Get $1 credit for every $25 spent!

Become an Ethical Hacker Bonus Bundle

Ending In:
Add to Cart - $49
Add to Cart ($49)
$681
92% off
wishlist
(711)
Courses
9
Lessons
340
Enrolled
7,102

What's Included

Video icon Video Overview

Product Details

Access
Lifetime
Content
16 hours
Lessons
89

Ethical Hacking from Beginner to Advanced Techniques

Get Paid to Hack Computer Networks When You Become a Certified Ethical Hacker

By Mohamed Atef | in Online Courses

You hear about it all the time: companies getting hacked, having their websites shut down or their customers' data compromised. When that happens, it's time to call in ethical hackers to break into network systems, evaluate their security, and propose solutions. After this course you'll be well on your way to being one of these hackers, paid generously to hack networks, apps, emails, social media accounts, and more!

  • Access 89 lectures & 16 hours of content 24/7
  • Understand how to bypass different security layers after getting proper approval
  • Learn how to compromise computers, crack passwords, crash systems & compromise applications
  • Run a buffer overflow from scratch
  • Stride towards a career in this fast-growing IT profession
Mohamed Atef is an ICT Consultant, Senior Penetration tester and certified instructor with more than 20 years of experience in professional and academic courses and 2 books published.

  • Certified Information System Security Professional (CISSP) ID #517943
  • Microsoft Certified Trainer (MCT) ID #3022752
  • EC Council Certified Instructor (CEI) ID #ECC51750391761
  • CEH: Certified Ethical Hacking ID #ECC64515022319
  • Certified Cisco System Instructor (CCSI)
  • Microsoft Certified System Engineer (MCSE)
  • Microsoft Certified IT Professional (Windows Server Administration 2008)
  • CompTIA Certified (Network +) ID #
  • CompTIA Certified (Server +)
  • CompTIA Certified (Linux +)
  • CompTIA Certified (Security +)
  • Cisco Certified Network Associate (CCNA)ID #CSCO11273248
  • Cisco Certified Network Professional (CCNP)
  • Project Management Professional (PMP) )ID #1772374

Details & Requirements

  • Length of time users can access this course: lifetime
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Compatibility

  • Internet required

Course Outline

  • Introduction
    • Introduction to Ethical Hacking
  • Setup your lab
    • Install VMWARE Player
    • Install and configure the lab
  • Start to use Linux
    • Linux (19:39)
  • Reconnaissance
    • What is Reconnaissance?
    • What information you should look for?
    • Tools and Technique (4:36)
    • Advanced Resonance technique
  • Scanning
    • What is Scanning?
    • NMAP
    • Advanced technique of scanning
    • Different types of scanning
    • Enumeration
  • Start Hacking
    • Define your Objective
    • Password guessing and cracking
    • Hydra and Xhydra
    • Rambo table technique
    • Advanced Password cracking technique
  • Network Hacking
    • How to Hack a network?
    • Sniffing
    • Man in the Middle attack
    • Cain and Able
    • Ettercap
    • DNS Poising
    • SSL Stip
  • Social Engineering
    • What is Social Engineering?
    • Social Engineering Toolkit
    • Phising - Credential Harvest
    • Advanced Social engineering technique
  • Vulnerability and Exploit
    • What is a Vulnerability and Exploit?
    • Search for Vulnerability and its Exploit
    • Exploit the Vulnerability
    • Metasploit
    • Fast Track
    • Armitage
  • Wireless Hacking
    • Wireless explanation
    • Wireless network infrastructure
    • Warless attacks
    • WEP cracking
    • WPA, WPA2 Cracking
    • Advanced WPA2 Cracking technique using Reaver
  • Buffer Overflow
    • What is Buffer Overflow?
    • How to search for Buffer Overflow?
    • How to Compromise a System through Buffer Overflow ?
    • Debugger
    • EIP, ESP
    • Get Access
    • Compromise the Victim
    • Changing the Payload
    • Another Demonstration
    • Your Mission if you choose to accept it
  • Web Application Hacking
    • What is Web Application Hacking?
    • DVWA (9:09)
    • Hackthissite.org (3:07)
    • What is SQL Injection Attack?
    • SQL Injection Attack 1
    • SQL Injection Attack 2
    • Cross Site Script Attack
    • Advanced web application Attack
    • Major Web Application vulnerabilities
    • Your Mission if you choose to accept it
  • Malicious Code
    • Malicious Code Analysis
    • Types of Malicious Code
    • Discovering Malicious Code
    • File hash
  • Denial of service
    • What is Denial of Service?
    • Denial Service Attacks
    • DOS Attack 1
    • DOS Attack 2
    • Ping of Death
    • DDOS
  • Bypassing Security
    • Bypassing different Security Technique
  • Real Life Scenario
    • Real Life Scenario 1
    • Real Life Scenario 2
    • Real Life Scenario 3
  • Advanced Technique
    • Buffer Overflow 1
    • Buffer Overflow 2
    • Buffer Overflow 3
    • Cryptography (Part1)
    • Cryptography (Part2)
    • Steganography
    • Hash
    • XSS Introduction
    • Reflected XSS
    • Stored XSS
    • Affected website for testing
    • Maltego
    • How to manage penetration testing project

