دوره جامع آموزش هک اخلاقی – Learn Ethical Hacking From Scratch محصول شرکت Udemy با بیش از 130 ویدئو، در ابتدا با نحوه راه اندازی یک لابلاتوار تست نفوذ آشنا می شوید، در ادامه با مباحث هک و امنیت و هک WIFI، کشف آسیب پذیری و بهره برداری از سرور ها، بررسی هک سیستم های امن با استفاده از حملات مهندسی اجتماعی، آشنایی با ابزار هک مانند Metasploit، Aircrack-ng، SQLmap و غیره، نحوه نصب کالی لینوکس، آشنایی با ARP Spoofing/ARP Poisoning ، Backdoor ها و …. آشنا می شوید.
لینک دانلود ویدئو آموزش هکر اخلاقی Learn Ethical Hacking From Scratch
حجم : 8.91 گيگابايت
رمز فايل: technet24.ir
Exploiting a Code Execution Vulnerability
This course includes
Last updated: 7/2019
Created by: Zaid Sabih, z Security
Video: 14.5 hours on-demand
What you’ll learn
130+ ethical hacking & security videos
Start from scratch up to a high-intermediate level
Learn what is ethical hacking, its fields and the different types of hackers
Install hacking lab & needed software (works on Windows, OS X and Linux)
Hack & secure both WiFi & wired networks
Discover vulnerabilities & exploit them hack into servers
Hack secure systems using client-side and social engineering attacks
Use 30+ hacking tools such as Metasploit, Aircrack-ng, SQLmap…..etc
Understand how websites work, how to discover and exploit web application vulnerabilities to gain full control over websites
Secure systems from all the attacks shown
Install Kali Linux – a penetration testing operating system
Install windows & vulnerable operating systems as virtual machines for testing
Learn linux basics
Learn linux commands and how to interact with the terminal
Learn Network Penetration Testing
Network basics & how devices interact inside a network
A number of practical attacks that can be used without knowing the key to the target network
Control connections of clients around you without knowing the password.
Create a fake Wi-Fi network with internet connection & spy on clients
Gather detailed information about clients and networks like their OS, opened ports …etc.
Crack WEP/WPA/WPA2 encryptions using a number of methods.
ARP Spoofing/ARP Poisoning
Launch Various Man In The Middle attacks.
Gain access to any account accessed by any client in your network.
Sniff packets from clients and analyse them to extract important info such as: passwords, cookies, urls, videos, images ..etc.
Discover open ports, installed services and vulnerabilities on computer systems
Gain control over computer systems using server side attacks
Exploit buffer over flows and code execution vulnerabilities to gain control over systems
Gain control over computer systems using client side attacks
Gain control over computer systems using fake updates
Gain control over computer systems by backdooring downloads on the fly
Create undetectable backdoors
Backdoor normal programs
Backdoor any file type such as pictures, pdf’s …etc.
Gather information about people, such as emails, social media accounts, emails and friends
Use social engineering to gain full control over target systems
Send emails from ANY email account without knowing the password for that account
Read, write download, upload and execute files on compromised systems
Capture keystrokes on a compromised system
Use a compromised computer as a pivot to gain access to other computers on the same network
Understand how websites & web applications work
Understand how browsers communicate with websites
Gather sensitive information about websites
Discover servers, technologies and services used on target website
Discover emails and sensitive data associated with a specific website
Find all subdomains associated with a website
Discover unpublished directories and files associated with a target website
Find all websites hosted on the same server as the target website
Exploit file upload vulnerabilities & gain full control over the target website
Discover, exploit and fix code execution vulnerabilities
Discover, exploit & fix local file inclusion vulnerabilities
Discover, fix, and exploit SQL injection vulnerabilities
Bypass login forms and login as admin using SQL injections
Writing SQL queries to find databases, tables and sensitive data such as usernames and passwords using SQL injections
Read / Write files to the server using SQL injections
Learn the right way to write SQL queries to prevent SQL injections
Discover reflected XSS vulnerabilities
Discover Stored XSS vulnerabilities
Hook victims to BeEF using XSS vulnerabilities
Fix XSS vulnerabilities & protect yourself from them as a user
Basic IT Skills
No Linux, programming or hacking knowledge required.
Computer with a minimum of 4GB ram/memory
Operating System: Windows / OS X / Linux
For WiFi cracking (10 lectures ONLY) – Wireless adapter that supports monitor mode (more info provided in the course).
