The RedTeam Blueprint - A Unique Guide To Ethical Hacking | Discount Coupon for Udemy Course
Learn what it really takes to be an Ethical Hacker for Silicon Valley Companies. The TRUE Blueprint to Ethical Hacking. | Discount Coupon for Udemy Course
- 30.5 hours hours of on-demand video
- Full lifetime access
- Access on mobile and TV
- Certificate of completion
- 133 additional resources
- 300+ HD Videos
- 180+ Hands on Exercises
- 400+ Topics
- 30+ Hours of Content
- How a Red Team Works at a Silicon Valley Company
- Building out your own Red Team at a large organization
- High Level and Low Level Crash Course on Windows Operating System Internals
- High Level and Low Level Crash Course on Linux Operating System Internals
- How the Kernel, Memory and the CPU work
- Beginner to Intermediate Networking
- How compiled programs work
- Full Guide to Python Programming
- Full Guide to Assembly Programing and Manual Shellcode Generation
- How Penetration Tests Actually Work and their Methodologies
- How and What Kerberos is
- Building, Managing and Attacking an Enterprise Active Directory Infrastructure
- The ability to scope out a Ethical Hacking Assessment at Silicon Valley Scale
- Building out Finding Reports and designing them for the right audience
- Being able to speak to Executives and Leadership at large organizations
- Passive and Active Reconnaissance tools and Techniques
- Real World Up to Date Exploitation Techniques
- Post Exploitation Techniques
- Custom Fix of Public Exploit Code
- The ability to creatively deploy persistence and backdoor binaries
- Living of the Land and Moving Laterally across the network
- Password Cracking
- Full Guide on Job Hunting in Silicon Valley
Welcome to the FIRST complete guide to Ethical Hacking! A lot of other Ethical Hacking or Security courses will just teach you how to hack or attack target systems. Learning just this aspect of Ethical Hacking WILL NOT GET YOU THE JOB IN THE REAL WORLD! The RedTeam Blueprint was designed and developed by Silicon Valley Hackers to actually land you the hacking job or penetration testing!The reason the course was designed in this unique way is due to the real world Ethical Hacking Experience at Silicon Valley Company's by Brandon Dennis. With countless years of hiring Ethical Hackers, building out Security/Ethical Hacking Teams and developing new attack techniques Brandon is uniquely qualified to provide a full top to bottom course on what it REALLY takes to get into the field of Ethical Hacking. After completing this course you will have not only a solid understanding of Ethical Hacking but also how Teams work at Enterprise Scale, working with Executives and smashing the Interview. This course has 8+ hours of hands on training as well as a realistically usable portfolio you can bring to job interviews. Information Security is an ever growing field and with new jobs opening everyday but not enough professionals to fill them is creating a massive demand. With the RedTeam Blueprint you will be able to fill this gap! As a RedTeam Nation Student you will have the skills required to not only go into Ethical Hacking but into any field of Information Security available! We teach not only the ethical hacking skills required but also the other 50%! Below are just some of the subjects you will learn.Building out a Red Team at Enterprise Silicon Valley ScaleSkills to manage the Red Team as well as internal programs that can chance how the organization worksNetworkingWindows Operating SystemLinux Operating SystemOperating System Internals (Memory, Stack, Heap, Kernels)Programming (Assembly & Python)Passive & Active ReconnaissanceAttack and Create Active Directory Infrastructure Custom ExploitationPost Exploitation Breaking Jail ShellsAbusing a Compromise to Lead to large scale attacksPassword CrackingBuild out a sophisticated in home labBuilding a Personal Security BrandBuilding a PortfolioJob Hunting the Silicon Valley WaySmashing the Job InterviewThese are only SOME of the topics covered in this course. Of course you will receive 24 hour support via Q/A of the course as well as access to our Private Student Only Facebook Group with access to the instructors. Don't wait! Take your career to the next level with the RedTeam Blueprint. Who this course is for:Anyone Curious about Ethical Hacking, Penetration Testing or Red TeamingAnyone who wants to learn the full skillset truly required to land the jobAnyone who wants to learn how professional hackers work and target real organizations from a real hackerAnyone who wants to make a career move into Ethical Hacking from another field
Course Content:
Sections are minimized for better readability, click the section title to view the course content
- Introduction01:16
Welcome!