View Full Curriculum


Access
Lifetime
Content
7 hours
Lessons
26

Ethical Hacking for Beginners

Take Your First Step Towards an Exciting & Lucrative Career in Ethical Hacking

By Gokham Okumus | in Online Courses

As the world moves more and more data and communications to the Internet, the demand for ethical hackers and penetration testers is higher than ever. In this demo-heavy, comprehensive course you'll be immersed in the basics of ethical hacking, from installing the preferred penetration testing OS, Kali Linux, to the many varieties of network threats. This is an excellent first step towards a new career in an exciting IT field.

  • Access 26 lectures & 7 hours of content 24/7
  • Exploit security vulnerabilities w/ the Metasploit framework
  • Make, detect & hide Trojans
  • Capture network traffic packages & mine them for data
  • Launch DNS spoof attacks & ARP poisoning attacks
Gökhan Okumus is a System Engineer currently working at the Turkish National Police IT Department. He started his career coding C++, and in high school learned C Sharp programming language. After two years in university he began to learn HTML, PHP, JavaScript and CSS. He has since taken several courses on Computer Networking, Firewall Administration, Windows and Linux server management. His current focus is Cyber Security.

Details & Requirements

  • Length of time users can access this course: lifetime
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: beginner

Compatibility

  • Internet required

Course Outline

  • Introduction
    • 1- Introduction
    • 2- Who should attend this course
  • Kali Linux and Basic Network Information
    • 3- About Kali Linux
    • 4- Installation of Kali Linux
    • 5- Linux Directory Structure
    • 6- Basic Commands in Linux 1
    • 7- Basic Commands in Linux 2
    • 8- Basic Commands in Linux 3
    • 9- Basic Network Information
  • Metasploit
    • 10- What is Metasploit
    • 11- Basic Usage of Metasploit
    • 12- Exploiting a remote machine
    • 13- Post Exploitation 1
    • 14- Post Exploitation 2
    • 15- Client Side Attacks
  • Trojan Usage and Detection Techniques
    • 16- What is a trojan?
    • 17- About Darkcomet RAT
    • 18- Making a trojan file
    • 19- Inspecting our trojan capabilities
    • 20- Detecting trojan file
    • 21- Hiding trojan file
  • Sniffing Network Traffic and Data Mining
    • 22- Sniffing network traffics
    • 23- Analyzing captured packages
    • 24- Arp poisoning
    • 25- Dns Spoof

View Full Curriculum


Access
Lifetime
Content
2 hours
Lessons
21

WebSecNinja: Lesser Known WebAttacks

Master Web Security by Learning the Lesser Known Methods Hackers Use to Disrupt Networks

By Open Security | in Online Courses

As the Internet grows, threats to users are becoming more complex and difficult to beat. For established and aspiring network security specialists, it's essential to stay ahead of the security threat curve. In this course, you'll be introduced to a series of lesser known web attacks and you'll be given a crash course in how to prevent them. This is an outstanding course for professionals looking to broaden their knowledge of their field, as well as beginners interested in web security.

  • Access 21 lectures & 2 hours of content 24/7
  • Learn about web attacks & techniques that are uncommonly documented in books & courses
  • Use accompanied demos & how-to's to learn how to ward off unusual threats
  • Discover basic hijacking & attack techniques like JSON & Blind RCE Injection
  • Understand lesser known XSS variants, Reflected File Download Theory & more
  • Recognize & prevent SSI Injection & Server Side Request Forgery
Ajin Abraham is an Application Security Engineer by profession having 5+ years of experience in Application Security including 2 years of Security Research. He is passionate on developing new and unique security tools than depending on pre existing tools that never work. Some of his contributions to Hacker's arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Xenotix xBOT, MalBoxie, Firefox Add-on Exploit Suite, Static DOM XSS Scanner, NodeJsScan etc to name a few. He has been invited to speak at multiple security conferences including ClubHack, NULLCON, OWASP AppSec AsiaPac, BlackHat Europe, Hackmiami, Confidence, BlackHat US, BlackHat Asia, ToorCon, Ground Zero Summit, Hack In the Box and c0c0n.

