Ethical Hacking - Hands-On Training - Part I
- Description
- Curriculum
- FAQ
- Reviews
Course Overview
This course provides learners with a basic level of competency using a hands-on approach to gaining practical experience as a penetration tester or an ethical hacker (white, grey or black).
This course provides a fundamental look at offensive security concepts and techniques using a virtual install of Kali Linux and three different target victims, Windows XP, Server 2008 and Linux (Metesploitable2). This course provides a 100% hands-on approach to learning to be an ethical hacker or a pentester.
How is the course structured?
The course uses short video tutorials, hands-on labs, virtualization, and open source tools for step-by-step learning of ethical hacking fundamentals; the same tools and open-source software are used by professional penetration testers and ethical hackers.
This course provides videos, labs, and links for downloading the free and open-source software used throughout this course.
You will able to build a virtual install of Kali Linux and Windows XP for the virtual lab environment. You should complete the first lab of this course before enrolling. Starting with lab 2, we will begin scanning and attacking a Windows XP victim. If the first lab cannot be completed, there is no need to enroll in the course since all labs that follow are dependent on the first lab being completed.
You will learn how intruders escalate privileges and what steps can be taken to stop them, the importance of a strong firewall, the importance of keeping systems and software updated and the use of complex passwords.
You will also learn how to launch DDoS Attacks, Buffer Overflows, keylogging, and password hacking. Completion of the course will help prepare an individual for an entry-level position as a pen-tester or ethical hacker. On completing this course, you will receive a course completion.
If you would like to discuss ethical hacking, watch someone else talk about technology or write a paper, there are plenty of other courses to choose from. To successfully complete this course students must demonstrate the fundamental concepts of offensive hacking. In other words, learners will learn something by doing.
Course Objectives
-
Demonstrate the use of offensive security tools and techniques.
-
Proficiency in the use of the CLI (Command Line Interface) of Linux.
-
Use Linux as a hacking platform.
Who should take this course?
Network administrators, cybersecurity students, entry-level penetration testers, anyone who wants to be an ethical hacker, concerned parents, concerned spouses, law enforcement and anyone with a solid background in technology.
Who should not take this course?
Anyone suffering from technophobia (the fear of learning new technology). Anyone not having a good understanding of the OSI model, or the TCP/IP suite.
What are the course requirements, Knowledge level?
-
A good understanding of basic networking concepts, the TCPI/IP stack, how devices communicate, and basic troubleshooting of network connectivity issues.
-
How to use a computer, a mouse and a keyboard.
-
How to configure a static IP address on a Network adapter.
-
How to check for connectivity using PING, IPCONFIG, and IFCONFIG.
-
This course will not cover or review the OSI model, discuss IP addressing or any basic networking concepts. Students are expected to have these skills when they enroll.
Hardware
-
PC, laptop or desktop capable of virtualization. (Virtualization enabled BIOS).
-
A minimum of 4 GB of RAM, (8 GB or more of RAM recommended).
-
Administrative access to the host operating system. (You own the machine).
-
LAN or cable connection for Internet access. (Cannot use a wireless connection).
-
High-speed internet access using a reliable Internet connection. (5mb or higher throughput).
Software
-
Any 64-bit Windows operating system. (preferred)
-
A current 64-bit version of Mac or a Linux operating system.
-
Installation of VMWare Player (free edition) for Windows and Linux users. (Links provided in the lab).
-
Installation of Virtualbox for MAC. (Links provided in the lab).
-
Installation of 7zip (Links provided in the lab).
-
Copy of Kali ISO or Kali VMWare or Virtualbox image. (Links provided in the lab).
-
Copy of Windows XP SP2 (Links provided in the lab).
-
Copy of Server 2008 SPI 32 bit (Links provided in the lab).
-
Copy of Metesploitable2 (Links provided in the lab).
-
2Video and lab - Creating a Virtual install of Kali using VirtualBoxVideo lesson
In this first lab, students will create a virtual install of Kali Linux using VirtualBox depending on their host platform and personal preferences.
-
3Video - Installing the VirtualBox Extension PackVideo lesson
In this short video, you will learn how to install the Virtualbox extension pack. The VirtualBox extension pack extends the versatility of using a virtual machine by allowing support for USB 3.0 and other important features.
-
4Video and Lab - Creating a Virtual Install of CSI LinuxVideo lesson
In this lab, you will learn how to install the CSI Investigator Suite. CSI Linux was developed by Computer Forensics, Incident Response, and Competitive Intelligence professionals to meet the current needs of their clients, government agencies, and the industry. CSI Linux Investigator is a Virtual Machine Appliance that contains 3 different virtual machines.
