Practical Ethical Hacking – The Complete Course

Practical Ethical Hacking – The Complete Course

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 24.5 Hours | 11.3 GB

2020 Launch! Learn how to hack like a pro by a pro. Up to date practical hacking techniques with absolutely no filler.

Welcome to this course on Practical Ethical Hacking. To enjoy this course, you need nothing but a positive attitude and a desire to learn. No prior knowledge is required.

In this course, you will learn the practical side of ethical hacking. Too many courses teach students tools and concepts that are never used in the real world. In this course, we will focus only on tools and topics that will make you successful as an ethical hacker. The course is incredibly hands on and will cover many foundational topics.

In this course, we will cover:

  1. A Day in the Life on an Ethical Hacker. What does an ethical hacker do on a day to day basis? How much can he or she make? What type of assessments might an ethical hacker perform? These questions and more will be answered.
  2. Effective Notekeeping. An ethical hacker is only as good as the notes he or she keeps. We will discuss the important tools you can use to keep notes and be successful in the course and in the field.
  3. Networking Refresher. This section focuses on the concepts of computer networking. We will discuss common ports and protocols, the OSI model, subnetting, and even walk through a network build with using Cisco CLI.
  4. Introductory Linux. Every good ethical hacker knows their way around Linux. This section will introduce you to the basics of Linux and ramp up into building out Bash scripts to automate tasks as the course develops.
  5. Introductory Python. Most ethical hackers are proficient in a programming language. This section will introduce you to one of the most commonly used languages among ethical hackers, Python. You’ll learn the ins and outs of Python 3 and by the end, you’ll be building your own port scanner and writing exploits in Python.
  6. Hacking Methodology. This section overviews the five stages of hacking, which we will dive deeper into as the course progresses.
  7. Reconnaissance and Information Gathering. You’ll learn how to dig up information on a client using open source intelligence. Better yet, you’ll learn how to extract breached credentials from databases to perform credential stuffing attacks, hunt down subdomains during client engagements, and gather information with Burp Suite.
  8. Scanning and Enumeration. One of the most important topics in ethical hacking is the art of enumeration. You’ll learn how to hunt down open ports, research for potential vulnerabilities, and learn an assortment of tools needed to perform quality enumeration.
  9. Exploitation Basics. Here, you’ll exploit your first machine! We’ll learn how to use Metasploit to gain access to machines, how to perform manual exploitation using coding, perform brute force and password spraying attacks, and much more.
  10. Mid-Course Capstone. This section takes everything you have learned so far and challenges you with 10 vulnerable boxes that order in increasing difficulty. You’ll learn how an attacker thinks and learn new tools and thought processes along the way. Do you have what it takes?
  11. Exploit Development. This section discusses the topics of buffer overflows. You will manually write your own code to exploit a vulnerable program and dive deep into registers to understand how overflows work. This section includes custom script writing with Python 3.
  12. Active Directory. Did you know that 95% of the Fortune 1000 companies run Active Directory in their environments? Due to this, Active Directory penetration testing is one of the most important topics you should learn and one of the least taught. The Active Directory portion of the course focuses on several topics. You will build out your own Active Directory lab and learn how to exploit it. Attacks include, but are not limited to: LLMNR poisoning, SMB relays, IPv6 DNS takeovers, pass-the-hash/pass-the-password, token impersonation, kerberoasting, GPP attacks, golden ticket attacks, and much more. You’ll also learn important tools like mimikatz, Bloodhound, and PowerView. This is not a section to miss!
  13. Post Exploitation. The fourth and fifth stages of ethical hacking are covered here. What do we do once we have exploited a machine? How do we transfer files? How do we pivot? What are the best practices for maintaining access and cleaning up?
  14. Web Application Penetration Testing. In this section, we revisit the art of enumeration and are introduced to several new tools that will make the process easier. You will also learn how to automate these tools utilize Bash scripting. After the enumeration section, the course dives into the OWASP Top 10. We will discuss attacks and defenses for each of the top 10 and perform walkthroughs using a vulnerable web applications. Topics include: SQL Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control, Security Misconfigurations, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, and Insufficient Logging and Monitoring
  15. Wireless Attacks. Here, you will learn how to perform wireless attacks against WPA2 and compromise a wireless network in under 5 minutes.
  16. Legal Documentation and Report Writing. A topic that is hardly ever covered, we will dive into the legal documents you may encounter as a penetration tester, including Statements of Work, Rules of Engagement, Non-Disclosure Agreements, and Master Service Agreements. We will also discuss report writing. You will be provided a sample report as well as walked through a report from an actual client assessment.
  17. Career Advice. The course wraps up with career advice and tips for finding a job in the field.

