Course Overview
Welcome to this course on Practical Ethical Hacking. To enjoy this course, you need nothing but a positive attitude and a desire to learn. No prior hacking knowledge is required.
In this course, you will learn the practical side of ethical hacking. Too many courses teach students tools and concepts that are never used in the real world. In this course, we will focus only on tools and topics that will make you successful as an ethical hacker. The course is incredibly hands on and will cover many foundational topics.
Requirements:
- Basic IT knowledge
- For Mid-Course Capstone: A minimum of 12GB of RAM is suggested.
- For Wireless Hacking: A wireless adapter that supports monitor mode (links provided in course).
- For Active Directory Lab Build: A minimum of 16GB of RAM is suggested. Students can still participate in the course, but may experience slow lab environments.
In this course, we will cover:
- A Day in the Life of an Ethical Hacker. What does an ethical hacker do on a day to day basis? How much can he or she make? What type of assessments might an ethical hacker perform? These questions and more will be answered.
- Effective Notekeeping. An ethical hacker is only as good as the notes he or she keeps. We will discuss the important tools you can use to keep notes and be successful in the course and in the field.
- Networking Refresher. This section focuses on the concepts of computer networking. We will discuss common ports and protocols, the OSI model, subnetting, and even walk through a network build with using Cisco CLI.
- Introductory Linux. Every good ethical hacker knows their way around Linux. This section will introduce you to the basics of Linux and ramp up into building out Bash scripts to automate tasks as the course develops.
- Introductory Python. Most ethical hackers are proficient in a programming language. This section will introduce you to one of the most commonly used languages among ethical hackers, Python. You'll learn the ins and outs of Python 3 and by the end, you'll be building your own port scanner and writing exploits in Python.
- Hacking Methodology. This section overviews the five stages of hacking, which we will dive deeper into as the course progresses.
- Reconnaissance and Information Gathering. You'll learn how to dig up information on a client using open source intelligence. Better yet, you'll learn how to extract breached credentials from databases to perform credential stuffing attacks, hunt down subdomains during client engagements, and gather information with Burp Suite.
- Scanning and Enumeration. One of the most important topics in ethical hacking is the art of enumeration. You'll learn how to hunt down open ports, research for potential vulnerabilities, and learn an assortment of tools needed to perform quality enumeration.
- Exploitation Basics. Here, you'll exploit your first machine! We'll learn how to use Metasploit to gain access to machines, how to perform manual exploitation using coding, perform brute force and password spraying attacks, and much more.
- Mid-Course Capstone. This section takes everything you have learned so far and challenges you with 10 vulnerable boxes that order in increasing difficulty. You'll learn how an attacker thinks and learn new tools and thought processes along the way. Do you have what it takes?
- Exploit Development. This section discusses the topics of buffer overflows. You will manually write your own code to exploit a vulnerable program and dive deep into registers to understand how overflows work. This section includes custom script writing with Python 3.
- Active Directory. Did you know that 95% of the Fortune 1000 companies run Active Directory in their environments? Due to this, Active Directory penetration testing is one of the most important topics you should learn and one of the least taught. The Active Directory portion of the course focuses on several topics. You will build out your own Active Directory lab and learn how to exploit it. Attacks include, but are not limited to: LLMNR poisoning, SMB relays, IPv6 DNS takeovers, pass-the-hash/pass-the-password, token impersonation, kerberoasting, GPP attacks, golden ticket attacks, and much more. You'll also learn important tools like mimikatz, Bloodhound, and PowerView. This is not a section to miss!
- Post Exploitation. The fourth and fifth stages of ethical hacking are covered here. What do we do once we have exploited a machine? How do we transfer files? How do we pivot? What are the best practices for maintaining access and cleaning up?
- Web Application Penetration Testing. In this section, we revisit the art of enumeration and are introduced to several new tools that will make the process easier. You will also learn how to automate these tools utilize Bash scripting. After the enumeration section, the course dives into the OWASP Top 10. We will discuss attacks and defenses for each of the top 10 and perform walkthroughs using vulnerable web applications. Topics include: SQL Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control, Security Misconfigurations, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, and Insufficient Logging and Monitoring
- Wireless Attacks. Here, you will learn how to perform wireless attacks against WPA2 and compromise a wireless network in under 5 minutes.
- Legal Documentation and Report Writing. A topic that is hardly ever covered, we will dive into the legal documents you may encounter as a penetration tester, including Statements of Work, Rules of Engagement, Non-Disclosure Agreements, and Master Service Agreements. We will also discuss report writing. You will be provided a sample report as well as walked through a report from an actual client assessment.