-
5Video and lab - Creating an Unattended Virtual Install of XP Using VirtualboxVideo lesson
Windows XP is our victim or target for the labs. Though some of these labs will work using newer operating systems as targets, Windows XP is still relevant in roughly 75% of all networks making it a viable target.
-
6Video - Taking a Snapshot of Your Current ConfigurationVideo lesson
In this short video, you will learn how to take a snapshot of your current Kali configuration. Prior to making any changes to your basic install of Kali, you should take a snapshot of the current configuration so you can roll back to the point in time when everything was working correctly.
-
7Video - Troubleshooting Connectivity Issues With Virtual MachinesVideo lesson
A short video on troubleshooting connectivity issues between Kali and your target machines. Use this video to ensure your Kali and other virtual machines have connectivity between them.
-
9Video and Lab - Anonymize Kali Using WhonixVideo lesson
In this short video and lab, you will learn how to use the Whonix Gateway for secure browsing while on the Internet with Kali Linux.
-
10Video and Lab - Lab – Ensuring Anonymity Using the CSI Linux GatewayVideo lesson
In this lab, you will learn how to improve your online privacy by using the CIS Linux Gateway to better hide your location and prevent DNS leaks.
-
11Video - Assigning a Random MAC Address in KaliVideo lesson
In this short video, you will learn how to assign a random MAC address in Kali Linux using one of two ways.
-
12Video and Lab - Information Gathering Using MaltegoVideo lesson
In this lab, you will learn to gather passive information from the Internet using Maltego. This lab uses the community edition built into our Kali Linux that is limited to private or non-commercial use and the number of results that can be displayed in a graph. It is capable of gathering a significant amount of passive information about a prospective entity in a single sweep of the Internet.
-
13Video and Lab - Conducting OSINT Using CSI Linux InvestigatorVideo lesson
In this short video, you will learn how to use some of the OSINT tools provided with CSI Linux Investigator.
-
14Video - Using Metagofil inside CSI Linux AnalystVideo lesson
In this lab, students will learn to use Metagoofil to extract data from publicly available documents and images. Metagoofil is an information-gathering tool designed for extracting metadata of public documents (pdf, doc, xls, ppt ,docx, pptx, xlsx) belonging to a target company.
-
15Video and Lab - Preparing CSI Analyst to Use ShodanVideo lesson
In this short video and lab presentation, you will learn how to prepare and use the CSI Linux Analyst and CSI Gateway for secure anonymous access while using the Shodan search engine.
-
16Video and Lab - Using Shodan to Find Vulnerable DevicesVideo lesson
In this short video and lab, you will learn how to locate vulnerable devices connected to the Internet using Shodan.
-
17Video and lab - Using Shodan to Search for Vulnerable DatabasesVideo lesson
In this short video and lab, you will be introduced to some of the more advanced search filters that can be used with Shodan.
-
18Video and Lab - Introduction to NMapVideo lesson
In this first lab, students will use Nmap to investigate their network and identify potential targets. In this lab, students will be introduced to network discovery using Nmap, and becoming familiar the using CLI in Linux.
-
19Video and lab - NMap Scripting Engine (NSE)Video lesson
The Nmap scripting engine is one of Nmap's most powerful and, at the same time, most flexible features. It allows users to write their own scripts and share these scripts with other users for the purposes of networking, reconnaissance, etc. These scripts can be used for:
- Network discovery
- More sophisticated and accurate OS version detection
- Vulnerability detection
- Backdoor detection
- Vulnerability exploitation
In this lab, you will look at the scripts that have been shared and are built into Kali and will examine how to use them to do thorough recon on our target, to increase the possibility of success, and reduce the possibilities of frustration.
-
20Video and lab - Scanning for WannaCry RansomwareVideo lesson
EternalBlue, sometimes written as ETERNALBLUE, is an exploit believed to have been developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack on May 12, 2017.
For this lab, students will be using NMap to look for the vulnerability. EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.
-
21Video and Lab - Installing NESSUS Using DockerVideo lesson
In this lab, students will learn how to automate the installation of NESSUS using containerization. Students will be introduced to the Docker program which provides a sandbox for the running of applications called containers. Containers are self-contained images that come preconfigured with all the necessary dependencies, software and files to operate without having the call on the operating system. This course has at least three labs that we use containerization for the installation of certain types of software.
-
22Video and lab - Scanning for Vulnerabilities Using NessusVideo lesson
In this Lab, students will learn how to discover vulnerabilities on their home or business network (The Windows XP Victim should be up and running as part of your network). In this Lab, you will use the industry vulnerability scanner, NESSUS. NESSUS is considered the industry standard for vulnerability scanners. There are plenty of commercial-grade scanners on the market and they all have their good and bad points but NESSUS is considered the gold standard.
