Learn Ethical Hacking From Scratch

Learn Ethical Hacking From Scratch
Learn Ethical Hacking From Scratch
English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 14.5 Hours | 9.19 GB

Become an ethical hacker that can hack computer systems like black hat hackers and secure them like security experts.

Welcome this comprehensive course on Ethical Hacking! This course assumes you have NO prior knowledge in hacking and by the end of it you’ll be able to hack systems like black-hat hackers and secure them like security experts!

This course is highly practical but it won’t neglect the theory, so we’ll start with ethical hacking basics and the different fields in penetration testing, installing the needed software (works on Windows, Linux and Mac OS X) and then we’ll dive and start hacking systems straight away. From here onwards you’ll learn everything by example, by analysing and exploiting computer systems such as networks, servers, clients, websites …..etc, so we’ll never have any boring dry theoretical lectures.

The course is divided into a number of sections, each section covers a penetration testing / hacking field, in each of these sections you’ll first learn how the target system works, the weaknesses of this system, and how to practically exploit theses weaknesses and hack into it, not only that but you’ll also learn how to secure this system from the discussed attacks. This course will take you from a beginner to a more advanced level by the time you finish, you will have knowledge about most penetration testing fields.

The course is divided into four main sections:

1. Network Hacking – This section will teach you how to test the security of networks, both wired and wireless. First, you will learn some basic network terminology, how networks work, and how devices communicate with each other. Then it will branch into three sub sections:

  • Pre-connection attacks: in this subsection you’ll learn what can you do before even connecting to a network, and even before having internet access; you’ll start by learning how to gather information about the networks around you, discover the devices connected to them, and how to control connections around you (ie: deny/allow devices from connecting to networks) even without knowing the password of the target network.
  • Gaining Access: Now that you gathered information about the networks around you, in this subsection you will learn how to crack the key and get the password to your target network weather it uses WEP, WPA or even WPA2.
  • Post Connection attacks: Now that you have the key, you can connect to the target network, in this subsection you will learn a number of powerful techniques that allow you to gather comprehensive information about the connected devices, see anything they do on the internet (such as login information, passwords, visited urls, images, videos ….etc), redirect requests, inject evil code in loaded pages and much more! All the attacks here work against both wireless and wired networks. You will also learn how to create a fake WiFi network, attract users to connect to it and use all of the above techniques against the connected clients.

2. Gaining Access – In this section you will learn two main approaches to gain full control or hack computer systems:

  • Server Side Attacks: In this subsection you will learn how to gain full access to computer systems without the need for user interaction. You will learn how to gather useful information about a target computer system such as its operating system, open ports, installed services, then you’ll learn how to use this information to discover weaknesses and vulnerabilities and exploit them to gain full control over the target. Finally you will learn how to generate different types of reports for your discoveries.
  • Client Side Attacks – If the target system does not contain any weaknesses then the only way to gain access to it is by interacting with the users, in this subsection you’ll learn how to get the target user to install a backdoor on their system without even realising, this is done by hijacking updates or backdoornig downloadeds on the fly. Not only that but you’ll also learn how to create trojans by backdooring normal files (such as an image or a pdf) and use social engineering to deliver this trojan to the target, to do this you’ll learn how to spoof emails so they appear as if they’re sent from the target’s friend, boss or any email account they’re likely to interact with.

3. Post Exploitation – In this section you will learn how to interact with the systems you compromised so far. You’ll learn how to access the file system (read/write/upload/execute), maintain your access, spy on the target and even use the target computer as a pivot to hack other computer systems.

4. Website / Web Application Hacking – In this section you will learn how websites work, how to gather information about a target website (such as website owner, server location, used technologies ….etc) and how to discover and exploit the following dangerous vulnerabilities to hack into websites:

  • File Upload.
  • Code Execution.
  • Local File Inclusion.
  • Remote File Inclusion.
  • SQL Injection.
  • Cross Site Scripting (XSS).

