Welcome to my comprehensive course on Social Engineering! In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking, we will start with the basics of social engineering, and by end of it you'll be at an advanced level being able to hack into all major operating systems (windows, OS X and Linux), generate different types of trojans and deliver them using smart social engineering techniques.
This course is focused on the practical side of penetration testing without neglecting the theory . Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing safely on your own machine, then the course is divided into the four main sections:
1. Information Gathering - This section will teach you how to gather information about your target weather it is a company, website or just a person. You will learn how to discover anything that is associated with your target such as websites, links, companies, people, emails, phone numbers, friends, social networks accounts ...etc, you will also learn how to graph all of this information and use it to build a smart attack strategy.
2. Generating Evil Files - In this section you will learn how to generate evil files (files that do tasks you want on the target computer), this includes backdoors, keyloggers, credential harvester and more, you will learn how to generate these files for Windows, OS X and Linux, not only that but you'll also learn how to enhance these files to make them bypass all anti-virus programs, and make them look and function just like any other file such as an image or a pdf, you'll also learn how to embed these files in legitimate Microsoft Office documents.
3. Deliver Methods - In this section you will learn a number of social engineering methods to deliver trojans to the target, you will learn how to create fake websites that look identical to websites the target trusts, send emails that appear like they're coming from people the target trusts and use fake login pages and fake updates to hack into the target system, not only that but you'll also learn advanced social engineering techniques that would lure the target into visiting an evil URL and hack into the target system without even interacting with them.
4. Post Exploitation - In this section you will learn how to interact with the systems you compromised so far. You’ll learn how to access the file system (read/write/upload/execute), maintain your access, escalate your privileges, spy on the target, use the target computer as a pivot to hack other computer systems and more!
Finally at the end of the course you will learn how to protect yourself and your systems from these attacks.
All the attacks in this course are practical attacks that work against real computers, in each technique you will understand the theory behind it and how it works, then you'll learn how to use that technique in a real life scenario, so by the end of the course you'll be able to modify these techniques or combine them to come up with more powerful attacks and adopt them to different scenarios and different operating systems.
NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.
NOTE: This course is totally a product of Zaid Sabih and no other organization is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANIZATION IS INVOLVED.
This lecture will give you an brief intro of what social engineering is, why its used in hacking, and why learn it?
This is a teaser lecture showing you an example of what you'll be able to do by the end of the course, don't worry about the technical aspect here, you will learn each step done here later on in the course, so just sit back and enjoy the lecture.
In this course, we will be using a number of operating systems, Kali for hacking and 2 others as victim or target machines, in this section you will learn how to install all of these machines as virtual machines inside your current operating system, this allow use to use all of the machines at the same time, it also completely isolates these machines from your main machine therefore your main machine will not be affected if anything goes wrong.
This lecture will give you an overview of the lab that we will need to set up for this course.
This lecture will give you an overview of what software you need to install for this course, and how it can be installed.
You will also see how to install Kali as a virtual machine.
In this lecture you will learn how to set up a windows virtual machine so that we can try and hack into it to practice penetration testing.
This lecture will teach you how to install Ubuntu Linux as a virtual machine so that we can use it to practice hacking into Linux
In this lecture we will have a basic look on Kali linux just to get you comfortable with using it.
In this lecture you will learn how to interact with the linux terminal and run linux commands.
In this lecture, you will learn how to store the current state of the virtual machines and how to use these restore points, this is very useful because it allows you to go back or forward to different configurations of the operating system.
In this lecture you will learn how to install programs on Kali, update the sources and upgrade the system.
Maltego is a great information gathering tool that we will use during this course, this lecture will give you an overview of this tool and its basic usage.
In this lecture you will learn how to use Maltego to discover websites, domains, domain info and emails related to a company.
In this lecture you will learn how to discover the hosting company used by the target, their contact info and more.
This lecture will build up on what you learned so far about Maltego, in this lecture you will learn how to discover links, websites, files and other companies associated with your target company.
