Overview What You Will Learn Curriculum Instructor

Course Overview

This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing on your own machine. Then you will learn what is a website, how it works, what it relies on, what do mean by a web server, and a database, and how all of these components work together to give us functioning websites. Once you understand how websites work, we will start talking about how can we exploit these components and this method of communication to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level — by the time you finish, you will be able to launch attacks and test the security of websites and web applications exactly the same way that black hat hackers would do, not only that but you’ll be able to fix these vulnerabilities and secure websites from them. All the attacks explained in this course are launched against real devices in my lab.

What You Will Learn

  • Understand the basics of Kali Linux
  • Learn more about file upload
  • code execution
  • local file inclusion
  • and remote file inclusion vulnerabilities and how to tackle them
  • Explore SQL Injection
  • Advanced SQLI
  • XXS
  • BeEF Framework
  • and CSRF
  • Learn about the different password attacks

Program Curriculum

  • Introduction
  • $7 Million Cybersecurity Scholarship by EC-Council

  • Building Lab Concepts
  • Building a Lab VirtualBox
  • Deploying a Kali Linux VM
  • Deploying a Metasploitable VM
  • Deploying Windows VM
  • Chapter 2 Quiz

  • Kali Linux Overview
  • Linux Command Line Overview
  • Lab Network and Metasploitable Settings
  • Websites 101
  • Web Hacking Intro
  • Chapter 3 Quiz

  • Information Gathering
  • Discovery Tools
  • DNS Reconnaissance
  • Websites Same Server
  • Subdomains
  • Files Directories
  • Analyzing Discovered Files 1
  • Maltego 1of2
  • Maltego Part 2-1
  • Chapter 4 Quiz

  • Introduction File Upload Vulnerability
  • HTTP Requests
  • Using Burp as Proxy
  • Exploiting Advanced File Upload Vulnerability
  • Exploiting More Advanced File Upload Vulnerability
  • Security File Upload Vuln
  • Chapter 5 Quiz

  • Code Exec Vuln
  • Advabced Code Execution Vulnerabilities
  • Security Code Exec Vuln
  • Chapter 6 Quiz

  • Local File Vulnerabilities
  • Get Shell from LFI
  • Get Shell from LFI Part 2
  • Chapter 7 Quiz

  • Remote File Inclusion Vulnerabilities (1 of 3)
  • Remote File Inclusion Vulnerability (2 of 3)
  • Remote File Inclusion Vulnerability (3 of 3)
  • RFI Vulnerability Countermeasures
  • Chapter 8 Quiz

  • SQL Injection
  • SQLi
  • Chapter 9 Quiz

  • SQLi on https post
  • Bypassing Logins using SQL Injection
  • Bypassing More Secure Logins using SQL Injection
  • Mitigating SQL Injection Login Bypassing
  • Chapter 10 Quiz

  • Discovering SQL Injection in GET
  • Reading Database Information
  • Find Database Tables
  • Extracting Sensitive Information Such as Passwords
  • Chapter 11 Quiz

  • Exploiting Blind SQL Injections
  • Discovering More Complex SQL Injections
  • Extracting Passwords Using a More Complex SQL Injection
  • Bypassing Security and Accessing All Records
  • Bypassing Filters
  • Quick Fix to Prevent SQL Injections
  • Reading and Writing Files on The Server Using SQL Injection
  • Getting Reverse Shell and Full Control of a Web Server
  • SQLmap
  • Getting a Direct SQL Shell Using SQLmap
  • Security SQLi
  • Chapter 12 Quiz

  • Introduction XSS
  • Reflected XSS
  • Discovering Advanced Reflected XSS
  • More Advanced Reflected XSS
  • Stored XSS
  • Discovering Advanced Stored XSS
  • DOM Based XSS
  • Chapter 13 Quiz

  • Beef XSS
  • Hooking Victims to BeEF using Stored XSS
  • BeEF Interacting with Hooked Victims
  • BeEF Running Basic Commands on Victims
  • BeEF Stealing Credentials from a Fake Login Prompt
  • Installing Veil
  • Veil Overview and Basic Payloads
  • Generating an Undetectable Backdoor Using Veil 3
  • Listening for Incoming Connections
  • Basic Backdoor Delivery Method
  • BeEF Gaining Full Control over Windows Target
  • Security Tips for XSS
  • Chapter 14 Quiz

  • Loggin In as Admin without Password Manipulating Cookies
  • Discovering CSRF Vulnerabilities
  • Exploiting CSRF Vulnerability to Change Admin Password Using HTML File
  • Exploiting CSRF 2 of 2
  • Security Tips to Prevent CSRF
  • Chapter 15 Quiz