At the end of this course, you will have a deep understanding of external and internal network penetration testing, wireless penetration testing, and web application penetration testing. All lessons taught are from a real-world experience and what has been encountered on actual engagements in the field.

What you’ll learn

  • Practical ethical hacking and penetration testing skills
  • Network hacking and defenses
  • Active Directory exploitation tactics and defenses
  • Common web application attacks
  • How to hack wireless networks
  • Learn how to write a pentest report
  • Understand the security threats affecting networks and applications
  • OWASP Top 10
  • IT security trends
Table of Contents

Introduction
Introduction and Course Overview
Frequently Asked Questions Guide
A Day in the Life of an Ethical Hacker

Note Keeping
Part 1 Effective Note Keeping
Part 2 Important Tools

Networking Refresher
Introduction
IP Addresses
MAC Addresses
TCP, UDP, and the Three-Way Handshake
Common Ports and Protocols
The OSI Model
Subnetting Part 1 – Methodology
Subnetting Part 2 – Hands-On Challenge

Setting Up Our Lab
Installing VMWare Virtualbox
Linux Image Repository (UPDATE)
Installing Kali Linux

Introduction to Linux
Exploring Kali Linux
Navigating the File System
Users and Privileges
Common Network Commands
Viewing, Creating, and Editing Files
Starting and Stopping Kali Services
Installing and Updating Tools
Scripting with Bash

Introduction to Python
Introduction
Tuples
Looping
Importing Modules
Advanced Strings
Dictionaries
Sockets
Building a Port Scanner
Strings
Math
Variables & Methods
Functions
Boolean Expressions
Releational and Boolean Operators
Conditional Statements
Lists

The Ethical Hacker Methodology
The Five Stages of Ethical Hacking

Information Gathering (Reconnaissance)
Passive Reconnaissance Overview
Google Fu
Utilizing Social Media
Identifying Our Target
E-Mail Address Gathering with Hunter.io
Gathering Breached Credentials with Breach-Parse
Utilizing theharvester
Hunting Subdomains – Part 1
Hunting Subdomains – Part 2
Identifying Website Technologies
Information Gathering with Burp Suite

Scanning & Enumeration
Installing Kioptrix Level 1
Scanning with Nmap
Enumerating HTTPHTTPS – Part 1
Enumerating HTTPHTTPS – Part 2
Enumerating SMB
Enumerating SSH
Researching Potential Vulnerabilities
Our Notes, so Far

Additional Scanning Tools
Scanning with Masscan
Scanning with Metasploit
Scanning with Nessus – Part 1
Scanning with Nessus – Part 2

Exploitation Basics
Reverse Shells vs Bind Shells
Staged vs Non-Staged Payloads
Gaining Root with Metasploit
Manual Exploitation
Brute Force Attacks
Password Spraying and Credential Stuffing
Our Notes, Revisited

Mid-Course Capstone
Introduction
Walkthrough – Grandpa
Walkthrough – Netmon
Walkthrough – Legacy
Walkthrough – Blue
Walkthrough – Devel
Walkthrough – Jerry
Walkthrough – Optimum
Walkthrough – Bashed

