Course curriculum

  • 01

    Section 1: 0x00 Syllabus

    • 1. Syllabus

  • 02

    Section 2: 0x01 Introduction

    • 2. introduction

    • 3. intro video

    • 4. What is "Ethical" hacking"

    • 5. How to engage a target

    • 6. How to engage a target

    • 7. @Ch1R0n1n: What it means to be an Ethical Hacker.pdf

    • 8. @Ch1R0n1n: What it means to be an Ethical Hacker.pptx

    • Assignment 1: Assignment: Describe the deliverables of a pentest in your own words

    • Quiz 1: How ethical are you?

    • 10. Assignment: Let's fuzz hackxpert.com

  • 03

    Section 3: 0x02 Networking And Web Application Basics

    • 11. Web fundamentals Video

    • 12. Web Fundamentals

    • 13. Networking fundamentals

    • 14. Assignment: Networking

    • 15. Transferring files

    • Assignment 2: Realistic assignment: Fuzz our pentesting assignement

    • 16. Downloading files

    • 17. Fuzzing

    • Quiz 2: 00x02 Fundamentals

  • 04

    Section 4: 0x03 Tools

    • 18. Assignment: Using OWASP ZAP

    • 19. Linux CLI

    • 20. Netcat

    • 21. Netcat In depth Article

    • 22. Owasp ZAP

    • 23. DNS in depth

    • 24. DNS

    • Quiz 3: Quiz: 00x03 tools

    • 25. Assignment: 00x03 DNS

    • Quiz 4: Quiz:00x03 DNS

  • 05

    Section 5: 0x04 Passive Information Gathering

    • 26. Passive information gathering

    • 27. Passive information gathering

    • Quiz 5: Quiz: 00x04 Passive information gathering

  • 06

    Section 6: 0x05 Getting a Foothold

    • 28. Getting a foothold

    • 29. Directory Busting Video Part

    • 30. Directory Busting PPTX

    • 31. Directory Brute forcing by Uncle rat PDF

    • 32. Working with Exploits

    • 33. Working with Exploits.pptx

    • 34. SMB enum

    • 35. SMB Enumeration

    • 36. SMB Enumeration slides

    • 37. SNMP enum

    • 38. NFS enum

    • 39. Telnet enum

    • 40. SSH enum

    • 41. FTP Enum

    • 42. FTP Enum

    • 43. FTP Enumeration

    • Start Assignment 3: Assignment: - Foothold

    • Quiz 6: Quiz: 0x05 Enum

  • 07

    Section 7: 0x06 Privileged Escalation

    • 44. Linux priv-esc

    • 45. Linux priv esc PPTX

    • 46. Linux priv esc Article

    • 47. Linux priv esc Ex 1

    • 48. Linux priv esc Ex 2

    • 49. Windows Priv Esc

    • 50. Windows priv esc Article

    • Quiz 7: Quiz: Privilege escalation [Linux]

    • Assignment 4: Assignment: Linux priv esc

  • 08

    Section 8: 0x07 Vulnerability Scanning

    • 51. Vulnerability scanning

    • 52. Nmap NSE

    • 53. OpenVas

    • 54. Vulnerability scanning 02

  • 09

    Section 9: 0x08 Buffer Overflows

    • 55. Buffer overflows Walkthrough

    • 56. Buffer Overflows PPTX

  • 10

    Section 10: 0x09 Burp Suite (Large Section)

    • 57. Intro

    • 58. Dashboard + live and passive scans

    • 59. Target tab

    • 60. Proxy tab

    • 61. Intruder

    • 62. Repeater.

    • 63. Sequencer

    • 64. Decoder.

    • 65. Comparer

    • 66. 10 Market place (Plugins)

    • 67. Burp Suite Extender

    • 68. Burp collaborator

    • 69. Burp Authorize

    • 70. Burp Match and replace

    • 71. Burp Suite Content discovery

    • 72. Burp suite Top 5 Proffesional extensions

    • 73. Testing mobile applications with burp suite

    • 74. Burp suite How to use burp to look for SQLi

    • Quiz 8: Quiz : Burpsuite

  • 11

    Section 11: 0x10 -00 Introduction to JWT Hacking

    • 75. JWT hacking

    • 76. Lab: JWT hacking

  • 12

    Section 12: 00x10-01 Open Redirect

    • 77. Open redirects: what are they and what is the impact?

    • 78. Open redirects

    • 79. Labs: Open redirects

    • Quiz 9: Quiz: Open Redirects

  • 13

    Section 13: 00x10-02 CSRF

    • 80. What Exactly Is CSRF And How Does It Look Like In PHP

    • 81. bug-bounty-beginner-methodology -csrf

    • 82. How Uncle Rat Hunts For CSRF During Bug Bounties

    • 83. CSRF - Full text

    • 84. Labs: CSRF

    • Quiz 10: Quiz: CSRF

  • 14

    Section 14: 00x10-03 Broken Access Control

    • 85. Broken access control - what is it and how do you test for it.