-
23Video - Using Your Nessus Scan ResultsVideo lesson
In this video, students learn how to interpret their Nessus scan results.
-
24Video and Lab - Installing OpenVAS Using DockerVideo lesson
In this lab, you will install the Docker program into your Kali machine and then download and install OpenVAS as a container to run inside of Docker.
-
25Video and Lab - Scanning for Vulnerabilities Using OpenVASVideo lesson
In this lab, you will conduct a vulnerability scan of your network using OpenVAS.
-
26Video and Lab- Using Metasploit to Launch a DOS Attack Against Windows XPVideo lesson
In this lab, you will learn to use the all-in-one pentesting/hacking suite called Metasploit and perform a DOS attack on a Windows XP target.
-
27Video and Lab - Establishing A VNC Shell Using MeterpreterVideo lesson
In this lab, we see how easy Meterpreter can be used to establish a reverse shell with Windows XP using a well-known SMB exploit. We will also see how to detect any countermeasures that may be running on the remote target. We will establish a remote desktop session using a VNC payload and capture keystrokes to include logon passwords using Meterpreter.
-
28Video and Lab - Using Meterpreter to backdoor Windows XPVideo lesson
In this lab, we see how easy Meterpreter can be used to create a backdoor into a Windows machine using nothing more than built-in system tools. We will also see how easy it is to detect and disable the Windows firewall if it is running on our victim machine. Lastly, we’ll want to remove any traces of our presence from the Windows log files.
-
29Lab - Exploiting Vulnerable Applications on Windows XP SP2Text lesson
Often times we can exploit an operating system by looking for vulnerabilities with the applications that are running. In this lab, we will use a well-known vulnerability found in a popular streaming media server called Icecast.
-
30Lab - Hacking Windows XP via MS11-006 Windows Shell Graphics ProcessingText lesson
In this lab, students will learn to attack Windows XP using MS11-006 vulnerability provided by Metasploit. According to the Metasploit website:
This module exploits a stack-based buffer overflow in the handling of thumbnails within.MIC files and various Office documents. When processing a thumbnail bitmap containing a negative 'biClrUsed' value, a stack-based buffer overflow occurs. This leads to arbitrary code execution. In order to trigger the vulnerable code, the folder containing the document must be viewed using the "Thumbnails" view.
-
31Video - Creating a Virtual Install of Server 2008 Using virtualBoxVideo lesson
In this short video presentation, you will learn how to use VirtualBox to create a virtual install of Server 2008.
-
32Video and Lab - Create Reverse Shell Using MS09_050Video lesson
In this lab, students will download an ISO image for Server 2008 and run a well known exploit to take over the machine. Lot's of material in this lab so take it slow and steady.
-
33Video and lab - Installing Metasploitable2 Using VirtualBoxVideo lesson
In this lab, you will learn how to import Metasploitable2 into VirtualBox. Metasploitable2 is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools and practice common penetration testing techniques.
-
34Lab - Learning to Hack Linux Using Metasploitable2Text lesson
In this lab, you will be introduced to hacking Linux using a vulnerable install of Linux called Metasploitable2. Metasploitable2 is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
-
35Lab - Exploring Endpoint AttacksText lesson
In the lab, students will perform several ethical hacking lab exercises. The focus is on attacking endpoints. While there will be several specific attacks that you will perform, don't concentrate on the specifics. There are innumerable attacks that will come and go. Instead, of concentrating on the specific attack, concentrate on the bigger picture. Where do the vulnerabilities lie? You will see misconfigurations, back-doored software, vulnerabilities in base operating systems, and users who are vulnerable to social engineering. Also, concentrate on bigger concepts such as pivoting, privilege escalation, persistence, and tunneling, each of which is leveraged in this lab exercise.
-
37Video and Lab - Introduction to BASH ScriptingVideo lesson
One of the great features of Linux is to writing scripts. Compared to writing Windows batch files, BASH scripting is much more flexible and comes with advanced features you won’t find in a batch script. To understand how the BASH shell works, you must understand the logic of how Linux is built.
Simply put, BASH (Bourne-Again Shell) is the default shell we are provided within Linux distributions. It is the command-line interpreter (CLI) for GNU (GNU’s Not Unix) operating system. When we open a terminal session in Kali or Ubuntu, we are using the BASH shell. Though GNU operating systems provide different shells, BASH is the default out of the box shell for Linux.
-
38Video and Lab - Creating a BASH Script for Scanning Vulnerable PortsVideo lesson
In this second BASH scripting lab, students will see how one hacker using Nmap and simple BASH script caused $86 million dollars of havoc for the credit card companies.
