Cybersecurity, Ethical Hacking & Penetration testing in one course

What you’ll learn

1. Foundation of Ethical Hacking and Penetration Testing: – Learn Ethical Hacking from scratch. – Understand the five phases of Penetration Testing. – Set up your Hacking Lab using Kali Linux and Virtual Machines (compatible with Windows/Mac/Linux). – Create additional virtual machines with vulnerabilities for practical attacks.

2. Advanced Techniques and Tools: – Master bypassing Firewalls & Intrusion Detection Systems with Advanced Scanning. – Discover various types of Web Application Bugs and understand their threats, including SQL Injection, XSS, Command Injection, etc. – Learn Advanced usage of the Metasploit Framework. – Progress from basics to advanced Linux and Linux Terminal usage. – Gain proficiency in Information Gathering, Footprinting, and Vulnerability Analysis. – Perform advanced network scanning and Website Application Penetration Testing.

3. Integration and Application: – Enhance Nmap skills and utilize them for advanced purposes. – Develop your own Advanced Backdoor for Penetration Tests. – Create Persistence on target machines for prolonged access. – Explore and execute the latest exploits and attacks for Windows 7 and 10. – Gain knowledge of Networking and various Networking Protocols. – Blend programming knowledge with Ethical Hacking expertise to adapt techniques to diverse scenarios.

Course content

This course has been developed and designed by Masaud Ahmad Outlines:

Introduction to Cybersecurity

Introduction to Offensive Security

Practical Offensive Security

Introduction to Defensive Security

Practical Defensive Security

Introduction to Kali Linux

Installation and configuration of Kali Linux

Learn Kali Linux from basic to Advanced

Learn All Linux Commands for Hackers

What is Penetration Testing

White Box Testing

Black Box Testing

Grey Box Testing

Burpsuite For Web application pen-testing

Installation of burp suite community version

Installation of burp suite professional version

Exploring burp suite in windows and Kali Linux

Burp Dashboard

Burp Target tab

Burp Proxy Tab

Burp Intruder Tab

Burp Repeater Tab

Burp Collaborator Tab

Burp Decoder Tab

Burp Installing Different Extensions

Burp Configuration and Settings

Directory traversal attack

What is a Directory traversal attack

File path traversal, simple case

File path traversal, traversal sequences blocked with absolute path bypass

File path traversal, traversal sequences stripped non-recursively

Automate the art of finding File path traversal vulnerabilities

Information Disclosure Vulnerabilities

What are Information disclosure vulnerabilities?

Information disclosure in error messages

Information disclosure on the debug page

Source code disclosure via backup files

OS Command Injection

OS Command Injection Explained

OS command injection, simple case

Blind OS command injection with time delays

Blind OS command injection with output redirection

Server-side request forgery (SSRF)

What is Server-side request forgery (SSRF)

Basic SSRF against the local server

Basic SSRF against another back-end system

SSRF with blacklist-based input filter

File upload vulnerabilities

File upload vulnerabilities Proper explanation

Remote code execution via web shell upload

Web shell upload via Content-Type restriction bypass

Web shell upload via path traversal

Web shell upload via obfuscated file extension

Remote code execution via polyglot web shell upload

Access control vulnerabilities

Access control vulnerabilities Explanation

Unprotected admin functionality

Unprotected admin functionality with unpredictable URL

User role controlled by request parameter

User role can be modified in a user profile

User ID controlled by request parameter with password disclosure

User ID controlled by request parameter, with unpredictable user IDs

Insecure direct object references

Business Logic Vulnerabilities

Business Logic Vulnerabilities Explained with details

Excessive trust in client-side controls

High-level logic vulnerability

Inconsistent security controls

Flawed enforcement of business rules

Weak isolation on dual-use endpoint

Insufficient workflow validation

Authentication bypass via a flawed state machine

Cross-Site Scripting Vulnerabilities

Cross-Site Scripting (XSS)? with proper explanation

Reflected XSS into HTML context with nothing encoded

Stored XSS into HTML context with nothing encoded

DOM XSS in document.write sink using source location.search

DOM XSS in innerHTML sink using source location.search

SQL (Structured Query Language)