At the end of each section you will learn how to detect, prevent and secure your system and yourself from the discussed attacks.

All the techniques in this course are practical and work against real systems, you’ll understand the whole mechanism of each technique first, then you’ll learn how to use it to hack into the target system, so by the end of the course you’ll be able to modify the these techniques to launch more powerful attacks, and adopt them to different situations and different scenarios.

What you’ll learn

  • 130+ ethical hacking & security videos
  • Start from scratch up to a high-intermediate level
  • Learn what is ethical hacking, its fields and the different types of hackers
  • Install hacking lab & needed software (works on Windows, OS X and Linux)
  • Hack & secure both WiFi & wired networks
  • Discover vulnerabilities & exploit them hack into servers
  • Hack secure systems using client-side and social engineering attacks
  • Use 30+ hacking tools such as Metasploit, Aircrack-ng, SQLmap…..etc
  • Understand how websites work, how to discover and exploit web application vulnerabilities to gain full control over websites
  • Secure systems from all the attacks shown
  • Install Kali Linux – a penetration testing operating system
  • Install windows & vulnerable operating systems as virtual machines for testing
  • Learn linux basics
  • Learn linux commands and how to interact with the terminal
  • Learn Network Penetration Testing
  • Network basics & how devices interact inside a network
  • A number of practical attacks that can be used without knowing the key to the target network
  • Control connections of clients around you without knowing the password.
  • Create a fake Wi-Fi network with internet connection & spy on clients
  • Gather detailed information about clients and networks like their OS, opened ports …etc.
  • Crack WEP/WPA/WPA2 encryptions using a number of methods.
  • ARP Spoofing/ARP Poisoning
  • Launch Various Man In The Middle attacks.
  • Gain access to any account accessed by any client in your network.
  • Sniff packets from clients and analyse them to extract important info such as: passwords, cookies, urls, videos, images ..etc.
  • Discover open ports, installed services and vulnerabilities on computer systems
  • Gain control over computer systems using server side attacks
  • Exploit buffer over flows and code execution vulnerabilities to gain control over systems
  • Gain control over computer systems using client side attacks
  • Gain control over computer systems using fake updates
  • Gain control over computer systems by backdooring downloads on the fly
  • Create undetectable backdoors
  • Backdoor normal programs
  • Backdoor any file type such as pictures, pdf’s …etc.
  • Gather information about people, such as emails, social media accounts, emails and friends
  • Use social engineering to gain full control over target systems
  • Send emails from ANY email account without knowing the password for that account
  • Read, write download, upload and execute files on compromised systems
  • Capture keystrokes on a compromised system
  • Use a compromised computer as a pivot to gain access to other computers on the same network
  • Understand how websites & web applications work
  • Understand how browsers communicate with websites
  • Gather sensitive information about websites
  • Discover servers, technologies and services used on target website
  • Discover emails and sensitive data associated with a specific website
  • Find all subdomains associated with a website
  • Discover unpublished directories and files associated with a target website
  • Find all websites hosted on the same server as the target website
  • Exploit file upload vulnerabilities & gain full control over the target website
  • Discover, exploit and fix code execution vulnerabilities
  • Discover, exploit & fix local file inclusion vulnerabilities
  • Discover, fix, and exploit SQL injection vulnerabilities
  • Bypass login forms and login as admin using SQL injections
  • Writing SQL queries to find databases, tables and sensitive data such as usernames and passwords using SQL injections
  • Read / Write files to the server using SQL injections
  • Learn the right way to write SQL queries to prevent SQL injections
  • Discover reflected XSS vulnerabilities
  • Discover Stored XSS vulnerabilities
  • Hook victims to BeEF using XSS vulnerabilities
  • Fix XSS vulnerabilities & protect yourself from them as a user
Table of Contents