Details & Requirements

  • Length of time users can access this course: lifetime
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Compatibility

  • Internet required

Course Outline

  • Introduction to the Course
    • Introduction
  • RCE ATTACKS AND TECHNIQUES
    • Remote Command or OS Command Injection Basics
    • Blind RCE Injection
    • RCE Techniques and Cheat Sheet
    • Bypassing RCE Filter
  • JSON HIJACKING
    • JSON Hijacking Basics
    • JSON Hijacking Demo
  • LESSER KNOWN XSS VARIANTS
    • mXSS or mutation XSS
    • rPO XSS or Relative Path Overwrite XSS
  • SERVER SIDE INCLUDES INJECTION (SSI INJECTION)
    • Server Side Includes Injection Basics
    • Server Side Includes Injection Demo
  • SERVER SIDE REQUEST FORGERY (SSRF)
    • Server Side Request Forgery Basics
    • Exploiting an SSRF Vulnerability
  • REFLECTED FILE DOWNLOAD (RFD)
    • Reflected File Download (RFD) Theory
    • RFD Attack Explained (12:00)
  • ABUSING WINDOW.OPENER PROPERTY
    • Abusing JavaScript's window.opener property Theory
    • Phishing by abusing window.opener property
  • SAME ORIGIN METHOD EXECUTION (SOME)
    • Same Origin Method Execution Introduction
    • Same Origin Policy (SOP)
    • SOME Attack with Flash Callback explained
    • SOME Attack with Flash Callback Demo
  • COURSE MATERIALS
    • Course Slides
    • Source Code

View Full Curriculum


Access
Lifetime
Content
1 hours
Lessons
22

Automated Mobile Application Security Assessment with MobSF

Develop the Advanced Skills You Need to Enter the Exciting (And Lucrative) World of Mobile Security

By OpenSecurity | in Online Courses

Smartphones can be extremely vulnerable to web attacks, and the mobile security industry has grown exponentially as a result. With frequent app releases and updates, it can be very difficult to maintain a mobile app testing environment. In this course, you'll learn how to configure an extendable, scalable web framework called the Mobile Security Framework to perform automated security analyses of mobile apps. This is the course to put you on track for a high-paying career in mobile security.

  • Access 22 lectures & 1 hours of content 24/7
  • Learn how to perform automated security analyses for Android & iOS
  • Understand real world use cases for the Mobile Security Framework like Android Malware
  • Deploy the Mobile Security Framework in your own environment so you have complete control of the data
  • Discover the Semi-automatic Dynamic Analyzer for intelligent app logic-based security assessments
Ajin Abraham is an Application Security Engineer by profession having 5+ years of experience in Application Security including 2 years of Security Research. He is passionate on developing new and unique security tools than depending on pre existing tools that never work. Some of his contributions to Hacker's arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Xenotix xBOT, MalBoxie, Firefox Add-on Exploit Suite, Static DOM XSS Scanner, NodeJsScan etc to name a few.

He has been invited to speak at multiple security conferences including ClubHack, NULLCON, OWASP AppSec AsiaPac, BlackHat Europe, Hackmiami, Confidence, BlackHat US, BlackHat Asia, ToorCon, Ground Zero Summit, Hack In the Box and c0c0n.

Details & Requirements

  • Length of time users can access this course: lifetime
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Compatibility

