetectable backdoor.
Here you will learn how to use the metasploit meterpreter after hacking a certain device.
You will learn how to browse the file system, download/upload files, start a key logger and much more!
In this lecture we will use the backdoor we created earlier and replace any downloaded exe with that backdoor.
In this video you will learn how to backdoor exe's as they are being downloaded, this means that the downloaded file will work perfectly but at the same time it will execute your backdoor.
In this lecture you will learn how to program your android device to execute windows commands when it's connected to a Windows computer via USB.
In this lecture we will use the same method as before, but we will gain full access to the target computer using the powersploit option.
My name is Zaid Al-Quraishi , I am an ethical hacker, pentester and a computer scientist. I just love hacking and breaking the rules, but don’t get me wrong as I said I am an ethical hacker.
I have a very good experience in ethical hacking. I started making video tutorials since 2009 in an ethical hacking website (iSecuri1ty), I received very good feedback for my tutorials which lead to promoting me as an editor in the website. I also work in the penetration testing team of iSecur1ty.
In 2013 I started teaching my first course online in the training center in iSecur1ty, again this course received amazing feedback for learners, which motivated me to create an English version of this course.
The english course was the most popular and the top paid course in Udemy for almost a year, again the feedback was amazing, therefore I decided to make more courses on ethical hacking, so I released a number of other courses which are doing just as good as that one.
My method of teaching is mostly by example, so I usually start by explaining the theory behind each technique, then I show you how it actually works in a real life situation.