Follow Me on Twitter: @brandondHTE
Subscribe Youtube: https://bit.ly/358UEJW
- Module Overview - The 3 Teams01:27
You will have a base understanding of what these 3 Core Teams are.
- The Red Team08:48
You will have a solid understanding of what a Red Team is, how its used and where it fits into an organization.
- The Blue Team05:46
You will have a solid understanding of what a Blue Team is, how its used and where it fits into an organization.
- The Purple Team07:40
You will have a solid understanding of what a Purple Team is, how its used and where it fits into an organization.
- Module Overview - Penetration Testing Process03:39
Students will learn how to build out an internal Red Team at scale. Along with this a current and industry used Penetration Methodology that will outline the rest of the course.
- Penetration Testing Methodology08:11
You will learn a new industry Penetration Testing Methodology used at Silicon Valley Companies.
- Metrics & Why They Are Important12:05
You will learn what Metrics are, how they are used and how to build them yourself!
- Routine Assessments Part 1 - What Are Routine Assessments?04:25
You will have a solid understanding of what assessments are in a Red Team and start brain storming on different types.
- Routine Assessments Part 2 - Yearly Assessments05:28
Now that we have covered what assessments are you will learn how and why Yearly assessments are done.
- Routine Assessments Part 3 - Quarterly Assessments?09:17
Now that we have covered what Yearly assessments are you will learn how and why Quarterly assessments are done.
- Routine Assessments Part 4- Monthly Assessments?04:31
Now that we have covered what Quarterly assessments are you will learn how and why Monthly assessments are done.
- Routine Assessments Part 5 - Constant Assessments?08:12
Now that we have covered what Monthly assessments are you will learn how and why Constant assessments are done.
- Routine Assessments Part 6 - Building an Assessment Plan07:21
With a good understanding of the different types of assessments that are possible and their frequency I now task you with building your own for a Red Team! You will learn in this video how to build out your own.
- Building & Working with an Enterprise Budget12:15
Working with a budget and being able to build one speaks volumes about you as a professional. This is a key component to truly landing the job.
- Specialties?!03:58
It's important to understand your specialty in the field of Ethical Hacking. This will help with job hunting as well as the interview process.
- The CIA Triangle03:09
The CIA Triangle is commonly used in a large section of I.T. For Security it is paramount to understand why it is in place and what each step means.
- Installing & Using VirtualBox for Lab Virtualization10:41
Learn how to build a virtualization environment that will be utilized throughout the rest of the course.
- Windows at a Glance22:20
Knowing your way around Windows is required for an attacker. A lot of enterprise companies still utilize Windows environments.
- The Windows File System11:42
You will learn how the current Windows File System works and some intimate details about it.
- Windows Logs10:50
Knowing where and how Windows logs it's events is a core skill to any Ethical Hacker.
- Windows Internals - UAC08:38
User Account Control or UAC is going to get in your way as an Ethical Hacker. You need to get a good grasp on this topic and how its implemented to understand how to beat it!
- Windows Internals - Permissions16:45
Learning to abuse Windows? Permissions is where its at. This is by far the most commonly misconfigured element of Windows environments!
- Windows Internals - Alternate Data Streams08:44
Alternate Data Streams or ADS is a great way to hide data but also can be used in some sneaky and creative ways.
- Windows Internals - API Calls12:35
API Calls in Windows can be complicated at first but once you understand what they do and how things get much easier. When looking at Windows based Privilege Escalation exploits you tend to see API Calls used and it makes reading and understanding them far easier!
- Windows Internals - The SID06:11
The SID for Windows is a unique number for users/groups. Being able to quickly identify a user based on it's SID allows you to see a lower level of Windows.
- Windows Internals - Tokens07:49
Windows Tokens are one of my favorite concepts. You can abuse these in SO MANY ways. Token Impersonation is a key concept for any Ethical Hacker!
- Windows Internals - Named Pipes06:01
Windows Named Pipes are used by most applications in Windows. They have their own vulnerabilities and understand what they are and how they work can allow someone to be very "creative".
- Windows Internals - PE Files & DLLs16:08
Here we take a look and how a PE and DLL file is structured and some of the components of each. This forms a base for knowledge to be gained in future modules.