Introduction
1 Course Introduction & Overview
2 Teaser – Hacking a Windows 10 Computer & Accessing Their Webcam
3 What Is Hacking & Why Learn It

Setting up The Lab
4 Lab Overview & Needed Software
5 Installing Kali 2019 As a Virtual Machine
6 Creating & Using Snapshots

Linux Basics
7 Basic Overview of Kali Linux
8 The Terminal & Linux Commands

Network Hacking
9 Network Penetration Testing Introduction
10 Networks Basics
11 Connecting a Wireless Adapter To Kali
12 What is MAC Address & How To Change It
13 Wireless Modes (Managed & Monitor)

Network Hacking – Pre Connection Attacks
14 Packet Sniffing Basics Using Airodump-ng
15 WiFi Bands – 2.4Ghz & 5Ghz Frequencies
16 Targeted Packet Sniffing Using Airodump-ng
17 Deauthentication Attack (Disconnecting Any Device From The Network)

Network Hacking – Gaining Access (WEPWPAWPA2 Cracking)
18 Gaining Access Introduction
19 WPAWPA2 Cracking – Using a Wordlist Attack
20 Securing Your Network From The Above Attacks
21 How to Configure Wireless Security Settings To Secure Your Network
22 WEP Cracking – Theory Behind Cracking WEP Encryption
23 WEP Cracking – Basic Case
24 WEP Cracking – Fake Authentication
25 WEP Cracking – ARP Request Replay Attack
26 WPAWPA2 Cracking – Introduction
27 WPAWPA2 Cracking – Exploiting WPS Feature
28 WPAWPA2 Cracking – How To Capture The Handshake
29 WPAWPA2 Cracking – Creating a Wordlist

Network Hacking – Post Connection Attacks
30 Introduction
31 MITM – Spying on Network Devices (Capturing Passwords, Visited Websites…etc)
32 MITM – Creating Custom Spoofing Script
33 MITM – Understanding HTTPS & How to Bypass it
34 MITM – Bypassing HTTPS
35 MITM – Bypassing HSTS
36 MITM – DNS Spoofing
37 MITM – Injecting Javascript Code
38 Wireshark – Basic Overview & How To Use It With MITM Attacks
39 Wireshark – Sniffing & Analysing Data
40 Wireshark – Using Filters, Tracing & Dissecting Packets
41 Installing Windows As a Virtual Machine
42 Wireshark – Capturing Passwords & Anything Sent By Any Device In The Network
43 Creating a Fake Access Point (Honeypot) – Theory
44 Creating a Fake Access Point (Honeypot) – Practical
45 Information Gathering – Discovering Connected Clients using netdiscover
46 Gathering More Information Using Zenmap
47 Gathering Even More Information Using Zenmap
48 MITM – ARP Poisoning Theory
49 MITM – ARP Spoofing using arpspoof
50 MITM – Bettercap Basics
51 MITM – ARP Spoofing Using Bettercap

Network Hacking – Detection & Security
52 Detecting ARP Poisoning Attacks
53 Detecting suspicious Activities In The Network
54 Preventing MITM Attacks – Method 1
55 Preventing MITM Attacks – Method 2

Gaining Access To Computer Devices
56 Gaining Access Introduction

Gaining Access – Server Side Attacks
57 Installing Metasploitable As a Virtual Machine
58 Introduction
59 Basic Information Gathering & Exploitation
60 Using a Basic Metasploit Exploit
61 Exploiting a Code Execution Vulnerability
62 Nexpose – Installing Nexpose
63 Nexpose – How To Configure & Launch a Scan
64 Nexpose – Analysing Scan Results & Generating Reports

Gaining Access – Client Side Attacks
65 Introduction
66 Installing Veil 3.1
67 Veil Overview & Payloads Basics
68 Generating An Undetectable Backdoor Using Veil 3
69 Listening For Incoming Connections
70 Using A Basic Delivery Method To Test The Backdoor & Hack Windows 10
71 Backdoor Delivery Method 1 – Using a Fake Update
72 Backdoor Delivery Method 2 – Backdooring Downloads on The Fly
73 How to Protect Yourself From The Discussed Delivery Methods

