O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Learn Ethical Hacking From Scratch

Video Description

Become an ethical hacker that can hack and secure computer systems

About This Video

  • You will learn how networks work, basic network terminology, and how devices communicate with each other.
  • You will learn how to gain full control over any computer system and how to gain full access to them without the need for user interaction.

In Detail

Welcome to this comprehensive course on ethical hacking! This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing on your own machine. All the attacks explained in this course are launched against real devices in Zaid's lab. The course is structured in a way that will take you through the basics of Linux, computer systems, networks, and how devices communicate with each other. We will start by talking about how we can exploit these systems to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level and by the time you finish, you will have knowledge about most penetration testing fields. You will also learn how to discover and exploit a number of dangerous vulnerabilities such as SQL injections, XSS vulnerabilities, and so on. At the end of each section you will learn how to detect, prevent and secure your system and yourself from these attacks. All the attacks in this course are practical attacks that work against any computer device, so it does not matter if the device is a phone, tablet, laptop, or whatever. Each attack is explained in a simple way: first you will learn the theory behind each attack and then you will learn how to carry out the attack using Kali Linux.

Table of Contents

  1. Chapter 1 : Introduction
    1. Course Introduction & Overview 00:03:16
    2. Teaser - Hacking a Windows 10 Computer & Accessing Their Webcam 00:06:33
    3. What Is Hacking & Why Learn It? 00:03:10
  2. Chapter 2 : Setting up The Lab
    1. Lab Overview & Needed Software 00:03:26
    2. Installing Kali 2018 as a Virtual Machine 00:08:31
    3. Installing Metasploitable as a Virtual Machine 00:04:14
    4. Installing Windows as a Virtual Machine 00:03:22
    5. Creating & Using Snapshots 00:06:08
  3. Chapter 3 : Linux Basics
    1. Basic Overview of Kali Linux 00:07:06
    2. The Terminal & Linux Commands 00:09:07
    3. Updating Sources & Installing Programs 00:04:43
  4. Chapter 4 : Network Penetration Testing
    1. Network Penetration Testing Introduction 00:02:43
    2. Networks Basics 00:03:09
    3. Connecting a Wireless Adapter to Kali 00:07:18
    4. What is MAC Address & How to Change It? 00:04:31
    5. Wireless Modes (Managed & Monitor) 00:05:03
    6. Enabling Monitor Mode Manually (2nd method) 00:02:37
    7. Enabling Monitor Mode Using airmon-ng (3rd method) 00:03:17
  5. Chapter 5 : Network Penetration Testing - Pre Connection Attacks
    1. Packet Sniffing Basics Using Airodump-ng 00:05:17
    2. Targeted Packet Sniffing Using Airodump-ng 00:07:02
    3. Deauthentication Attack (Disconnecting Any Device from the Network) 00:04:52
    4. Creating a Fake Access Point (Honeypot) – Theory 00:03:31
    5. Creating a Fake Access Point (Honeypot) – Practical 00:09:50
  6. Chapter 6 : Network Penetration Testing - Gaining Access (WEP/WPA/WPA2 Cracking)
    1. Gaining Access Introduction 00:01:16
    2. WEP Cracking - Theory behind Cracking WEP Encryption 00:03:04
    3. WEP Cracking - Basic Case 00:05:34
    4. WEP Cracking - Fake Authentication 00:05:59
    5. WEP Cracking - ARP Request Replay Attack 00:04:15