- Windows Command Line - Accessing the Command Line04:56
Learning the Windows Command Line is a required skill for any hacker. You won't find yourself with a GUI very often and knowing how to move around, manage the machine and do what you need to without it is a hard requirement!
- Windows Command Line - Navigation07:04
Learn about navigation in the Windows Command Line world!
- Windows Command Line - Working with Files and Directories07:31
Learn to work with files and directories in Windows Command Line.
- Windows Command Line - Working with Pipes09:32
As we learned about Named Pipes now we can use them in actions to see what we can do with them.
- Windows Command Line - Standard I/O/E03:56
The Standard Input Output an Error are used throughout all Operating Systems. They are commonly used the same way in most OS's. This is a useful skill to make working on the Command Line far easier.
- Windows Command Line - Managing Windows12:07
You never know when you need to make a configuration setting, add a rouge service or learn more about the system. Know how to manage Windows without the GUI!
- Where is the GUI?!03:50
We take our first look at Linux and figure out where the GUIÂ went!
- The Linux File System05:39
Before we dive into Linux its important to understand how the file system in laid out and that EVERYTHING is a FILE!
- Linux Command Line - Navigation04:27
Since most of your time as an attacker is spent in a Terminal or Command Line its paramount to know how to navigate. This is fairly similar to Windows.
- Linux Command Line - Working with Files and Directories08:42
Since everything is a file, that includes directories, we need to know how to work with them!
- Linux Command Line - Standard I/O/E Recap03:48
Very similar to Windows Standard I/O/E we will do a quick recap on the subject in Linux.
- Linux Command Line - Working with Data13:32
How that we understand how to work with files we need to learn how to work with data itself. We go over how to manipulate data to our will!
- Linux Command Line - Working with File Permissions09:39
Same with Windows Permission we must learn the Linux side of the fence. There are a lot of vulnerabilities that rely on configuration issues with permissions. Understanding this will provide you a greater insight on how things work and how they can be abused.
- Linux Command Line - Man Pages03:39
Man pages are the Linux Users quick look up replacement of Google Searching. These can provide very critical bits of information that are specific to a system without looking through countless white papers.
- Linux Command Line - Base6402:56
Being able to use and manipulate base64 is useful for not only encoding larger normally unreadable data but for getting binaries/data on and off machines!
- Linux Command Line - Hex06:26
Very similar to base64 use cases but has its uses elsewhere in other applications! Its important to understand how to quickly get and resolve hex/base64 data.
- Linux Command Line - Network Connections Recap03:58
We quickly recap how to grab network connections in Linux as we did with Windows. Remember in Linux everything is a file!
- Linux Processes13:00
Learn about how Linux processes work and the types you will run into.
- What are INodes?04:30
INodes are an integral part of the Linux File System. They can be used in a lot of useful ways!
- Working with Open Files06:38
Since everything is a file dealing with Open Files is just as important! You will learn how to manage Open Files on Linux.
- Symbolic Links05:49
Abusing Symbolic Links is very fun but you need to know how to use them first!
- The ID's02:58
Linux uses ID's just like Windows uses SID's. You will need to understand these as well when attacking a Linux Machine.
- Linux Pipes03:19
Similar to Windows Pipes Linux has their own! These are very useful for working with data.
- Linux Run Levels03:49
We go over the Run Levels of Linux and what each of them mean. They each have their own attack vector.
- Linux Logs03:43
Logging is a big topic on Linux machines. A lot of organizations will build their own logs and sometimes provide juicy information!
- The Kernel11:10
Here you will learn about the Linux Kernel and how it works.
- One Ring to Rule Them All05:40
Inside of the Kernel we have different ring levels. Each of these levels provide different privileges. With understanding this it helps work on exploit development and how attacks affect the Kernel.
- What is a CPU?02:40
We take a quick break from low level stuff to see how a CPUÂ itself works.
- The CPU Registers09:16
When looking at the CPU there is a base component called Registers. These will be required in our Assembly section of the course so be sure to watch this!
- The CPU Flags02:08
Flags are similar to registers and are just as required for the Assembly course!
- What is Memory & How does it work?03:35
We take our first look at how memory works on computers. This can be a deep topic so rewatch if needed.
- The Stack05:46
We take a stab at tackling the Stack! If you are wanting to learn Buffer Overflows or Exploit Development this is essential.
- The Heap03:23
While Similar to the Stack The Heap helps out a different part of the process!