Welcome this comprehensive course on Ethical Hacking! This course assumes you have NO prior knowledge in hacking and by the end of it you’ll be able to hack systems like black-hat hackers and secure them like security experts!
This course is highly practical but it won’t neglect the theory, so we’ll start with ethical hacking basics and the different fields in penetration testing, installing the needed software (works on Windows, Linux and Mac OS X) and then we’ll dive and start hacking systems straight away. From here onwards you’ll learn everything by example, by analysing and exploiting computer systems such as networks, servers, clients, websites …..etc, so we’ll never have any boring dry theoretical lectures.
The course is divided into a number of sections, each section covers a penetration testing / hacking field, in each of these sections you’ll first learn how the target system works, the weaknesses of this system, and how to practically exploit theses weaknesses and hack into it, not only that but you’ll also learn how to secure this system from the discussed attacks. This course will take you from a beginner to a more advanced level by the time you finish, you will have knowledge about most penetration testing fields.
The course is divided into four main sections:
1. Network Hacking – This section will teach you how to test the security of networks, both wired and wireless. First, you will learn some basic network terminology, how networks work, and how devices communicate with each other. Then it will branch into three sub sections:
Pre-connection attacks: in this subsection you’ll learn what can you do before even connecting to a network, and even before having internet access; you’ll start by learning how to gather information about the networks around you, discover the devices connected to them, and how to control connections around you (ie: deny/allow devices from connecting to networks) even without knowing the password of the target network.
Gaining Access: Now that you gathered information about the networks around you, in this subsection you will learn how to crack the key and get the password to your target network weather it uses WEP, WPA or even WPA2.
Post Connection attacks: Now that you have the key, you can connect to the target network, in this subsection you will learn a number of powerful techniques that allow you to gather comprehensive information about the connected devices, see anything they do on the internet (such as login information, passwords, visited urls, images, videos ….etc), redirect requests, inject evil code in loaded pages and much more! All the attacks here work against both wireless and wired networks. You will also learn how to create a fake WiFi network, attract users to connect to it and use all of the above techniques against the connected clients.
2. Gaining Access – In this section you will learn two main approaches to gain full control or hack computer systems:
Server Side Attacks: In this subsection you will learn how to gain full access to computer systems without the need for user interaction. You will learn how to gather useful information about a target computer system such as its operating system, open ports, installed services, then you’ll learn how to use this information to discover weaknesses and vulnerabilities and exploit them to gain full control over the target. Finally you will learn how to generate different types of reports for your discoveries.
Client Side Attacks – If the target system does not contain any weaknesses then the only way to gain access to it is by interacting with the users, in this subsection you’ll learn how to get the target user to install a backdoor on their system without even realising, this is done by hijacking updates or backdoornig downloadeds on the fly. Not only that but you’ll also learn how to create trojans by backdooring normal files (such as an image or a pdf) and use social engineering to deliver this trojan to the target, to do this you’ll learn how to spoof emails so they appear as if they’re sent from the target’s friend, boss or any email account they’re likely to interact with.
3. Post Exploitation – In this section you will learn how to interact with the systems you compromised so far. You’ll learn how to access the file system (read/write/upload/execute), maintain your access, spy on the target and even use the target computer as a pivot to hack other computer systems.
4. Website / Web Application Hacking – In this section you will learn how websites work, how to gather information about a target website (such as website owner, server location, used technologies ….etc) and how to discover and exploit the following dangerous vulnerabilities to hack into websites:
Local File Inclusion.
Remote File Inclusion.
Cross Site Scripting (XSS).
At the end of each section you will learn how to detect, prevent and secure your system and yourself from the discussed attacks.
All the techniques in this course are practical and work against real systems, you’ll understand the whole mechanism of each technique first, then you’ll learn how to use it to hack into the target system, so by the end of the course you’ll be able to modify the these techniques to launch more powerful attacks, and adopt them to different situations and different scenarios.
With this course you’ll get 24/7 support, so if you have any questions you can post them in the Q&A section and we’ll respond to you within 15 hours.
NOTE: This course is created for educational purposes only and all the attacks are launched in my own lab or against devices that I have permission to test.
NOTE: This course is totally a product of Zaid Sabih and no other organisation is associated with it or a certification exam. Although, you will receive a Course Completion Certification from Udemy, apart from that NO OTHER ORGANISATION IS INVOLVED.
Who this course is for:
Anybody who is interested in learning ethical hacking / penetration testing
Anybody who wants to learn how hackers hack computer systems
Anybody who wants to learn how to secure their systems from hackers