- Career Advice. The course wraps up with career advice and tips for finding a job in the field.
At the end of this course, you will have a deep understanding of external and internal network penetration testing, wireless penetration testing, and web application penetration testing. All lessons taught are from a real-world experience and what has been encountered on actual engagements in the field.
Note: This course has been created for educational purposes only. All attacks shown were done so with given permission. Please do not attack a host unless you have permission to do so.
Questions & Answers Team Availability and Rules
The Q&A team responds to most questions within 2 business days. Specific Q&A rules are as follows:
1. Please encourage each other and help each other out. The support team is here to help, but are not staffed 24/7.
2. Support assistance will only be provided for course related material only. If you are using a tool or method in your labs that is not taught in the course, it is better asked in Discord on an appropriate channel outside of #course-chat.
3. Avoid spoilers for the mid-course capstone. If you are assisting another user or asking a question related to this section, please try to not provide direct answers/solutions.
4. Be kind to others and be patient. This field consists of patience, self-motivation, self-determination, and lots of Googling. Do not demand help or expect answers. That mindset will not take you far in your career. <3
Ty Atkin
"Most outstanding. There is no better course on this topic. After completing this course I crushed 3 different Red Team interviews and received two offers. Heath is the BEST mentor and teacher. So grateful he took the time to put this together. It unlocked an entirely new world in my career. Thanks Heath!"
Azeer Esmail
"It was such a pleasure learning from Heath, he has the skill, experience and right attitude to teach. I've been looking around for some time for such a comprehensive Pen-testing course, and I'm very happy I landed on this one. Thanks Heath! Keep giving from the heart!"
Mike Roberts
"Even as a veteran and IT business owner this was the most helpful and well polished course I've ever taken to further advance my security knowledge. Thank you Heath for putting so much time and passion into this."
Course Curriculum - 25 Hours
- Exploring Kali Linux (3:28)
- Sudo Overview (5:12)
- Navigating the File System (18:12)
- Users and Privileges (16:54)
- Common Network Commands (8:26)
- Viewing, Creating, and Editing Files (6:21)
- Starting and Stopping Services (6:17)
- Installing and Updating Tools (11:53)
- Scripting with Bash (22:34)
- Section Quiz
- Introduction (2:19)
- Strings (7:24)
- Math (5:44)
- Variables and Methods (10:20)
- Functions (8:58)
- Boolean Expressions and Relational Operators (8:33)
- Conditional Statements (6:58)
- Lists (12:12)
- Tuples (2:11)
- Looping (4:29)
- Advanced Strings (12:39)
- Dictionaries (6:24)
- Importing Modules (5:58)
- Sockets (7:39)
- Building a Port Scanner (18:33)
- User Input (8:38)
- Reading and Writing Files (9:56)
- Classes and Objects (7:51)
- Building a Shoe Budget Tool (14:19)
- Section Quiz
- Passive Reconnaissance Overview (7:32)
- Identifying Our Target (3:33)
- Discovering Email Addresses (15:48)
- Gathering Breached Credentials with Breach-Parse (7:17)
- Hunting Breached Credentials with DeHashed (11:55)
- Hunting Subdomains Part 1 (5:31)
- Hunting Subdomains Part 2 (4:48)
- Identifying Website Technologies (7:06)
- Information Gathering with Burp Suite (8:48)
- Google Fu (5:31)
- Utilizing Social Media (5:37)
- Additional Learning (OSINT Fundamentals) (0:48)
- Section Quiz
- Required Installations (6:16)
- Buffer Overflows Explained (4:08)
- Spiking (10:11)
- Fuzzing (6:09)
- Finding the Offset (5:19)
- Overwriting the EIP (3:24)
- Finding Bad Characters (7:51)
- Finding the Right Module (8:26)
- Generating Shellcode and Gaining Root (5:56)
- Exploit Development Using Python3 and Mona (13:39)
- Section Quiz
- Introduction (3:55)
- LLMNR Poisoning Overview (7:26)
- Capturing NTLMv2 Hashes with Responder (4:46)
- Password Cracking with Hashcat (11:31)
- LLMNR Poisoning Defense (2:48)
- SMB Relay Attacks Overview (5:23)
- Quick Lab Update (0:58)