- Extra information on Memory04:06
Here we provide some extra context on memory and the CPU!
- Debuggers05:10
In this video we take our knowledge of memory and the CPU and dive into a debugger!
- Taking a look at ASLR03:22
We look at Address Space Layout Randomization or ASLR and how it works in Windows.
- A Quick Word About AntiVirus05:14
We quickly talk about AnitVIrus and some issues facing an Ethical Hacker.
- What is Active Directory05:39
Active Directory is a very common infrastructure at larger organizations. To best attack this type of infrastructure you should know how it works and be able to configure it yourself.
- Basic Windows Server Configuration07:01
We hit the base configurations for a Windows Server for our needs.
- Install AD DS09:08
We look at actually installing Active Directory on our specified Windows Server and how to configure it.
- The AD Tree09:41
Understanding the Active Directory Tree is just as important as configuring Active Directory itself. An attacker will commonly find themselves investigating the Tree for issues.
- OU's and their Permissions06:31
Along with the Tree itself there are leaves or OU's. Theses contain all of the data and objects. You will have a good grasp on how and why things are setup the way they are.
- Managing Users and Groups05:00
We take a look at managing users and groups. This includes delegation of permissions and setting up help desk users.
- Adding Machine to the Domain06:59
We take our first look at extending the AD Infrastructure with another machine. This is a key step in configuration of a home lab.
- Setting up Group Policies11:32
Group Policies is what makes AD so useful. This is commonly the place that is abused from an attacker perspective.
- Cached Credentials02:34
We see how cached credentials can be dangerous.
- What is Kerberos?03:41
We take our first look at Kerberos and see how it works and where it fits into a Red Team's attack vectors.
- Kerberos Realms01:41
We talk about the first section of Kerberos and how Realms are handled by the service.
- The Authentication Server03:32
The next step of Kerberos is the Authentication Server. Understanding this is required for Kerberos.
- The Ticket Granting Server06:48
We take a final look at Kerberos with the TGS. This is what is commonly abused by Ethical Hackers in the real world.
- What is Encryption03:24
We take a look encryption and see how it works and how its used.
- Symmetric Encryption03:39
We take a look Symmetric Encryption and see how it works and how its used.
- Asymmetric Encryption05:02
We take a look Asymmetric Encryption and see how it works and how its used.
- RSA Encryption02:07
We learn about RSA Encryption and where its use cases are.
- AES Encryption01:42
We learn about AES Encryption and where its use cases are.
- What is Hashing?03:06
We take a quick look at what Hashing is and how it is used.
- MD5 Hashing02:34
We see how MD5 works and where its vulnerable as well as its uses cases.
- SHA Hashing04:28
Learning SHA is important. This is a commonly used algorithm for a large amount fo protocols and services!Â
- What is Encoding?02:08
Encoding is used everywhere! We take a look at what it is and how it works!
- Base64 Encoding04:06
Base64 encoding is commonly used in Web Applications. It also has a few uses for Ethical Hackers as well!
- Hex Encoding04:24
Like Base64 this has its used to Ethical Hackers as well. Hex encoding is normally used internally to applications.
- URL Encoding02:53
While exclusively used with Web Browsers URLÂ Encoding is critical to understand when attacking any type of web application.
- What is Compression?03:04
In this video we take a look at what compression is and where it is used.
- Lossless vs Lossy Compression03:08
We look at 2 common type of compression and when they should be used.
- LZ77 & LZ78 Compression Algorithms02:03
Now that we understand the compression types we will look at the 2 common algorithms that are used today.
- Data Manipulation - Hands On01:54
We start with a hands on exercises for different types of data manipulation
- What is Networking?08:16
We take a look at what Networking is and where it is used.
- The OSI Model05:20
The OSI Model is a core concept for troubleshooting and understanding networks.
- TCP/IP09:56
We take our first look at what TCP/IP is and how it is used in networks.
- UDP02:38
Following up TCP/IP we look at the other half at UDP.
- The Switch04:07
We learn what a switch is, where its used and how it works.
- Routers & Gateways06:08
We learn what a Router & Gateway is, where its used and how it works.
- What is a Protocol?01:27
Now that we have a solid understanding on Networking and TCP/IP & UDP. We now look into what a protocol really is.