  • Internet required

Course Outline

  • Introduction to Mobile Security Framework - MobSF
    • Introduction
    • Getting Mobile Security Framework
    • What makes Mobile Security Framework Unique
    • Basic Requirements to Run MobSF
  • Performing Static Analysis with MobSF
    • Overview: Static Analysis
    • Configuring MobSF for Static Analysis
    • Static Analysis in Android Binaries and Source Code
    • Performing Static Analysis on Android Binaries
    • Performing Static Analysis on Android Source Code
    • Static Analysis in iOS Binaries and Source Code
    • Performing Static Analysis on iOS Binaries
    • Performing Static Analysis on iOS Source Code
  • Performing Dynamic Analysis with MobSF
    • Overview: Dynamic Analyzer
    • Dynamic Analysis in Android Binaries
    • Configuring MobSF for Dynamic Analysis of Android Binaries
    • Performing Dynamic Analysis of Android Binaries with MobSF
  • Case Studies
    • Android Malware Analysis
    • AppLock MITM Password Reset Vulnerability
    • Exploiting AppLock Vulnerability
    • Bypassing Pin in Whisper Android Application
    • Exploiting Whisper App Vulnerability
  • Slides
    • Course Slides

View Full Curriculum


Access
Lifetime
Content
17 hours
Lessons
55

Learn The Basics of Ethical Hacking & Penetration Testing

Make Strides Towards a Career in the Exhilarating Field of Network Security

By Mohamed Ramadan | in Online Courses

Computer and network security is one of the fastest growing and most important sectors of technology, meaning companies will pay big bucks for ethical hackers. This is the perfect course for leaping into this lucrative career as you'll learn how to use ethical hacking to reveal potential vulnerabilities in information systems. By the end of this course you'll be well versed in the IT skills you need to be a network security pro.

  • Access 55 lectures & 17 hours of content 24/7
  • Learn how to gather information intelligence & find web application and system security vulnerabilities
  • Scan using Nmap to bypass IDS protected targets & understand how to hack clients using modern web browsers
  • Understand how to exploit Windows & Linux systems
  • Develop Windows Exploits to test information systems
  • Find & exploit web application vulnerabilities
  • Learn how to find open ports in your target & gather information about them
Mohamed Ramadan is a Security Ninja with over 7 Years experience in Ethical Hacking, Penetration Testing, Malware Reverse Engineering, Forensics, Securing Websites and Servers. He is a featured guest in many popular TV Shows and in many popular news websites. He Found and Reported Many Security Vulnerabilities in Google, Facebook, Twitter, Microsoft, Nokia, Adobe, Apple, AT&T, RedHat, SoundCloud, GitHub, Etsy, Nokia Siemens, Zynga and Constant Contact.

Honors & Awards:

  • Listed in Facebook WhiteHats ( 2014 )
  • Listed in Facebook WhiteHats ( 2013 )
  • Listed in Facebook WhiteHats ( 2012 )
  • Listed in Twitter Top Hackers
  • Listed in Microsoft WhiteHats
  • Listed in Google Wall of Fame ( Reward Recipients )
  • Listed in Google Hall of Fame ( Honorable Mention )
  • Listed in Adobe Security Acknowledgments
  • Listed in Apple Responsible Disclosure
  • Listed in Etsy Responsible Disclosure
  • Listed in RedHat Vulnerability Acknowledgements
  • Listed in Nokia Siemens Networks Hall of fame as a Prime Reporter!
  • Listed in AT&T Hall of Fame
  • Listed in GitHub White Hat
  • Listed in Zynga WHITEHATS
  • Listed in SoundCloud Responsible Disclosure
  • Listed in Constant Contact Responsible Disclosure
  • Listed in Soldierx Hacker Database

Details & Requirements

  • Length of time users can access this course:
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: beginner

Compatibility

  • Internet required

Course Outline

  • Solid Introduction to Ethical Hacking and Penetration Testing
    • Introduction to Penetration Testing
  • Real World Information Intelligence Techniques
    • Introduction to Information Intelligence Techniques
    • organizing information during a penetration test
    • locally copying company websites
    • generate a targeted wordlist for password cracking
    • Footprinting External Networks
    • IP Address Geolocation
    • WAF and Load Balancers Detection
    • Google Search Techniques for penetration testers
    • Other search engines for penetration testers
    • Enumerating Internal Network From Outside
    • ShodanHQ for fun and profit
    • WhatWeb,HttpRecon and SSL SCAN
    • Whois and other websites
    • newsgroups and list-servers
    • finding subdomains, exif data and robots
    • information intelligence with Maltego
    • the power of social media websites
    • harvesting a company emails
    • online job listing
    • DNS Enumerating
    • Enumerating Mail Server
    • Intel Gathering Methodology
  • Scanning and vulnerability Assessment
    • Packet Crafting and Manipulating with Scapy
    • port scanning with scapy
    • Network Enumeration and Mapping
    • Network scanning techniques
    • Vulnerability Identification and Assessment techniques
    • Evasion and avoidance Techniques
  • Network Attacking Techniques
    • Password cracking, MITM, Sniffing SSL and RDP Attacks
  • Windows and Linux Attacking Techniques
    • Windows Security Overview for Penetration Testers
    • Unix Security Overview for Penetration Testers
    • Attacking Windows
    • Attacking Unix
  • Windows and Linux Post-Exploitation Techniques
    • Tactical Post-Exploitation Techniques (Windows)
    • Tactical Post-Exploitation Techniques (Unix)
    • data mining
  • Web Exploitation Techniques
    • Web Application Primer
    • Web Application Scanning and Mapping
    • Exploiting SQL Injection (MYSQL) to Full System Access
    • Exploiting SQL Injection (MSSQL) to Full System Access
    • Exploiting Blind SQL Injection (MYSQL) to Full System Access
    • Exploiting Blind SQL Injection (MSSQL) to Full System Access
    • Exploiting RFI, Local File include, File Uploads and RCE
    • Exploiting XSS ( Reflected and Stored ) and CSRF to Full System Access
  • Windows Exploit Development
    • Using Immunity Debugger and Metasploit to develop a windows exploit