Introduction to Exploit Development (Buffer Overflows)
Required Installations
Buffer Overflows Explained
Spiking
Fuzzing
Finding the Offset
Overwriting the EIP
Finding Bad Characters
Finding the Right Module
Generating Shellcode and Getting Root

Active Directory Overview
Active Directory Overview
Physical Active Directory Components
Logical Active Directory Components

Active Directory Lab Build
Lab Overview and Requirements
Downloading Necessary ISOs
Setting Up the Domain Controller
Setting Up the User Machines
Setting Up Users, Groups, and Policies
Joining Our Machines to the Domain

Attacking Active Directory Initial Attack Vectors
Introduction
SMB Relay Attack Demonstration Part 2
SMB Relay Attack Defenses
Gaining Shell Access
IPv6 Attacks Overview
Installing mitm6
Setting Up LDAPS
IPv6 DNS Takeover via mitm6
IPv6 Attack Defenses
Other Attack Vectors and Strategies
LLMNR Poisoning Overview
Capturing NTLMv2 Hashes with Responder
Password Cracking with Hashcat
LLMNR Poisoning Defenses
SMB Relay Attacks Overview
Quick Lab Update
Discovering Hosts with SMB Signing Disabled
SMB Relay Attack Demonstration Part 1

Attacking Active Directory Post-Compromise Enumeration
Introduction
PowerView Overview
Domain Enumeration with PowerView
Bloodhound Overview and Setup
Grabbing Data with Invoke-Bloodhound
Enumerating Domain Data with Bloodhound

Attacking Active Directory Post-Compromise Attacks
Introduction
Token Impersonation with Incognito
Token Impersonation Mitigation
Kerberoasting Overview
Kerberoasting Walkthrough
Kerberoasting Mitigation
GPP cPassword Attacks Overview
Abusing GPP Part 1
Abusing GPP Part 2
Mimikatz Overview
Credential Dumping with Mimikatz
Pass the Hash Password Overview
Golden Ticket Attacks
Conclusion and Additional Resources
Installing crackmapexec
Pass the Password Attacks
Dumping Hashes with secretsdump.py
Cracking NTLM Hashes with Hashcat
Pass the Hash Attacks
Pass Attack Mitigations
Token Impersonation Overview

Post Exploitation
Introduction
File Transfers Review
Maintaining Access Overview
Pivoting Lab Setup
Pivoting Walkthrough
Cleaning Up

Web Application Enumeration, Revisited
Introduction
Installing Go
Finding Subdomains with Assetfinder
Finding Subdomains with Amass
Finding Alive Domains with Httprobe
Screenshotting Websites with GoWitness
Automating the Enumeration Process

Testing the Top 10 Web Application Vulnerabilities
Introduction
Broken Authentication Overview and Defenses
Testing for Broken Authentication
Sensitive Data Exposure Overview and Defenses
Testing for Sensitive Data Exposure
XML External Entities (XXE) Overview
XXE Attack and Defense
Broken Access Control Overview
Broken Access Control Walkthrough
Security Misconfiguration Attacks and Defenses
Cross-Site Scripting (XSS) Overview
The OWASP Top 10 and OWASP Testing Checklist
Reflected XSS Walkthrough
Stored XSS Walkthrough
Preventing XSS
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging and Monitoring
Installing OWASP Juice Shop
Installing Foxy Proxy
Exploring Burp Suite
Introducing the Score Board
SQL Injection Attacks Overview
SQL Injection Walkthrough
SQL Injection Defenses

Wireless Penetration Testing
Wireless Penetration Testing Overview
WPA PSK Exploit Walkthrough

Legal Documents and Report Writing
Common Legal Documents
Pentest Report Writing
Reviewing a Real Pentest Report

Career Advice
Career Advice

BONUS Section
BONUS LECTURE Course Discord Channel and Other Author Resources