Overview What You Will Learn Curriculum Instructor

Course Overview

This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install needed software to practice penetration testing on your own machine. Then you will learn what is a website, how it works, what it relies on, what do mean by a web server, and a database, and how all of these components work together to give us functioning websites. Once you understand how websites work, we will start talking about how can we exploit these components and this method of communication to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level — by the time you finish, you will be able to launch attacks and test the security of websites and web applications exactly the same way that black hat hackers would do, not only that but you’ll be able to fix these vulnerabilities and secure websites from them. All the attacks explained in this course are launched against real devices in my lab.

What You Will Learn

  • Understand the basics of Kali Linux
  • Learn more about file upload
  • code execution
  • local file inclusion
  • and remote file inclusion vulnerabilities and how to tackle them
  • Explore SQL Injection
  • Advanced SQLI
  • XXS
  • BeEF Framework
  • and CSRF
  • Learn about the different password attacks

Program Curriculum

  • Introduction
  • $7 Million Cybersecurity Scholarship by EC-Council

  • Building Lab Concepts
  • Building a Lab VirtualBox
  • Deploying a Kali Linux VM
  • Deploying a Metasploitable VM
  • Deploying Windows VM
  • Chapter 2 Quiz

  • Kali Linux Overview
  • Linux Command Line Overview
  • Lab Network and Metasploitable Settings
  • Websites 101
  • Web Hacking Intro
  • Chapter 3 Quiz

  • Information Gathering
  • Discovery Tools
  • DNS Reconnaissance
  • Websites Same Server
  • Subdomains
  • Files Directories
  • Analyzing Discovered Files 1
  • Maltego 1of2
  • Maltego Part 2-1
  • Chapter 4 Quiz

  • Introduction File Upload Vulnerability
  • HTTP Requests
  • Using Burp as Proxy
  • Exploiting Advanced File Upload Vulnerability
  • Exploiting More Advanced File Upload Vulnerability
  • Security File Upload Vuln
  • Chapter 5 Quiz

  • Code Exec Vuln
  • Advabced Code Execution Vulnerabilities
  • Security Code Exec Vuln
  • Chapter 6 Quiz

  • Local File Vulnerabilities
  • Get Shell from LFI
  • Get Shell from LFI Part 2
  • Chapter 7 Quiz

  • Remote File Inclusion Vulnerabilities (1 of 3)
  • Remote File Inclusion Vulnerability (2 of 3)
  • Remote File Inclusion Vulnerability (3 of 3)
  • RFI Vulnerability Countermeasures
  • Chapter 8 Quiz

  • SQL Injection
  • SQLi
  • Chapter 9 Quiz

  • SQLi on https post
  • Bypassing Logins using SQL Injection
  • Bypassing More Secure Logins using SQL Injection
  • Mitigating SQL Injection Login Bypassing
  • Chapter 10 Quiz

  • Discovering SQL Injection in GET
  • Reading Database Information
  • Find Database Tables
  • Extracting Sensitive Information Such as Passwords
  • Chapter 11 Quiz

  • Exploiting Blind SQL Injections
  • Discovering More Complex SQL Injections
  • Extracting Passwords Using a More Complex SQL Injection
  • Bypassing Security and Accessing All Records
  • Bypassing Filters
  • Quick Fix to Prevent SQL Injections
  • Reading and Writing Files on The Server Using SQL Injection
  • Getting Reverse Shell and Full Control of a Web Server
  • SQLmap
  • Getting a Direct SQL Shell Using SQLmap
  • Security SQLi
  • Chapter 12 Quiz

  • Introduction XSS
  • Reflected XSS
  • Discovering Advanced Reflected XSS
  • More Advanced Reflected XSS
  • Stored XSS
  • Discovering Advanced Stored XSS
  • DOM Based XSS
  • Chapter 13 Quiz

  • Beef XSS
  • Hooking Victims to BeEF using Stored XSS
  • BeEF Interacting with Hooked Victims
  • BeEF Running Basic Commands on Victims
  • BeEF Stealing Credentials from a Fake Login Prompt
  • Installing Veil
  • Veil Overview and Basic Payloads
  • Generating an Undetectable Backdoor Using Veil 3
  • Listening for Incoming Connections
  • Basic Backdoor Delivery Method
  • BeEF Gaining Full Control over Windows Target
  • Security Tips for XSS
  • Chapter 14 Quiz

  • Loggin In as Admin without Password Manipulating Cookies
  • Discovering CSRF Vulnerabilities
  • Exploiting CSRF Vulnerability to Change Admin Password Using HTML File
  • Exploiting CSRF 2 of 2
  • Security Tips to Prevent CSRF
  • Chapter 15 Quiz

