Set up a safe hacking lab with free virtual machines to practice ethical hacking. Learn what a virtual machine is and how to install and use it for lab tasks.

Explore how a virtual machine lets you run multiple operating systems safely for ethical hacking training, using VirtualBox to test Linux, Windows, and more.

install virtualbox on windows with the extension pack and the visual c++ redistributable, running as administrator, then create virtual networks and machines to practice ethical hacking.

Install virtualization in macOS by setting up VirtualBox, choosing the right macOS version for Intel or ARM, and adding the extension pack to enable networked virtual machines.

Learn how to download Kali Linux and understand Linux distributions for penetration testing, including VirtualBox setup, 64-bit vs 32-bit considerations, and alternatives like Parrot and Black Arch.

Learn to install Kali Linux from OVA or VDI files, import and configure the virtual machine in VirtualBox, explore bare-metal options, and troubleshoot common setup issues.

Troubleshoot linux installation problems on windows by checking free space and 64-bit selections, enable virtualization, adjust bios and Hyper-V settings, then compare VirtualBox and VMware options before iso installation.

Install color linux in VirtualBox from an ISO file, troubleshoot overlays, configure language, keyboard, hostname, domain, and user credentials, and complete the installation with default options.

Solve linux installation problems on macs using UTM as an alternative to VirtualBox, detailing Intel and M1 considerations, ISO images, and Kali Linux installation.

Install Windows as a virtual machine in VirtualBox to create a test platform for ethical hacking, enabling a Kali Linux networked environment to practice attacks safely.

Learn how to use VirtualBox snapshots as save points to capture and restore system states, enabling safe experimentation with Kali Linux and other tools for ethical hacking practice.

Set up your hacking lab for section six network pentesting with a USB Wi-Fi card, and continue with Kali Linux 101 in section three.

Learn the basics of Kali Linux, including Linux commands, and understand Kali Linux as a distribution for penetration testing; review its user interface and how to change the password.

Learn linux basics using a Kali Linux setup, exploring the color Linux desktop and terminal usage, including command line and root terminal, with essential tools.

Learn to navigate the Linux terminal, using pwd, ls, cd, mkdir, and touch to explore directories like home, documents, and downloads, and manage files effectively.

Learn to move and copy files and folders in the terminal with cp and mv, navigate with cd and ls, and delete with rm -r and rm -rf for directories.

Understand how the root user holds top privileges in Linux, and learn to switch to root with sudo or su to manage files and permissions safely.

Explore the Linux folder structure and its purpose across /bin, /etc, /dev, /var, /tmp, and /home. Learn how binaries and configurations are organized, and why this matters for cybersecurity interviews.

Learn how linux package managers like apt and apt-get simplify installing, updating, upgrading, and searching tools across distros, with examples including Wireshark and bettercap.

Learn to use nano, a lightweight Linux text editor, to view, edit, and save files across Kali and other Linux distributions, with commands like cat, sudo, and permission handling.

Learn Linux basics by listing files with ls -la, discovering IP details with ifconfig, and securely changing the Kali or root password using passwd. Emphasizes keyboard considerations and command history.

Practice the basics, clarify what to use, when to use it, and how to use it, and prepare to be anonymous online as you follow the curriculum in the sections.

Learn how to achieve online anonymity using Kali Linux by configuring DNS and setting up VPNs.

Discover how networks work by distinguishing local and public IP addresses through a home router, and apply DNS, VPN, and ifconfig in Kali Linux.

Explore how vpn and dns enable anonymous internet access by routing traffic through remote servers and resolving domain names to ip addresses, with practical notes on legality and usage.

Learn to run a VPN service on a Linux machine using OpenVPN and VPNBook, navigate and configure VPN files, test anonymity with IP checks, and troubleshoot DNS issues.

Troubleshoot vpn issues, edit the vpn book to address sstl errors, and change dns by editing resolve dot com to use Google or Cloudflare servers, then verify internet access.