View Full Curriculum


Access
Lifetime
Content
6 hours
Lessons
32

Build an Advanced Keylogger Using C++ for Ethical Hacking

Add a Powerful Tool to Your Ethical Hacking Repertoire by Building an Advanced Keylogger

By Ermin Kreponic | in Online Courses

Keylogging is the action of recording keys struck on a keyboard and mouse clicks so that the user is unaware that their actions are being monitored. It's an advanced, and extremely useful tool for ethical hackers to analyze how people are using a network or system to determine security threats. In this course, you'll learn how to code at an advanced level in C++ to build a keylogger from scratch, adding a powerful weapon to your ethical hacking arsenal.

  • Access 32 lectures & 6 hours of content 24/7
  • Record any physical keyboard key & mouse click from a simple, central program
  • Use an arbitrary keymap to translate machine keys
  • Schedule logfiles to be automatically sent to an e-mail of your choosing
  • Dive into complex C++ concepts like the Chrono library
Ermin Kreponic is a strongly motivated young IT expert, Linux enthusiast with a passion for troubleshooting network related problems. He has an exceptional eye for details and a sense of urgency when it comes down to problem solving.

Jerry Banfield has a Masters degree from the University of South Florida in May 2014, was certified as a state law enforcement officer in South Carolina in 2007, and has a bachelors degree earned from the University of South Carolina in May 2006.

Details & Requirements

  • Length of time users can access this course: lifetime
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: intermediate, previous knowledge of C++ is highly recommended

Compatibility

  • Internet required

Course Outline

  • Introduction
    • Introduction
  • Setting up the development environment
    • Set Up part 1
    • Set Up part 2
  • How to hide the keylogger window and prevent it from popping
    • How to hide the console window
  • Mapping physical keys to human friendly names
    • KeyConstants part 1
    • KeyConstants part 2
  • Creating auxiliary general purpose functions
    • Helper Header part 1
    • Helper Header part 2
    • Helper Header part 3
  • Writing the code for custom Encryption
    • Encryption part 1
    • Encryption part 2
    • Encryption part 3
  • Handling Input Output I/O
    • IO Header part 1
    • IO Header part 2
  • Dealing with time intervals ( Timer header )
    • Timer Header Intro
    • Timer Header part 1
    • Timer Header part 2
    • Timer Header part 3
  • Implementing the Send Mail option
    • SendMail intro
    • SendMail PowerShell Script part 1
    • SendMail PowerShell Script part 2
    • SendMail part 3
    • SendMail part 4
    • SendMail part 5
    • SendMail part 6
  • Setting up Hooks to capture pressed keys on the keyboard and mouse as well
    • KeyboardHook part 1
    • KeyboardHook part 2
    • KeyboardHook part 3
  • Setting it all up in Main
    • Main Function
  • Let us see how it works!
    • Demo

View Full Curriculum


Access
Lifetime
Content
4 hours
Lessons
57

Linux Security & Hardening: The Practical Security Guide

Broaden Your Ethical Hacking Skills While Learning Linux-Specific System Security

By Linux Training Academy | in Online Courses

Linux system security is an absolute necessity for companies across many industries, and capable penetration testers are an equally important asset. Being able to tighten up security across Linux systems will put you in major demand in IT circles and make finding ethical hacking work much easier. By the end of this course, you'll be proficient in protecting any Linux system and have the tools you need to start on a new and exciting career path!