SQL (Structured Query Language) Explained

Database and Table Creation

Data Insertion

Data Filtering

Updating Data

Deleting Data

SQL Injection

SQL injection vulnerability allowing login bypass

SQL injection UNION attack, determining the number of columns returned by the query

SQL injection UNION attack, finding a column containing text

SQL injection UNION attack, retrieving data from other tables

SQL injection UNION attack, retrieving multiple values in a single column

SQL injection attack, listing the database contents on non-Oracle databases

Blind SQL injection with time delays

Recon and Automation

Grabbing subdomains from the target

XXE Attacks OR XML attacks

Exploiting XXE using external entities to retrieve files

Exploiting XXE to perform SSRF attacks

Blind XXE with out-of-band interaction

Reconnaissance

Grabbing subdomains from the target

Organizing the Data

Checking Which Subdomains Are Live

Exploring Web Addresses and Endpoints

Picking Out Important Info

Putting Everything Together and Cleaning Up

Checking Which Addresses Are Still Working

Finding Testable Stuff

Using a Cool Tool called Nuclei

Getting Hands-On with Burp Suite

Tools:-

Subfinder

Assetfinder

Findomain

Install waymore

Install katana

Waymore

Much more

XXE Attacks OR XML attacks

Exploiting XXE using external entities to retrieve files

Exploiting XXE to perform SSRF attacks

Blind XXE with out-of-band interaction

Reconnaissance 

Explanation of Reconnaissance Passive Recon

DNSDumpster

Shodan.io

whois, nslookup, dig, dnsdumpster, dnsdumpster

Lookup WHOIS record, Lookup DNS A records

Lookup DNS TXT records, Lookup DNS A records

Lookup WHOIS record, Lookup DNS MX records at DNS server

Lookup DNS TXT records

Active Recon

Passive Reconnaissance

Active Reconnaissance

Nmap Live Host Discovery

Nmap Basic Port Scans

Nmap Advanced Port Scans

Nmap Post Port Scans

Protocols and Servers

Protocols and Servers 2

Net Sec Challenge

Vulnerabilities 101

What vulnerabilities are

Why they’re worthy of learning about

How are vulnerabilities rated

Databases for vulnerability research

Authentication Vulnerabilities

What is Authentication Vulnerabilities

Username enumeration via Different responses

2FA simple Bypass

Password Reset Broken Logic

Username Enumeration Via Subtly Different Responses

What is Privilege Escalation

Linux Privilege Escalation

Introduction What is Privilege Escalation?

Enumeration Automated Enumeration Tools Privilege Escalation

Kernel Exploits Privilege Escalation

Sudo Privilege Escalation: SUID Privilege Escalation

Cron Jobs Privilege Escalation

Bash Scripting

Introduction to Bash

Displaying Hello World

Variables

User Input

Conditional Statements

Looping Constructs

Functions

Advanced Concept

Hands-On CTFS

Getting Started Let’s get started with a few easy rooms that will give you practice in the following areas:

Active Reconnaissance

Vulnerability Scanning

Privilege Escalation

Web Application Attacks

Mr. Robot CTF Based on the Mr. Robot show, can you root this box? Vulnversity Learn about active recon, web app attacks and privilege escalation.

Advance CTFS

Advanced Exploitation Now you’ve warmed up, it’s time for you to dive a little deeper. Complete the following rooms and get practice in:

Vulnerability Scanning

Handling Public Exploits

Password Cracking

Metasploit Framework

Port Redirection

Alfred Exploit Jenkins to gain an initial shell, then escalate your privileges by exploiting Windows authentication tokens. Skynet A vulnerable Terminator-themed Linux machine. Daily Bugle Compromise a Joomla CMS account via SQLi, practice cracking hashes, and escalate your privileges by taking advantage of yum. Retro Penetration Testing Challenge Internal Penetration Testing Challenge