Troubleshoot vpn access by trying multiple vpn options, switching dns settings such as Cloudflare or Cloud nine, testing on host and Linux, and revert configurations when needed, including vpn trials.

Wrap up anonymity topics by reviewing VPN usage and changing DNS records in Kali Linux, and preview dark web browsing for the next section.

Learn the basics of the dark web and how to go into and browse it, for your career as an ethical hacker and cybersecurity specialist.

Define the dark web, contrast it with visible and deep web, and learn to browse it using the Tor Browser on Kali Linux for cyber threat intelligence.

Install and configure the Tor browser on Kali Linux to access the dark web, using a vpn, downloading and extracting Tor, adjusting the startup script, and configuring bridges if needed.

Browse the dark web using the Tor browser and DuckDuckGo to explore hidden wiki and onion sites, while adjusting security to safer levels.

Conclude your exploration of the dark web and prepare to tackle network and system penetration tests, including user attacks, computer attacks, and website penetration testing.

Explore the fundamentals of network penetration testing, including wireless password cracking and attacking devices on the same network. Learn to choose a Kali Linux compatible Wi‑Fi USB card.

Explore network penetration testing to understand network attacks and cybersecurity. Learn dictionary attacks on wireless networks, crack WPA and WEP passwords, and apply ARP poisoning and man-in-the-middle techniques.

Choose a usb wifi card with monitor mode and packet injection to use Kali Linux in a virtual machine. Assess chipsets and read reviews to ensure compatibility before purchase.

Connect a USB Wi-Fi adapter to a Kali Linux virtual machine in VirtualBox, enable USB ports, select USB 3.0, and configure bridged or NAT networking to obtain wlan0 connectivity.

Discover what a mac address is, why you might change it, and how to change it using ifconfig and mac changer on Kali Linux to manage unique hardware identifiers.

Enable the wifi adapter's monitor mode with airman-ng, verify the interface becomes monitor, and learn to switch back to managed mode for internet access.

Learn to use USB wifi cards in Kali Linux and spoof MAC addresses. Compare monitor mode with managed mode and prepare to gather network information even when not connected.

Learn to gather information from networks, using monitor mode to collect data without connecting, and prepare for cracking network passwords in the next section.

Learn to sniff wireless networks with Kali Linux, enable monitor mode, and use Airodump-ng to gather ssid, bssid, channel, and power for future password cracking.

Isolate a network and run airodump-ng to collect detailed information (bssid, stations, channel) for targeted attacks, and learn to save results to a cap file and analyze with Wireshark.

Learn to perform deauthentication and authentication attacks against a target wireless network using airplay tools in monitor mode, focusing on a specific BSSID or client.

Learn to gather relevant network information using monitor mode, and prepare to crack network passwords in the next section.

Explore wireless attacks by examining how to crack passwords across WEP and WPA encryption models. Learn defensive measures to stay safe against these hacker attacks.

Explore wireless network encryption with WEP, WPA, and WPA2, and learn how to break WEP and adjust router security settings from the admin dashboard.

Learn how WEP uses a password and 24-bit initialization vectors to encrypt packets, and how repeating IVs enable cracking with aircrack-ng after collecting thousands of IVs.

Learn how to crack WEP using aircrack-ng and airodump-ng, from monitor mode to capturing IVs and generating a cap file, then retrieving the WEP key.

Explore fake authentication and packet injection on a WEP network using aircrack-ng to collect IVs and crack the password, with ARP replay and mode switching.

Explore WPA and WPA2 encryption, handshakes, and password cracking concepts, including capturing a four-way handshake, building wordlists with crunch, and using aircrack-ng and airodump-ng in monitor mode.

Learn to capture a handshake with airodump-ng on a known network, save a cap file, and prepare for cracking it with aircrack-ng using a wordlist.

Crack WPA by using a captured handshake and a generated wordlist with crunch, then brute force with aircrack-ng in kali linux, highlighting practical limits and alternatives.

Explore wordlist alternatives for WPA decryption, including crunch, GPU hash me, and prebuilt wordlists; learn to optimize handshake capture and test passwords efficiently.