  • Access 57 lectures & 4 hours of content 24/7
  • Learn how to protect Linux systems from hackers
  • Enforce strong password policies & control passwords
  • Discover SSH Hardening practices
  • Understand port scanning & network service detection
  • Protect the superuser account
  • Share accounts securely w/ an audit trail
  • Learn valuable methods of file system security & encryption
Jason Cannon is a professional system administrator, consultant, and author. Jason started his career as a Unix and Linux System Engineer in 1999. Since that time he has utilized his Linux skills at companies such as Xerox, UPS, Hewlett-Packard, and Amazon.com. Additionally, he has acted as a technical consultant and independent contractor for small businesses and Fortune 500 companies. Jason has professional experience with CentOS, RedHat Enterprise Linux, SUSE Linux Enterprise Server, and Ubuntu. He has used several Linux distributions on personal projects including Debian, Slackware, CrunchBang, and others. In addition to Linux, Jason has experience supporting proprietary Unix operating systems including AIX, HP-UX, and Solaris. He enjoys teaching others how to use and exploit the power of the Linux operating system. He is also the author of the books “Linux for Beginners” and “Command Line Kung Fu.”

Details & Requirements

  • Length of time users can access this course: lifetime
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Compatibility

  • Internet required

Course Outline

  • Course Overview and Downloads
    • Course Overview
    • Course Downloads
  • General Security
    • Section Overview
    • Is Linux Secure
    • What Makes Linux Secure
    • Security Principles and Guidelines
    • Section Summary
    • Quiz 1
  • Physical Security
    • Section Overview
    • Physical Security Concepts
    • Single User Mode Security
    • Single User Mode and Blank Passwords
    • Securing the Boot Loader
    • Disk Encryption
    • Encrypting a New Device, Part I
    • Encrypting a New Device, Part II
    • Encrypting an Existing Device
    • Disabling Control Alt Delete
    • Section Summary
    • Quiz 2
  • Account Security
    • Section Overview
    • Intro to PAM
    • PAM Configuration Example
    • Password Security
    • Account Security Demo #1 (UID 0)
    • Controlling Account Access
    • Security by Account Type
    • Account Security Demo #2
    • Account Security Demo #3 (Sudo)
    • Quiz 3
  • Network Security
    • Section Overview
    • Network Security, Part I
    • Network Security, Part II
    • Securing SSHD, Part I
    • Securing SSHD, Part II
    • Linux Firewall Fundamentals
    • Configuring the Firewall from the Command Line
    • Firewall Rule Specifications
    • Example Firewall Rules
    • Network Security Firewall Demonstration #1
    • Quiz 4
    • TCP Wrappers, Part I
    • TCP Wrappers, Part II
    • Quiz 5
  • File System Security
    • Section Overview (1:02)
    • File and Directory Permissions, Intro
    • File and Directory Permissions, Part I
    • File and Directory Permissions, Part II
    • Special Modes, Part I
    • Special Modes, Part II
    • File Attributes
    • File Attributes Demo
    • ACLS
    • ACLS Demo
    • Rootkits
    • Rootkit Hunter Demonstration
    • Rootkit Detection Software
  • Additional Security Resources
    • Additional Security Resources
    • Linux Hardening Guides
    • Linux Security Email Lists
    • Security Meetups List
    • Security Conference Videos

View Full Curriculum


Access
Lifetime
Content
2 hours
Lessons
16

Cross Site Scripting (XSS) Attacks for Pentesters

Prevent This Common Security Vulnerability from Wreaking Havoc on Your Web App

By OpenSecurity | in Online Courses

Finish up your pentesting journey by learning about Cross Site Scripting, or XSS. It's a computer security vulnerability that enables attackers to inject malicious script into Web apps to steal data and violate user privacy. You'll learn the theory behind how XSS functions, then practical XSS mitigation techniques you can apply to guard against attacks like keylogging, phishing, reverse TCP shell attacks, and much more.