    • 86. BAC.png

    • 87. BAC.pdf

    • Quiz 11: BAC : Quiz

    • 88. Lab: BAC

    • 89. Solutions lab:BAC

  • 15

    Section 15: 00x10-04 IDOR

    • 90. IDOR Exp

    • 91. IDOR - Slides.pdf

    • 92. idors-what-are-they-and-how-do-you-look-for-them

    • 93. 5-ways-to-test-for-idor-demonstrated

    • 94. did you know you can chain idors

    • 95. don't test for idors manually autorize is so much faster

    • Quiz 12: Quiz: IDOR

    • 96. Labs IDOR

    • 97. Solution labs IDOR

  • 16

    Section 16: 00x10-05 Business Logic Flaws

    • 98. business logic vulnerabilities

    • 99. business logic flaws you should probably look into this

    • 100. Business_logic_vulnerabilities.pdf

    • 101. full-business-logic-flaws

    • 102. labs Logic errors

    • Quiz 13: Quiz : Business Logic

  • 17

    Section 17: 00x10-06 XXE

    • 103. Intro

    • 104. XXE-Full text PDF

    • 105. what-is-xxe

    • 106. finding attack vectors

    • 107. exploiting

    • 108. wafs-and-filters

    • 109. XML_eXternal_Entities.pdf

    • 110. Tools and prevention

    • 111. Labs: XXE

    • Quiz 14: XXE : Quiz

  • 18

    Section 18: 00x10-07 Template Injections

    • 112. CSTI.pdf

    • 113. SSTI

    • 114. The crazy world of SSTi.pdf

    • 115. CSTI.pptx

    • 116. Client Side Template Injection

    • 117. Server Side Template Injection

    • 118. CSTI labs

  • 19

    Section 19: 00x10-08 XSS

    • 119. ultimate-xss-guide

    • 120. XSS - Ultimate beginner guide.pdf

    • 21. WAF evasion techniques

    • 122. Testing for reflected XSS.pdf

    • 123. Testing for stored XSS

    • 124. DOM XSS

    • 125. advanced xss techniques

    • 126. XSS - Advanced techniques.pdf

    • 127. waf bypass techniques

    • 128. Labs: XSS

  • 20

    Section 20: 00x10-09 Insecure Deserilisation

    • 129. Insecure deserilisation

    • 130. Insecure deserilisation: Not as hard as you think

    • 131. OWASP TOP 10: Insecure deserilisation

  • 21

    Section 21: 00x10-10 Captcha bypasses

    • 132. CAPTCHA bypasses

    • 133. Captcha bypass

    • 134. 00x10 Labs: Captcha bypass

  • 22

    Section 22: 00x10-11 SSRF

    • 135. SSRF-Slides

    • 136. SSRF

    • 137. blind-ssrf_-what-is-it_-impact_-how-to-exploit-it_.

    • 138. uncle rats ultimate ssrf guide for bug bounties.

    • Quiz 15: Quiz: SSRF

  • 23

    Section 23:00x10 OS Command Injection

    • 139. Command_injection - Slides

    • 140. os-command-injection

    • 141. how do i test for blind command injection

    • 142. uncle rats ultimate guide to finding os command injection

  • 24

    Section 24: 00x10 SQLi

    • 143. 0-intro

    • 144. 1-what-are-sqli.

    • 145. 2-detecting-sqli

    • 146. 3-types-of-sqli

    • 147. 4-boolean-based-sqli

    • 148. 5-sqlmap

    • 149. 6-references-amp-exercises

    • 150. Slides (1).pdf

    • 151. 1-portswigger-simple-login-bypass

    • 152. 2-union-based-sqli-to-rce

    • 153. 3-mssql-injection-to-rce

    • 154. 4-waf-bypasses

    • 155. 5-sqli-waf-bypass

    • 156. 6-sqli-xss-and-xxe-all-in-one-payload

  • 25

    Section 25: 00x10/11-11 (Admin) Login Pages

    • 157. admin login panel bypass

    • 158. 00x10/11 (Admin) login pages

    • Start 159. Assignment: 00x10/11 (Admin) login pages - Labs

  • 26

    Section 26: 00x10-12 Introduction to JWT Hacking

    • 160. JWT tokens - What are they and how can we hack them

    • 161. Labs: JWT Hacking

  • 27

    Section 27: 00x11-1 Broad scope web application methodology - General methodology