Now that we are done gathering information about the target company, we will analyse all the information we gathered so far in this lecture, and try to come up with attack strategies to hack into this company.
In this lecture and the next few ones we will start a new graph and try to gather information about a person not a company or a website, so we will start with a name (Zaid Sabih) and try to discover websites, links and social accounts associated with our target.
In this lecture you will learn how to gather even more information about our target person, you will learn how to discover potential friends (emails and social network accounts) of people associated with the target person.
Finally you will learn how to discover emails of the target's friends, these can be very useful later on as we can pretend to be one of these friends and social engineer the target into doing something that would allow us to hack into their system.
In this lecture we will zoom out and look at the information that we gathered about the target person (Zaid Sabih), we will analyse this info and come up with a number of attack strategies.
Veil 3.0 is a framework designed to generate undetectable backdoors, in this lecture we will have an overview of the framework and how to install it.
In this lecture you will learn Veil's basics, what do we mean by a payload, and what each part of the payload name means.
This lecture will teach you how to generate an undetectable backdoor, that would give you full control over any Windows computer it gets executed on.
This lecture will teach you how to listen for incoming connections so that we can communicate with the machines we hack.
In this lecture we will test the backdoor we generated before by hacking a Windows 10 machine.
The Fat Rat is yet another tool that can be used to generate undetectable backdoors, in this lecture you will learn how to install it on Kali Linux.
In this lecture you will learn how to generate an undetectable backdoor using the fat rat and hack a Windows 10 machine using it.
Empire is a framework that can be used to generate backdoors for Windows, Linux, OS X and more, it uses a completely different approach to bypass anti-virus programs, in this lecture you will learn hot to install it.
In this lecture you will lean Empire's basics and how to generate a listener to receive connections from the machines you hack.
In this lecture you will learn how to use Empire to generate an undetectable backdoor and use it to hack a Windows 10 machine.
In this lecture you will learn how to modify the source code used in Empire stagers to make it bypass all anti-virus programs.
In this lecture you will learn what is a keylogger and how it can be useful.
You will also learn how to install a program called BeeLogger that can be used to generate remote keyloggers.
This lecture will teach you how to use BeeLogger to generate a remote keylogger.
In this video you'll see the keylogger that we generated before in action, we will test it against a Windows 10 machine and you'll see how ti records all key strikes and sent them by email.
In this lecture we will have an overview on a password recovery tool called LaZagne, this tool can recover saved passwords from Windows and Linux.
In this lecture you will learn how to use LaZagne to recover saved passwords from a local machine, this will only work if you already have access to the target machine.
In this lecture you will learn how to package LaZagne as an evil file so that when executed on a computer, it recovers all saved passwords and send them to use by email.
In this lecture you will learn how to modify file's code to get it to bypass all anti-virus programs.
In this lecture we will have a look on a very useful yet simple payload, this payload can be used to download and execute any number of files when executed.
In this lecture you will learn how to use the download and execute payload to create the perfect spying tool.
My name is Zaid Al-Quraishi , I am an ethical hacker, pentester and a computer scientist. I just love hacking and breaking the rules, but don’t get me wrong as I said I am an ethical hacker.
I have a very good experience in ethical hacking. I started making video tutorials since 2009 in an ethical hacking website (iSecuri1ty), I received very good feedback for my tutorials which lead to promoting me as an editor in the website. I also work in the penetration testing team of iSecur1ty.
In 2013 I started teaching my first course online in the training center in iSecur1ty, again this course received amazing feedback for learners, which motivated me to create an English version of this course.
The english course was the most popular and the top paid course in Udemy for almost a year, again the feedback was amazing, therefore I decided to make more courses on ethical hacking, so I released a number of other courses which are doing just as good as that one.
My method of teaching is mostly by example, so I usually start by explaining the theory behind each technique, then I show you how it actually works in a real life situation.