- ICMP06:00
Take a deep look at ICMP.
- DNS08:12
DNS is not only critical for Networks but very useful for exfiltration to attackers.
- DHCP06:03
DCHP is another core protocol for enterprise networks. Its critical to understand how this works from an attacker perspective.
- ARP04:33
- What is an IDS03:30
IDS's are common in todays infrastructure. It's paramount to understand how theses works and where they are placed.
- What is an IPS04:45
IPS's are common in todays infrastructure. It's paramount to understand how theses works and where they are placed.
- What is HA?04:35
High Availability or HA is one of the most important skills when looking at networks as this can make or break a conversation.
- Proxys03:17
Proxies can make your life as an attacker easier or much more difficult.
- The DMZ02:36
Demilitarized Zones or DMZ can catch Hackers in a tough spot and being able to spot this is critical.
- Quick Talk on Databases04:17
We talk quickly about databases and where they are used.
- What is a VPN02:35
We take a look at VPN's and what they are.
- What is IPSEC?08:32
IPSEC is the core protocol used to handle most VPNs. It is important to understand how this works at the protocol level.
- What is IKE?06:28
IKE is the last phase of a VPN Tunnel. This will complete the video series on VPN Tunnels. In another module we will take this even further.
- What is a Firewall?04:02
We now take a look at what a firewall is and how they work.
- Packet Filtering Firewalls01:17
With different types of firewalls we take a look at Packet Filtering in this video.
- Stateful Inspecting Firewalls02:33
After reviewing Packet Filtering we look at the other type of Stateful Inspection.
- Web Application Firewalls02:00
The other firewalls talked about are all network based. We take a second to look at Web base Firewalls.
- Installing PFSense08:06
We look at practically installing a Enterprise Grade Network Based Firewall in our Virtual Lab.
- The Firewall UI09:30
After the installation we look over the UI and see the features available.
- Configuring a DMZ07:17
After learning about DMZ's we get to see how they are actually implemented and the strategy behind them.
- Configuring a VPN06:38
After learning about VPN's we get to see how they are actually implemented and the strategy behind them.
- Backup & Logging04:39
Backing Up & Logging data is critical for any network device, specifically with firewalls. We go through how to set this up and what the logs look like.
- PFsense Hands On02:11
We take everything to the next level with this hands on exercise.
- What is a Compiler?03:50
We go over what a compiler is and how its used with applications.
- What is a Linker?04:31
We go over what a Linker is and how its used with applications.
- Why Python?03:46
We look at why python is the go to language for Ethical Hackers to build out custom tools.
- Installing Python03:37
A quick overview on how to install Python on your system if it is not already present.
- Hello World06:46
First look at Python and we use the classic Hello World example.
- Variables07:41
Take a look at python variables and how we can store data.
- Type Casting04:56
Sometimes variables are not in the correct formate or type. We look at casting one variable type to another.
- Operators04:41
We look at variable operators and how they are used.
- If/Else13:28
Investigate If and Else statements in Python.
- Loops08:39
Loops are key to any language. We take a look at loops in python.
- The Dictionary09:42
The Dictionary is commonly used in most python scripts. It is useful for holding complex data in easy structures.
- Lists10:20
Just like Dictionaries python lists are some of the most commonly used.
- Tuples04:12
Tuples are not as commonly used but are still a core part of Python.
- Modules06:06
Understanding Modules in Python give you the ability to extend code bases and implement more features.
- Classes11:37
Working with a class based structure can help you build more readable and maintainable code for your team.
- Inheritance14:30
Now that we understand classes another core concept is inheritance.
- Configuration Files05:00
Some python scripts require configuration data such as passwords or settings. Knowing how to implement easy configuration files in your code is key.
- Logging06:50
One paramount concept is logging. Logging helps other identify what happened and where issues arise.
- Error Handling06:58
Similar to Logging, Error Handling is the other half of that concept.
- Sockets11:14
At a Ethical Hacker you will find times where you need to work with service at a low level. Python Sockets allows for us to do that.
- Threading07:03
Learning how to improve script speed and make things more efficient can be done with threads.
- Python Hands On02:32
We now look at building our own security tool to start your professional portfolio!
- Why Assembly?01:50
We look at why Assembly is an important skill for Ethical Hackers and where it is useful.
- Hello World16:04
We take the standard Hello World example and take it to the next level with Assembly.