Gaining Access – Client Side Attacks – Social Engineering
74 Introduction
75 Spoofing Emails – Setting Up am SMTP Server
76 Email Spoofing – Sending Emails as Any Email Account
77 BeEF Overview & Basic Hook Method
78 BeEF – Hooking Targets Using Bettercap
79 BeEF – Running Basic Commands On Target
80 BeEF – Stealing CredentialsPasswords Using A Fake Login Prompt
81 BeEF – Gaining Full Control Over Windows Target
82 Detecting Trojans Manually
83 Detecting Trojans Using a Sandbox
84 Maltego Basics
85 Discovering Websites, Links & Social Networking Accounts Associated With Target
86 Discovering Twitter Friends & Associated Accounts
87 Discovering Emails Of The Target’s Friends
88 Analysing The Gathered Info & Building An Attack Strategy
89 Backdooring Any File Type (images, pdf’s …etc)
90 Compiling & Changing Trojan’s Icon
91 Spoofing .exe Extension To Any Extension (jpg, pdf …etc)

Gaining Access – Using The Above Attacks Outside The Local Network
92 Overview of the Setup
93 Ex1 – Generating a Backdoor That Works Outside The Network
94 Configuring The Router To Forward Connections To Kali
95 Ex2 – Using BeEF Outside The Network

Post Exploitation
96 Introduction
97 Meterpreter Basics
98 File System Commands
99 Maintaining Access – Basic Methods
100 Maintaining Access – Using a Reliable & Undetectable Method
101 Spying – Capturing Key Strikes & Taking Screen Shots
102 Pivoting – Theory (What is Pivoting)
103 Pivoting – Exploiting Devices on The Same Network As The Target Computer

Website Hacking
104 Introduction – What Is A Website
105 How To Hack a Website

Website Hacking – Information Gathering
106 Gathering Basic Information Using Whois Lookup
107 Discovering Technologies Used On The Website
108 Gathering Comprehensive DNS Information
109 Discovering Websites On The Same Server
110 Discovering Subdomains
111 Discovering Sensitive Files
112 Analysing Discovered Files

Website Hacking – File Upload, Code Execution & File Inclusion Vulns
113 Discovering & Exploiting File Upload Vulnerabilities
114 Discovering & Exploiting Code Execution Vulnerabilities
115 Discovering & Exploiting Local File Inclusion Vulnerabilities
116 Remote File Inclusion Vulnerabilities – Configuring PHP Settings
117 Remote File Inclusion Vulnerabilities – Discovery & Exploitation
118 Preventing The Above Vulnerabilities

Website Hacking – SQL Injection Vulnerabilities
119 What is SQL
120 Discovering SQL Injections & Extracting Data Using SQLmap
121 The Right Way To Prevent SQL Injection
122 Dangers of SQL Injection Vulnerabilities
123 Discovering SQL injections In POST
124 Bypassing Logins Using SQL injection Vulnerability
125 Discovering SQL injections in GET
126 Reading Database Information
127 Finding Database Tables
128 Extracting Sensitive Data Such As Passwords
129 Reading & Writing Files On The Server Using SQL Injection Vulnerability

Website Hacking – Cross Site Scripting Vulnerabilities
130 Introduction – What is XSS or Cross Site Scripting
131 Discovering Reflected XSS
132 Discovering Stored XSS
133 Exploiting XSS – Hooking Vulnerable Page Visitors To BeEF
134 Preventing XSS Vulnerabilities

Website Hacking – Discovering Vulnerabilities Automatically Using OWASP ZAP
135 Scanning Target Website For Vulnerabilities
136 Analysing Scan Results

Bonus Section
137 Bonus Lecture – What’s Next