Secure your home network by enabling WPA2 or higher with a long, complex password, and using both 2.4GHz and 5GHz networks.

Learn to attack wireless networks to crack passwords and connect to the network, because that access matters. In the next section, see how to attack devices on the same network.

explore post connection attacks, including the man-in-the-middle method to intercept data, capture keystrokes and screenshots, and learn protective strategies against such hacker threats.

Create a VirtualBox lab to simulate a shared NAT network, then use Netdiscover to map IP and MAC addresses of connected devices for attack practice.

Learn to use nmap to map networks, scan local and external IP ranges, and identify hosts, open ports, services, and operating system details for understanding vulnerabilities.

Master the ARP protocol and its spoofing vulnerabilities that enable man-in-the-middle attacks on local networks. See how routers and devices exchange IP and MAC addresses to route traffic.

Explains manual arp poisoning using arp spoof to impersonate router for a victim, enables ip forwarding, and verifies spoofing by inspecting the arp table.

discover how wireshark, a network analyzer—not a hacking tool, helps visualize packets, inspect requests and responses, and analyze protocol details like tcp and arp.

Explore how to use Wireshark to filter HTTP traffic, inspect post requests, and uncover credentials.

Bettercap is a Swiss army knife for network reconnaissance and man-in-the-middle attacks, enabling ARP spoofing and packet sniffing to reveal usernames and passwords.

Explore using net probe to map a network, then use arp spoofing with full duplex enabled to perform a man-in-the-middle attack, specifying targets and gateway.

Explore arp spoofing setup with bettercap, enable full duplex, and sniff traffic to reveal usernames and passwords on http pages, while noting encryption on https.

Learn to attempt downgrading https to http using hsts hijack in bettercap, examining limitations and the role of caplets, and updating hijack scripts from GitHub for improved testing.

Demonstrate ARP spoofing to create a man-in-the-middle attack, configure targets and replacements, and observe how downgrading to http reveals security weaknesses in a lab setting.

Defend against man-in-the-middle and arp spoofing by checking arp tables for mismatched router macs, avoid suspicious networks, and use a vpn on public wifi to encrypt traffic.

Explore arp spoofing and man-in-the-middle attacks, learn how to capture information on the same network, including screenshots and key logs, and highlight safety against these threats.

Explore system pentesting fundamentals by scanning for open ports and vulnerabilities, and gaining access using that vulnerability, with testing extending from internal networks to external networks via NAT network configurations.

Explore the hacker methodology for penetration testing across servers, networks, and wireless systems; learn reconnaissance, passive and active information gathering, and gaining access with end map and Metasploit.

Install metasploitable by unzipping file, creating a Linux virtual machine in VirtualBox with Ubuntu 64-bit and 1 GB RAM, boot and log in to practice on same network as Kali.

discover how to locate a target on a lab network with netdiscover, then use nmap to map ports and services with version detection, while noting timing options and legal cautions.

Perform a comprehensive nmap scan on domain or range targets, using CIDR notation and exclusions, with TCP/UDP probes, port ranges, service and version detection, OS detection, timing, and output saving.

Analyze nmap results to identify open ports, running services, and their versions, then assess vulnerabilities and the need for secure configurations and timely upgrades.

Explore a first hacking session identifying an open FTP port with anonymous login, a vulnerable VSM FTP 234, and using Metasploit to gain a remote shell.

Compare telnet and ssh, showing telnet's unencrypted credentials captured with Wireshark, and demonstrate ssh encrypts traffic, highlighting why ssh is preferred for secure server access.

Identify samba vulnerabilities from an end map scan, explore versions 3.x–4.x, and use a metasploit module to gain a reverse shell on a linux server in an active directory environment.

Explore exploiting a postgresql vulnerability in a vulnerable web app using Metasploit to obtain a meterpreter session and post-exploitation capabilities such as privilege escalation and remote control.

Advance your system pentesting skills by using metasploit, performing scans and mapping, discovering vulnerabilities, and leveraging exploits to gain access across websites and penetration testing sections.