- Variables06:23
Working with variables in Assembly is different than other languages. Be sure to rewatch the video or ask any questions!
- Saving States10:23
We understand what state is and why we even need to save it.
- Arithmetic20:49
We look at working with numbers and other basic arithmetic in Assembly.
- Loops04:50
We take a look at loops and conditions in Assembly.
- Logic Control10:36
We learn how to perform conditional logic in Assembly.
- Reading Files11:42
We see what really happens behind the scene when attempting to read files.
- Writing Files06:28
Just like Reading File we look at Writing Files in Assembly.
- Op Code06:16
We see what Op Code is and how it is used in the real world.
- Bit Operators03:37
Bit Operators are required when working with Assembly and can be useful when working with exploits.
- Assembly Hands On01:26
We build an application in raw Assembly for your professional portfolio.
- Goal & Scope Identification05:58
We take our first look at building out a Red Team Assessment. This tarts by building the scope and identifying the goal.
- Stability Considerations07:11
When performing Assessments we must always take stability into consideration.
- Briefing Stake Holders02:21
We need to brief stake holders prior to an assessment to ensure there are no issues and we have a sign off.
- Prepping02:58
We look at prepping the Assessment Document that will be used for sign off by the stake holders.
- Scope Identification Hands On02:07
We look at a hand on assignment to build out your own Assessment Plan.
- What is Reconnaissance?03:49
We look at what Reconnaissance is and how hackers use this to investigate targets.
- Installing Kali06:33
We have a quick how to build to installing your own Kali Machine for our virtual lab.
- Passive Recon - Google09:35
We use Google to gain as much information as possible using the Google Hacking Database.
- Passive Recon - Shodan05:20
Shodan provides a very interesting set of results for a target. It may have some useful stuff!
- Passive Recon - Whois06:48
Whois provides us some information about a target IP address that is more standard public information.
- Passive Recon - Netcraft07:18
Similar to Shodan Netcraft keeps an eye on IP's over time and can provide some great insight on a target.
- Passive Recon - Job Posting07:28
Job Posting can provide a lot of information. You can gain information about the infrastructure and technology being used.
- Active Recon - Port Scanning21:46
We take our first stab at Active Recon. We look into Port Scanning and its pit falls.
- Active Recon - DNS08:27
We take a look at DNS and how we can find a bit more useful information and some misconfigurations.
- Active Recon - Nikto06:12
Our first look at testing a web application. We use Nikto to identify common issues and vulnerabilities of web services.
- Active Recon - Dirb04:41
Dirb looks for directories on a web server based on a word list. Knowing how this works under the hood can help you create your own!
- Active Recon - Sparta08:24
Sparta is a unique tool that allows you to go hands off for a bit on the Active Recon and port scanning of a target.
- Active Recon - Working with NC13:11
Netcat is an essential tool to any hacker due to is versatile nature. We look at some examples on getting familiar with this tool.
- Active Recon - Banner Grabbing07:23
Sometimes tools just don't do the job. We look at banner grabbing manually.
- Active Recon - Vulnerability Scanners04:49
We have a quick talk about Vulnerability Scanners and where they are used and why.
- Active Recon - Browsing06:20
Manually browsing a web application can sometimes tell you more than an automated tool.
- Active Recon - Manual vs Automated04:04
Knowing when to manually investigate a target and when to use tools can make or break a hacker.
- Reconnaissance Hands On01:33
We look at a hands on assessment for Recon.
- Finding Exploits10:46
We look at how to find exploits in the wild to actively exploit a target.
- Misconfigurations03:47
We look at what are some common misconfigurations that you will need to look for from a hackers perspective.
- Looking for 0 days04:18
We take a look at how 0 days are found and the process of once you have found them.
- Metasploit - What is Metasploit?08:18
We take our first look at Metasploit and where it is used.
- Metasploit - Exploits and Payloads15:29
We investigate how to find exploits and payloads in Metasploit.
- Metasploit - The Meterpreter13:51
The popular Meterpreter is learned in this video.
- Metasploit - Adding an Exploit to Metasploit10:12
We learn how to add custom exploit to our Metasploit install.
- Metasploit - MSFVenom07:59
We don't always need to build our shell code ourselves. We can use MSFVenon to perform a few tasks.