    6. WPA Cracking – Introduction 00:01:57
    7. WPA Cracking - Exploiting WPS Feature 00:06:43
    8. WPA Cracking - Theory behind WPA/WPA2 Cracking 00:02:16
    9. WPA Cracking - How to Capture the Handshake 00:04:29
    10. WPA Cracking - Creating a Wordlist 00:05:32
    11. WPA Cracking - Using a Wordlist Attack 00:02:49
    12. How to Configure Wireless Security Settings to Secure Your Network 00:06:25
  7. Chapter 7 : Network Penetration Testing - Post Connection Attacks
    1. Introduction 00:02:44
    2. Information Gathering - Discovering Connected Clients using netdiscover 00:03:20
    3. Gathering More Information Using Autoscan 00:08:42
    4. 7_4_T 00:10:04
    5. MITM - ARP Poisoning Theory 00:05:33
    6. MITM - ARP Spoofing using arpspoof 00:05:51
    7. MITM - ARP Spoofing Using MITMf 00:05:22
    8. MITM - Bypassing HTTPS 00:04:41
    9. MITM - Session Hijacking 00:06:34
    10. MITM - DNS Spoofing 00:05:10
    11. MITM - Capturing Screen of Target & Injecting a Keylogger 00:05:07
    12. MITM - Injecting JavaScript/HTML Code 00:06:43
    13. MITM - Using MITMf against Real Networks 00:09:09
    14. Wireshark - Basic Overview & How to Use It with MITM Attacks 00:09:09
    15. Wireshark - Sniffing Data & Analysing HTTP Traffic 00:08:01
    16. Wireshark - Capturing Passwords & Cookies Entered By Any Device in the Network 00:05:37
  8. Chapter 8 : Network Penetration Testing - Detection & Security
    1. Detecting ARP Poisoning Attacks 00:05:11
    2. Detecting suspicious Activities Using Wireshark 00:05:51
  9. Chapter 9 : Gaining Access to Computer Devices
    1. Gaining Access Introduction 00:04:14
  10. Chapter 10 : Gaining Access - Server Side Attacks
    1. Introduction 00:04:05
    2. Basic Information Gathering & Exploitation 00:10:06
    3. Using a Basic Metasploit Exploit 00:07:32
    4. Exploiting a Code Execution Vulnerability 00:10:03
    5. MSFC - Installing MSFC (Metasploit Community) 00:05:47
    6. MSFC - Scanning Target(s) For Vulnerabilities 00:03:21
    7. MSFC - Analysing Scan results & Exploiting Target System 00:09:42
    8. Nexpose - Installing Nexpose 00:09:59
    9. Nexpose - How to Configure & Launch a Scan 00:09:16
    10. Nexpose - Analysing Scan Results & Generating Reports 00:07:57
  11. Chapter 11 : Gaining Access - Client Side Attacks
    1. Introduction 00:02:20
    2. Installing Veil 3 00:07:50
    3. Veil Overview & Payloads Basics 00:07:20
    4. Generating an Undetectable Backdoor Using Veil 3 00:09:44
    5. Listening For Incoming Connections 00:07:19
    6. Using a Basic Delivery Method to Test the Backdoor & Hack Windows 10 00:07:12
    7. Backdoor Delivery Method 1 - Using a Fake Update 00:09:51
    8. Backdoor Delivery Method 2 - Backdooring Downloads on the Fly 00:08:24
    9. How to Protect Yourself from the Discussed Delivery Methods 00:03:52
  12. Chapter 12 : Gaining Access - Client Side Attacks - Social Engineering
    1. Introduction 00:02:44
    2. Maltego Basics 00:08:46
    3. Discovering Websites, Links & Social Networking Accounts Associated With Target 00:07:33
    4. Discovering Twitter Friends & Associated Accounts 00:04:57
    5. Discovering Emails of the Target's Friends 00:03:48
    6. Analysing the Gathered Info & Building an Attack Strategy 00:08:41
    7. Backdooring Any File Type (images, pdf's ...etc) 00:04:41
    8. Compiling & Changing Trojan's Icon 00:06:17
    9. Spoofing .exe Extension to Any Extension (jpg, pdf ...etc) 00:08:29
    10. Spoofing Emails - Send Emails as Any Email Account You Want 00:07:33