- Discovering Hosts with SMB Signing Disabled (3:36)
- SMB Relay Attack Demonstration Part 1 (4:54)
- SMB Relay Attack Demonstration Part 2 (4:07)
- SMB Relay Attack Defenses (2:33)
- Gaining Shell Access (7:46)
- IPv6 Attacks Overview (4:00)
- Installing mitm6 (1:18)
- Setting Up LDAPS (2:24)
- IPv6 DNS Takeover via mitm6 (7:43)
- IPv6 Attack Defenses (3:00)
- Passback Attacks (5:16)
- Other Attack Vectors and Strategies (8:43)
- Section Quiz
- Introduction (1:03)
- Pass the Hash / Password Overview (3:04)
- Installing crackmapexec (0:38)
- Pass the Password Attacks (7:07)
- Dumping Hashes with secretsdump.py (3:11)
- Cracking NTLM Hashes with Hashcat (3:06)
- Pass the Hash Attacks (6:25)
- Pass Attack Mitigations (2:42)
- Token Impersonation Overview (3:48)
- Token Impersonation with Incognito (7:03)
- Token Impersonation Mitigation (2:43)
- Kerberoasting Overview (5:11)
- Kerberoasting Walkthrough (3:51)
- Kerberoasting Mitigation (1:09)
- GPP / cPassword Attacks Overview (3:22)
- Abusing GPP: Part 1 (8:46)
- Abusing GPP: Part 2 (4:12)
- URL File Attacks (5:35)
- PrintNightmare (CVE-2021-1675) Walkthrough (12:05)
- Mimikatz Overview (5:36)
- Credential Dumping with Mimikatz (9:20)
- Golden Ticket Attacks (7:18)
- Conclusion and Additional Resources (6:24)
- Section Quiz
- Introduction (1:36)
- The OWASP Top 10 and OWASP Testing Checklist (10:26)
- Installing OWASP Juice Shop (6:48)
- Installing Foxy Proxy (2:13)
- Exploring Burp Suite (11:28)
- Introducing the Score Board (2:50)
- SQL Injection Attacks Overview (5:12)
- SQL Injection Walkthrough (10:06)
- SQL Injection Defenses (2:49)
- Broken Authentication Overview and Defenses (5:43)
- Testing for Broken Authentication (7:39)
- Sensitive Data Exposure Overview and Defenses (4:53)
- Testing for Sensitive Data Exposure (8:01)
- XML External Entities (XXE) Overview (9:54)
- XXE Attack and Defense (8:03)
- Broken Access Control Overview (3:29)
- Broken Access Control Walkthrough (4:28)
- Security Misconfiguration Attacks and Defenses (4:58)
- Cross-Site Scripting (XSS) Overview (10:33)
- Reflected XSS Walkthrough (6:22)
- Stored XSS Walkthrough (6:16)
- Preventing XSS (3:48)
- Insecure Deserialization (4:33)
- Using Components with Known Vulnerabilities (4:38)
- Insufficient Logging and Monitoring (3:12)
- Section Quiz
About the Instructor
Hi everyone! My name is Heath Adams, but I also go by "The Cyber Mentor" on social media. I am the founder and CEO of TCM Security, an ethical hacking and cybersecurity consulting company. While I am an ethical hacker by trade, I love to teach! I have taught courses to over 170,000 students on multiple platforms, including Udemy, YouTube, Twitch, and INE.
I am currently OSCP, OSWP, eCPPTX, eWPT, CEH, Pentest+, CCNA, Linux+, Security+, Network+, and A+ certified.
I'm also a husband, animal dad, tinkerer, and military veteran. I hope you enjoy my courses.
Follow Heath on Social Media:
LinkedIn - https://linkedin.com/in/heathadams
Twitter - https://twitter.com/thecybermentor
YouTube - https://youtube.com/c/thecybermentor
Twitch - https://twitch.tv/thecybermentor
Featured Courses
Frequently Asked Questions
Can I get a refund if I'm unhappy with my purchase?
Yes. All courses come with a 3-day money-back guarantee.
Will I receive a certificate of completion when I finish a course?
Yes. All courses come with a certificate of completion.
Do the courses count as Continuing Education Units (CEUs)?
Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.
Do course purchases come with lifetime access?
Yes. You only pay once for our courses!
Can I migrate Udemy courses?
Unfortunately, we cannot migrate users from Udemy to the Academy. Udemy does not provide us with student enrollment information. The Udemy courses do receive quality of life updates and are still supported by our team. We apologize for any inconvenience.
What's the difference between purchasing a course and the All-Access Pass?
When a student purchases a course, either individually or with a bundle, they receive lifetime access to the course and its materials. When a student purchases the All-Access pass subscription, they receive access to all of our courses and content, but the access is removed once the monthly subscription ends.