- Metasploit - Hands On03:00
We look at a hands on assessment for learning Metasploit.
- The OWASP Top 1007:46
We look at the common OWASP Top 10 for web attacks and vulnerabilities.
- SQL Injection & SQLMap30:15
We take a manual approach to SQL injection and then using automated tooling.
- XSS13:25
We take a look at cross site scripting and how we can abuse this.
- Insecure Direct Object Reference05:37
We see how IDOR is abused. The code for the vulnerable application is available for download. The .txt file should be moved to a .php file.
- Local File Inclusion11:29
We see how LFI can be abused to gain full code execution on a remote target.
- Remote File Inclusion08:31
We see how RFI can be abused to gain full code execution on a remote target.
- The Authenticated Unauthenticated Pages05:13
Abusing "Authenticated" pages is a great experience. It is a developer oversight and can happen to internal tools.
- Broken Authentication and Session Management07:47
We quickly talk about Broken Authentication and how easy Session Management is to abuse.
- Faulty Redirects03:41
Faulty Redirects can be useful in a variety of different attacks. We see how we can abuse this here.
- Stabilizing Shells14:04
Not all shells are created equal. Shells can be unstable and we should understand how to correct this issue
- Breaking Out Of The Jail Shell08:42
Some administrators will restrict a user account or provide a jail shell. Understanding how to break out of this correctly is a useful skill for an attacker.
- What is Persistence?02:40
We look at what persistence is, why its important and some tips and tricks on when to perform it.
- Windows Persistence10:18
We put into place multiple different types of persistence on Windows Machines.
- Linux Persistence10:47
We put into place multiple different types of persistence on Linux Machines.
- What is Privilege Escalation?04:23
A quick talk about privilege escalation.
- OS Version10:56
We look at abusing the OS based on an outdated and unpatched version.
- Common Configuration Issues12:12
We take a look at not only Windows but Linux configuration issues.
- File Permissions15:08
We see how to check access control on file permissions.
- MySQL14:32
We abuse MySQL Installs as Root using UDF.
- Sudo09:37
Sometimes elevating privileges does not have to be difficult. Always check what Sudo rights you already have.
- Relative Path Sudo Binary08:19
We look at abusing a really interesting vulnerability with custom applications and their used of relative paths.
- Unquoted Service Path14:31
Windows sees paths a little differently when its not absolute AKA quoted. With unquoted paths Windows does some weird things we can abuse.
- Service Misconfigurations07:46
We look at common service misconfigurations on Windows and how to identify them yourself.
- LinuxPrivChecker07:33
LinuxPrivCheck is a very useful tool when identifying useful information or vulnerabilities on a Linux machine.
- Im Root Now What?02:53
Our attack does not stop just because we gained root or SYSTEM. It is just the beginning.
- Pulling Hashes09:33
We use mimikatz to pull hashes in Windows and Manually pulling them in Linux.
- Pass The Hash04:40
Once we have Windows hashes we can pass them around and due to how Windows does authentication it will accept a hash just like a password.
- SSH Keys05:05
Gaining access to SSH private keys can open a LARGE part of the network and other attack paths that may not have been possible.
- Checking Logs01:58
Checking logs can provide some useful information! Always be sure to check!
- Duel Homed Machines02:00
A duel homed machine can provide you access to another network you may have never seen or have access too!
- Network Traffic07:20
Understanding what network traffic is occurring can help you identify what is available and if anything can be sniffed.
- ARP Poisoning07:08
We manually go over ARP poisoning and see how it works behind the scenes.
- Web Servers02:20
A compromised web server is only the starting point. We can abuse this in so many ways.
- Account Directory Attacks03:53
We take a look at how to use a dictionary attack to gain access to an account that does have any lockout policy.
- Password Spraying05:51
We look at how we can manually perform password spraying.
- SSH Tunneling12:15
SSH tunneling is a complicated technique but can be very effective to an assessment.
- Pivoting13:26
Pivoting allows you to route your attacks across duel homed machines to further expand your reach.
- What is Password Cracking?04:43
We take our first look at what password cracking is and some draw backs.
- John The Ripper05:04
Using John The Ripper we can break not only Linux hashes but Windows as well.
- Hashcat06:34
Hashcat is a GPU based password cracking and provide some unique features that other crackers do not.