  • Brute Force and Dictionary Attacks
  • Creating a Wordlist
  • Hydra Part 1 of 2
  • Launching a Wordlist Attack with Hydra part 2 1
  • Chapter 16 Quiz

  • OWASP ZAP
  • Analyzing Scan Results with OWASP ZAP
  • w3af console1
  • Acunetix1
  • wmap 1
  • csmap1
  • xml injection 1
  • Chapter 17 Quiz

Conclusion

Load more modules

Instructor

Luciano Ferrari

Chief Executive Officer of the IT security and data defense firm Cyology Labs™ in Montréal, Canada

Luciano Ferrari is an information security leader and IoT hacking expert. He holds multiple security certifications, including CISSP, CISM, CRISC, and PCIP, and has worked at Fortune 500 companies in both technical and leadership roles. He drives progress at his own company, LufSec, where he works on security-related issues and projects. Luciano has conducted hundreds of IT security audits and penetration tests, including audits and tests on IoT devices for cable companies. He has also leveraged his IT security expertise in manufacturing, semiconductor, financial, and educational institutions. With his background in electronics and microelectronics, his distinct specialization is definitely on hardware hacking. Luciano is passionate about sharing his knowledge with others and teaching. His other areas of expertise include IT infrastructure, networking, penetration testing, risk, vulnerability, and threat management. In private, he enjoys researching new technologies and participating at security conferences and in bug bounty programs.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

$ 499.00
Billed annually or $59.00 billed monthly
Get Started Now
Start your 7-day trial for $1

What is included

  • 700+ Premium Short Courses
  • 50+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

$ 599.00
Billed annually or $69.00 billed monthly
Get Started Now
Start your 7-day trial for $1

Everything in Pro and

  • 800+ Practice Lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Practice Labs and Challenges added every month
  • 3 Official EC-Council Essentials Certifications¹ (retails at $897!)
    Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

  • OSINT: Unmasking Online Scams and Fraud

    OSINT: Unmasking Online Scams and Fraud

    Short Course

    OSINT: Unmasking Online Scams and Fraud

    Cybersecurity

    Master OSINT Techniques to Detect Online Scams, Phishing, Fak...

    $0.00

    Beginner

  • Implementing and Administering Cisco Solutions: CCNA 200-301

    Implementing and Administering Cisco Solutions: CCNA 200-301

    Short Course

    Implementing and Administering Cisco Solutions: CCNA 200-301

    Cybersecurity

    Gain the core skills within the field of Network Engineering ...

    $69.99

    Beginner

    10 hr 30 m

  • WordPress Security - Secure Your Site Against Hackers

    WordPress Security - Secure Your Site Against Hackers

    Short Course

    WordPress Security - Secure Your Site Against Hackers

    Cybersecurity

    Learn how to protect and secure you Wordpress Website

    $59.99

    Beginner

    2 hr 30 m

  • OSINT - Open-source Intelligence

    OSINT - Open-source Intelligence

    Short Course

    OSINT - Open-source Intelligence

    Cybersecurity

    Learn about OSINT (Open-source intelligence) from a hacker's ...

    $69.99

    Beginner

    5 hr 59 m

  • Ultimate Privacy by Design Master Course (GDPR, CCPA, Etc.)

    Ultimate Privacy by Design Master Course (GDPR, CCPA, Etc.)

    Short Course

    Ultimate Privacy by Design Master Course (GDPR, CCPA, Etc.)

    Cybersecurity

    Learn the Privacy by Design process to increase the Privacy p...

    $69.99

    Beginner

    5 hr 30 m

  • Malware Analysis Fundamentals

    Malware Analysis Fundamentals

    Short Course

    Malware Analysis Fundamentals

    Cybersecurity

    Explore how to find, analyze, and reverse engineer malware.

    $59.99

    Beginner

    4 hr 22 m

  • Digital Footprinting

    Digital Footprinting

    Short Course

    Digital Footprinting

    Cybersecurity

    A Practical Introduction to Digital Footprint Analysis

    $69.99

    Beginner

    4 hr 0 m

  • CVE's for Ethical Hacking Bug Bounties & Penetration Testing

    CVE's for Ethical Hacking Bug Bounties & Penetration Testing

    Short Course

    CVE's for Ethical Hacking Bug Bounties & Penetration T...

    Cybersecurity

    Complete Practical Course on CVEs for Ethical Hacking Penetra...

    $69.99

    Beginner

    7 hr 20 m

1 8