    • 162. Broad scope methodology Manual

    • 163. manual-recon

    • 164. 0 Subdomain Enum

    • 165. 2 processing subdomains

    • 166. 2 Checking the list

    • 167. automatic-recon

    • 168. Automatic subdomain enum pptx

  • 28

    Section 28: 00x11-2 Broad scope web application methodology - Manual hacking

    • 169. Subdomain flyover

    • 170. subdomain-flyover

    • 171. exploiting-open-ports

    • 172. Exploiting open ports

  • 29

    Section 29: 00x11-3 Broad scope web application methodology - Vulnerability scanning

    • 173. A vulnerability scanning

    • 174. B Chaining it all together

    • 175. our-attack-strategy

    • 176. vulnerability scanning

  • 30

    Section 30: 00x11-4 Broad scope web application methodology - Practical methodology

    • 177. Creating our list of subdomains

    • 178. Processing our list of subdomains

    • 179. Subdomain flyover

    • 180. Exploiting open ports

    • 181. Vulnerability scanning

    • 182. Vulnerability testing strategy

  • 31

    Section 31: 00x11-5 Broad scope web application methodology - Extra's

    • 183. Analyzing javascript files

    • 184. What the ffuf

    • 185. Nuclei template cheat sheet

    • 186. vulnerability scanning

    • 187. Nuclei scanning

    • 188. Running your scripts on a VPS

    • 189. Broad Scope Methodology

    • 190. Directory brute forcing

    • 191. quickly identify a target from a list of thousands of dns records multi domain

    • 192. exploit db examples

    • 193. List of tools

    • 194. you are probably doing directory brute forcing wrong heres why

    • Quiz 16: Quiz: Creating nuclei templates

  • 32

    Section 32: 0x12 API Testing

    • 195. Postman - Theory

    • 196. API hacking with postman Part 1 - getting the basics down.

    • 197. API hacking with postman Part 2 - importing the API description

    • 198. API hacking with postman Part 3 Pre-request scripts, tests and console

    • 199. API hacking with postman Part 4 - Getting dirty with data sources

    • 200. REST API goat project

    • 201. postman lab Tiredful API

    • 202. API Broken Access Control Through Replacing HTTP Method

    • 203. API hacking by Chaining postman into burp suite

  • 33

    Section 33: 00x12 OWASP API TOP 10

    • 204. API0 2019 What is an API

    • 205. API1 2019 Broken Object Level Authorization

    • 206. API2 2019 Broken User Authentication

    • 207. API3 2019 Excessive Data Exposure

    • 208. API4 2019 Lack of rate limiting

    • 209. API5 2019 Broken Function Level Authorization

    • 210. API6 2019 Mass Assignment

    • 211. API7 2019 Security Misconfiguration

    • 212. API8 2019 Injection

    • 213. API9 2019 Improper Assets Management

    • 214. API top 10 - 0 through 3

    • 215. OWASP API TOP 10 - 4 to 7

    • 216. API8-2019 Injection

    • 217. API9-2019 improper asset management

    • 218. OWASP API top 10 - 10 insufficient logging and monitoring

  • 34

    Section 34: 0x13 Mobile Hacking

    • 219. OWASP M1.2016 improper platform usage

    • 220. OWASP M2.2016 - insecure data storage

    • 221. OWASP M3.2016 Insecure communication

    • 222. OWASP M4.2016 Insecure authentication

    • 223. OWASP M5 Insufficient cryptography

    • 224. OWASP M6. Insecure authorization

    • 225. OWASP M7. bad code quality

    • 226. OWASP M8. Code tampering

    • 227. OWASP M9 Reverse engineering

    • 228. OWASP M10. Extranous functionality

  • 35

    Section 35: 00x13 Mobile Hacking - Setting up an android lab

    • 229. installation-chapter-1

    • 230. installation-chapter-2

    • 231. installation-chapter-3

    • 232. installation-chapter-4

    • 233. Mobile android lab setup.pptx

  • 36

    Section 36: 0x16 - Password Attacks

    • 234. Password Cracking

    • 235. Tools List

  • 37

    Section 37: Extras

    • 236. Automation

    • 237. Pentesting checklist

    • 238. NDA example (You get this from the client)

    • 239. Assignment example

    • 240. Test plan example

    • 241. Test report example

  • 38

    Section 38: French Translation

    • 242. Ethical hacking guide A-Z_FR_V1.1_Chap_1.docx

    • 243. Ethical hacking guide A-Z_FR_V1.1_Chap_2.docx

    • 244. Ethical hacking guide A-Z_FR_V1.1_Chap_3.docx

    • 245. Ethical hacking guide A-Z_FR_V1.1_Chap_4.docx

    • 246. Ethical hacking guide A-Z_FR_V1.1_Chap_5.docx

    • 247. Ethical hacking guide A-Z_FR_V1.1_Chap_6.docx