- Rainbow Tables05:12
Rainbow Tables is a new and advanced method to password cracking and should be understood.
- Password Cracking Hands On01:22
We have our hands on assessment for password cracking.
- Why Cover Your Tracks?04:24
We see why your should or should not cover your tracks.
- Clearing Windows Logs03:34
A quick look at clearing Windows Logs.
- Clearing Linux Logs06:07
A quick look at clearing Linux Logs.
- Quick Talk on Logging05:01
A quick chat about logging and what implications it has for a Ethical Hacker.
- Clearing Command History08:51
We look at clearing the command history for both Windows and Linux.
- Persistent Backdoors03:27
We learn how to create persistence backdoors with metasploit.
- The Clean Up02:46
The importance of a cleanup after an assessment.
- Covering Your Tracks Hands On00:50
Hands on assessment on covering your tracks.
- The Format14:15
We take a good look at a common report format used in the industry.
- The Audience04:08
You will learn about the types of audiences you will need to deal with when generating reports or presenting.
- Business Risks on Findings05:40
Being able to attack a machine is one thing but speaking to the risk to the business is another.
- Remediation Options03:03
Remediation options are a key part of the report and must be handled correctly.
- Working With The Blue Team02:07
We work with the blue team to provide a full feedback loop.
- Reconnaissance03:18
We take a look around at our new target and identify vulnerabilities.
- Exploitation04:17
Now that we have found a few potential ways in we can exploit them to gain access.
- Post Exploitation03:41
With initial access complete we look into post exploitation options.
- Finding New Access06:48
We can't quite get what we want with out current access. We see what other options we have to us.
- Moving Up In The World!04:33
We take a step in the right direction to gaining more access.
- Getting Domain Admin08:05
We take our final step and move our rights to domain admin and a full compromise of the network.
- The Resume07:59
We take our first look at building out a professional brand with a Resume.
- Professional Email04:51
Along with the resume we should have a professional email.
- Certifications12:25
We take on the debate to see if certifications are worth it or not.
- Personal Brand11:13
We look at personal branding and how you can start building your own for future success.
- Searching for the Job11:40
We take a peak at searching for jobs and how the process really works.
- Analyzing the Job Post22:13
Now that we found a job we are interested in we need to analyze the post to see if we should even apply.
- Applying for the Job04:30
With the job post analyzed we look at the steps to actually apply for the position.
- The Future Company08:37
We have applied for a company! Now you will need to learn a bit about the company. This will help later in determining if you really want to work their and to prep future questions.
- Salary Requirements12:16
The Salary is often a big deciding factor. We look at how to determine the requirements for ourselves.
- The Interview Process - The Screening Call08:00
This is the first real step of the interview process. It's important to get this right.
- The Interview Process - Prepping for the Technical Interviews09:11
We learn how to study and prep for the first technical interview.
- The Interview Process - The Technical Screening Interview10:46
We finally hit the first technical interview. We look at how this works and how to smash it.
- The Interview Process - Prepping for the On Site Final Interview04:31
Once passed the Technical screening we are offered to come onsite! We learn how to prep for this type of interview.
- The Interview Process - The Onsite05:55
Onsite interviews at Silicon Valley Companies can be daunting. We provide some tips and tricks to get through it and pass!
- The Interview Process - The Offer11:10
We take a look at the offer provide and analyze if this is something worth taking or should we negotiate with the company.
- Congratulations!00:21
Congratulations!
JOIN OUR WHATSAPP GROUP TO GET LATEST COUPON AS SOON AS UPDATED
JOIN WHATSAPPJOIN OUR TELEGRAM CHANNEL TO GET LATEST COUPON
JOIN TELEGRAMJOIN OUR FACEBOOK GROUP TO GET LATEST COUPON
JOIN FACEBOOKFree Online Tools And Converters for your use
URL Encoder
Input a string of text or a URL and encode the entered string
Try itURL Decoder
Input an encoded string of text or a URL and decode the entered string
Try itColor Contrast Checker (WCAG)
Calculate the color contrast ration for your website (WCAG)
Try itXML Formatter
Paste or upload an XML and have it formatted to a beautiful XML format
Try itURL Slug Generator
Convert any title or sentence into a variety of slugs for your pages URL
Try itE-Signature
Draw an e-signature or type a signature for your online signature
Try it