    11. BeEF Overview & Basic Hook Method 00:06:39
    12. BeEF - hooking targets using MITMf 00:03:11
    13. BeEF - Running Basic Commands On Target 00:04:24
    14. BeEF - Stealing Credentials/Passwords Using a Fake Login Prompt 00:02:17
    15. BeEF - Gaining Full Control over Windows Target 00:03:40
    16. Detecting Trojans Manually 00:05:32
    17. Detecting Trojans Using a Sandbox 00:03:16
  13. Chapter 13 : Gaining Access - Using the Above Attacks outside the Local Network
    1. Overview of the Setup 00:06:07
    2. Ex1 - Generating a Backdoor That Works Outside the Network 00:05:24
    3. Configuring the Router to Forward Connections to Kali 00:06:59
    4. Ex2 - Using BeEF outside the Network 00:05:50
  14. Chapter 14 : Post Exploitation
    1. Introduction 00:02:02
    2. Meterpreter Basics 00:06:22
    3. File System Commands 00:05:10
    4. Maintaining Access - Basic Methods 00:05:07
    5. Maintaining Access - Using a Reliable & Undetectable Method 00:06:53
    6. Spying - Capturing Key Strikes & Taking Screen Shots 00:02:40
    7. Pivoting - Theory (What is Pivoting?) 00:07:07
    8. Pivoting - Exploiting Devices on the Same Network as the Target Computer 00:08:11
  15. Chapter 15 : Website Penetration Testing
    1. Introduction - What Is A Website? 00:04:16
    2. How to Hack a Website? 00:03:52
  16. Chapter 16 : Website Pentesting - Information Gathering
    1. Gathering Basic Information Using Who is Lookup 00:05:36
    2. Discovering Technologies Used On the Website 00:06:04
    3. Gathering Comprehensive DNS Information 00:05:58
    4. Discovering Websites on the Same Server 00:03:43
    5. Discovering Subdomains 00:05:06
    6. Discovering Sensitive Files 00:07:26
    7. Analysing Discovered Files 00:04:18
  17. Chapter 17 : Website Pentesting - File Upload, Code Execution & File Inclusion Vulnerabilities
    1. Discovering & Exploiting File Upload Vulnerabilities 00:06:44
    2. Discovering & Exploiting Code Execution Vulnerabilities 00:07:26
    3. Discovering & Exploiting Local File Inclusion Vulnerabilities 00:05:16
    4. Remote File Inclusion Vulnerabilities - Configuring PHP Settings 00:03:46
    5. Remote File Inclusion Vulnerabilities - Discovery & Exploitation 00:05:44
    6. Preventing the Above Vulnerabilities 00:07:20
  18. Chapter 18 : Website Pentesting - SQL Injection Vulnerabilities
    1. What is SQL? 00:05:48
    2. Dangers of SQL Injection Vulnerabilities 00:02:54
    3. Discovering SQL injections In POST 00:07:56
    4. Bypassing Logins Using SQL injection Vulnerability 00:04:49
    5. Discovering SQL injections in GET 00:07:02
    6. Reading Database Information 00:05:26
    7. Finding Database Tables 00:03:34
    8. Extracting Sensitive Data Such As Passwords 00:04:29
    9. Reading & Writing Files on the Server Using SQL Injection Vulnerability 00:05:58
    10. Discovering SQL Injections & Extracting Data Using SQLmap 00:06:48
    11. The Right Way to Prevent SQL Injection 00:04:58
  19. Chapter 19 : Website Pentesting - Cross Site Scripting Vulnerabilities
    1. Introduction - What is XSS or Cross Site Scripting? 00:03:09
    2. Discovering Reflected XSS 00:03:47
    3. Discovering Stored XSS 00:02:57
    4. Exploiting XSS - Hooking Vulnerable Page Visitors to BeEF 00:05:31
    5. Preventing XSS Vulnerabilities 00:05:13
  20. Chapter 20 : Website Pentesting - Discovering Vulnerabilities Automatically Using OWASP ZAP
    1. Scanning Target Website for Vulnerabilities 00:04:19
    2. Analysing Scan Results 00:04:11