  • Brute Force and Dictionary Attacks
  • Creating a Wordlist
  • Hydra Part 1 of 2
  • Launching a Wordlist Attack with Hydra part 2 1
  • Chapter 16 Quiz

  • OWASP ZAP
  • Analyzing Scan Results with OWASP ZAP
  • w3af console1
  • Acunetix1
  • wmap 1
  • csmap1
  • xml injection 1
  • Chapter 17 Quiz

Conclusion

Load more modules

Instructor

Luciano Ferrari

Chief Executive Officer of the IT security and data defense firm Cyology Labs™ in Montréal, Canada

Luciano Ferrari is an information security leader and IoT hacking expert. He holds multiple security certifications, including CISSP, CISM, CRISC, and PCIP, and has worked at Fortune 500 companies in both technical and leadership roles. He drives progress at his own company, LufSec, where he works on security-related issues and projects. Luciano has conducted hundreds of IT security audits and penetration tests, including audits and tests on IoT devices for cable companies. He has also leveraged his IT security expertise in manufacturing, semiconductor, financial, and educational institutions. With his background in electronics and microelectronics, his distinct specialization is definitely on hardware hacking. Luciano is passionate about sharing his knowledge with others and teaching. His other areas of expertise include IT infrastructure, networking, penetration testing, risk, vulnerability, and threat management. In private, he enjoys researching new technologies and participating at security conferences and in bug bounty programs.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Fastest Way to Level Up Your Cybersecurity Skills

Invest in your future with flexible subscription plans that give you access to the world’s largest online cybersecurity course library. Whether you're exploring cybersecurity courses for beginners or advancing your expertise,
access in-demand courses, practical labs, and CTF challenges designed to support continuous learning.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Build your cybersecurity skills with 900+ bite-sized courses and curated learning paths designed for continuous learning.

$ 69.00
Billed monthly or $599.00 billed annually
Get Started Now
Start your 7-day trial for $1

What is included

  • 880+ Premium Short Courses
  • 70+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Develop real-world cybersecurity skills through hands-on labs and CTF challenges designed for practical learning.

$ 79.00
Billed monthly or $699.00 billed annually
Get Started Now
Start your 7-day trial for $1

Everything in Pro, Plus:

  • 1600+ Hands-on lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Hands-on Labs and Challenges added every month

Related Courses

  • Bootstrap 4 Quick Website Bootstrap Components Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Short Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Software Development

    Explore the basics of Bootstrap and learn to create a website...

    $49.99

    Beginner

    1 hr 30 m

  • CCNA - Understanding Routers and Switches

    CCNA - Understanding Routers and Switches

    Short Course

    CCNA - Understanding Routers and Switches

    Security Architecture and Operations

    A comprehensive guide to understanding the in-depth functioni...

    $49.99

    Intermediate

    2 hr 0 m

  • The Complete Full-Stack JavaScript Course

    The Complete Full-Stack JavaScript Course

    Short Course

    The Complete Full-Stack JavaScript Course

    Software Development

    Learn full-stack web development using JavaScript (ReactJS, N...

    $79.99

    Beginner

    24 hr 17 m

  • React.JS for Ecommerce: Building a Store with React.JS

    React.JS for Ecommerce: Building a Store with React.JS

    Short Course

    React.JS for Ecommerce: Building a Store with React.JS

    DevSecOps

    From React.js Fundamentals to Crafting an Online Storefront

    $49.99

    Advanced

    3 hr 30 m

  • CISSP Certification Domains 5, 6, 7, and 8 Video Training

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Short Course

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Cybersecurity

    This course is ideal for individuals who desire to pass the I...

    $69.99

    Intermediate

    6 hr 30 m

  • Helm 3 - Package Manager for Kubernetes

    Helm 3 - Package Manager for Kubernetes

    Short Course

    Helm 3 - Package Manager for Kubernetes

    Software Development

    A must tool for every DevOps engineer

    $49.99

    Intermediate

    1 hr 27 m

  • Learn Ethical Hacking by Hacking Real Websites Legally

    Learn Ethical Hacking by Hacking Real Websites Legally

    Short Course

    Learn Ethical Hacking by Hacking Real Websites Legally

    Vulnerability Assessment and Pentesting

    Fun way to learn ethical hacking by playing online hacking ga...

    $69.99

    Beginner

    4 hr 18 m

  • Mastering Ansible Playbooks: Debugging and Security

    Mastering Ansible Playbooks: Debugging and Security

    Short Course

    Mastering Ansible Playbooks: Debugging and Security

    Software Development

    Securing and Automating Linux and Windows Systems with Advanc...

    $99.99

    Advanced

    5 hr 34 m

1 50
View all