-
39Lab -Linux BASH Shell Scripting -Task SchedulingText lesson
In windows, we use the AT command to schedule a job, in Linux, we use Crontab. Crontab is a list of commands which enables us to schedule a repetitive task to run on a schedule. This is also the name of the command used to manage the list.
-
40Video and Lab – Password Cracking Using MedusaVideo lesson
In this lab, students will use a well known password cracking utility, Medusa, to brute-force their way onto a target running VNC on port 5900 using the Medusa VNC module. Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.
-
41Video and Lab - Passwords Cracking Using MimikatzVideo lesson
In this lab, the student will learn how to crack a cleartext password from a Windows client using Mimikatz. Mimikatz has become an extremely effective attack tool against Windows clients, allowing bad actors to retrieve cleartext passwords, as well as password hashes from memory. This lab will provide an overview of Mimikatz’s capabilities and payload vectors.
-
42Video and Lab - Password Cracking Using HydraVideo lesson
In this short lab, you will learn how to use the password cracking utility Hydra to brute force a password for VNC running as a service on Metasploitable2.
-
43Video and Lab - Installing a Wireless Adapter in KaliVideo lesson
In the short video and lab, you will learn how to add a wireless adapter to your virtual install of Kali using VirtualBox.
-
44Video and Lab - Hacking a Wireless Network Using Kali LinuxVideo lesson
In this short video and lab, you will learn how to easily hack into a wireless network using Kali Linux.
-
45Video and Lab - Wireless Deauthentication AttackVideo lesson
In this short video and lab, you will learn how to quickly deauthenticate a wireless user or device connected to a specific wireless access point or router.
-
46Video and Lab - Installing w3af in Kali Linux Using DockerVideo lesson
The w3af scanner no longer comes installed with Kali Linux. In this short lab, you will learn how to properly install the w3af scanner onto a Kali Linux virtual machine using a Docker container.
-
47Video and Lab – Conducting A Website Vulnerability Scan Using w3afVideo lesson
In this lab, students will conduct a website vulnerability scan using the command line version of Web Application Attack and Audit Framework (w3af).
-
48Video and Lab – Performing a Browser Based AttackVideo lesson
In the lab, students will perform a manual SQL injection attack on a vulnerable web-based application inside of Metsploitable2 called Mutillidae. In the second part of the lab, students will perform a Local File Inclusion and Directory Traversal attack.
-
49Video and lab - SQL Injection Attack Using SQLmapVideo lesson
SQLmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
-
50Video - Configure Kali for Exploitation the WANVideo lesson
In this video, students will learn how to configure Kali running Apache Web Service for exploiting remote targets across the WAN.
-
51Video and lab - The Browser Exploitation Framework (BeEF)Video lesson
In the lab, you will learn how to exploit a remote browser using the Browser Exploitation Framework.
-
52Lab file - Capture the Flag (CTF) – Mr. RobotText lesson
In this lab, you will attempt to capture three hidden flags. Using the hacker methodology, you will work your way through this CTF scenario based on the show, Mr. Robot. This CTF exercise has three keys hidden in different locations. Your goal is to find all three. Each key becomes progressively difficult to find. The level of expertise for this CTF is considered beginner-intermediate. There is no advanced exploitation or reverse engineering.
Capture the Flags (CTFs) are events that are usually hosted at information security conferences. These events consist of a series of challenges that vary in their degree of difficulty and require participants to exercise different skill sets to solve. Once an individual challenge is solved, a “flag” is given to the player, and they submit this flag to the CTF server to earn points.
-
53Video Walk Through -Key #1Video lesson
Discovery and Footprinting
To find the first key, you will need to find the what vulnerabilities are present on the target.
-
54Video Walk through - Key #2Video lesson
Exploitation
You will use brute force to gain access to the Apache web server running Wordpress.
-
55Video Walk Through - Key #3Video lesson
Escalating Privileges
Key #3 is is well hidden and protected with root access.You will need to find a way to gain root access.
-
56Lab File - Walkthrough - CTF – StaplerText lesson
In this lab, you will be shown how to gain root access to a virtual machine designed as a challenge the flag (CTF) exercise. This CTF is rated as beginner to intermediate. These walk-throughs are designed so students can learn by emulating the technical guidelines used in conducting an actual real-world pentest. A high-level overview of the standards can be found here.
-
57Video - Capture the Flag - Stapler Part 1Video lesson
Video - Part 1 Walkthrough for the CTF, stapler.
-
58Video - Capture the Flag - Stapler Part 2Video lesson
Video - Part 2 Walkthrough for the CTF, Stapler.
-
59Video - Capture the Flag - Stapler Part 3Video lesson
Video - Part 3 Walkthrough for the CTF, Stapler.
External Links May Contain Affiliate Links read more