  • Understand what XSS is & why it's important to address this common security vulnerability w/ 16 lectures & 2 hours of content
  • Learn about different types of XSS: Reflected, Stored, DOM & more
  • Comprehend the different sources from which XSS originates
  • Understand the different contexts in XSS: HTML, attribute, etc.
  • Exploit XSS w/ the OWASP Xenotix XSS Exploit Framework
  • Master how to implement XSS protection
Ajin Abraham is an Application Security Engineer with 5+ years of experience, including 2 years of Security Research. He is passionate about developing new, unique security tools instead of using existing, potentially unreliable tools available today. Some of his hacking contributions include the OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), and Xenotix xBOT. He has also been invited to speak at notable security conferences, including ClubHack, NULLCON, OWASP AppSec AsiaPac, BlackHat Europe, and more.

Details & Requirements

  • Length of time users can access this course: lifetime access
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: all levels

Compatibility

  • Internet required

Course Outline

  • Introduction
    • Introduction to Cross Site Scripting (XSS) Attacks for Pentesters
    • What, Why and Types of XSS
  • Types of XSS
    • Reflected XSS or Non-Persistent XSS
    • Stored XSS or Persistent XSS
    • DOM XSS
    • mXSS or Mutation XSS
    • RPO or Relative Path Overwrite XSS
  • Source of XSS
    • What are the different Sources of XSS?
  • Different Contexts in XSS
    • HTML Context
    • Attribute Context
    • URL Context
    • Style Context
    • Script Context
  • XSS Attacks in Realworld
    • Exploiting XSS with OWASP Xenotix XSS Exploit Framework
  • XSS Protection
    • XSS Protection
    • XSS Protection Cheatsheet

View Full Curriculum


Access
Lifetime
Content
5.5 hours
Lessons
22

How to Build a $120,000/Year Career as a Web Penetration Tester

Pinpoint Network Vulnerabilities in Order to Prevent Attacks by Hackers

By IT University | in Online Courses

If you're looking to build a career in security, there's no better place to focus your efforts than penetration testing. By understanding the vulnerabilities and dangers presented by your network's structure, you'll learn how to remedy these gaps and save your company from major security breeches.

  • Master ethical hacking techniques used in penetration systems w/ 22 lectures & 5.5 hours of content
  • Learn the basic methods for penetration testing of a web application
  • Go step-by-step through the entire penetration testing process
  • Control remote servers
  • Practice finding vulnerabilities in apps
  • Learn to gain information on potential targets
  • Study various attack types: authentication, session management, access controls, data stores, etc.
Gabriel Avramescu is a Senior Information Security Consultant and IT Trainer. He works on an Internet security team focused on ethical hacking - deliberately and purposefully challenging the IT security assumptions, strategies, and methods of protecting vital assets and information by emulating an adversary.

Details & Requirements

  • Length of time users can access this course: lifetime
  • Access options: web streaming, mobile streaming
  • Certification of completion not included
  • Redemption deadline: redeem your code within 30 days of purchase
  • Experience level required: beginner, but some basic IT skills and knowledge of Linux and/or Windows is suggested

Compatibility

  • Internet required

Course Outline

  • Why Web Security?
    • Introduction
    • Core Problems - Why Web Security
    • Web Technologies
    • Preparing the Lab Environment
  • Mapping the Web Application. User and Password Brute-Forcing
    • What Web Application Mapping Means
    • Usernames and Passwords Brute-Forcing using Burp
    • Spider and Analyze a Website using Burp
    • Brute-frocing Web Resources using Dirb and Dirbuster
  • Attacking Authentication and Session Management - Session Hijacking
    • Theoretical Overview of Attacking Authentication and Session Management
    • Session Hijacking trough Man In The Middle Attack
    • Intercept and access traffic over HTTPS. Get Facebook or Gmail Passwords
  • Access controls. Data stores and Client-side Controls
    • Theoretical Approach of Attacking Access Controls
    • SQL injection
    • Exploiting SQLi using Sqlmap and Getting Remote Shell
    • Upload and Remote File Execution
  • Attacking the Server and Application Logic
    • Attacking the server: OS Command injection, Path Traversal and Mail Injection
    • Attacking Application Logic
  • (XSS) Cross Site Scripting. Attacking the Users
    • Cross Site Scripting Theory. Attacking Users
    • Reflected XSS – Session Hijacking using Cross Site Scripting
    • Stored or Persistent Cross Site Scripting
    • Cross-site Request Forgery (CSRF)
  • Guideline for Discovering and Improving Application Security
    • Guideline for Discovering and Improving Application Security

View Full Curriculum



Terms

  • Instant digital redemption

15-Day Satisfaction Guarantee

We want you to be happy with every course you purchase! If you're unsatisfied for any reason, we will issue a refund within 15 days of purchase.