Ethical Hacking Full Course 2026 | Ethical Hacking Course for Beginners | Simplilearn
Key Takeaways
This video covers ethical hacking basics, including network security, vulnerability assessment, and penetration testing
Full Transcript
Hey future cyber defenders, welcome to simply learns ethical hacking course. Your gateway to one of the most exciting and in demand tech fields today. Cyber attacks are happening every day and ethical hackers are the heroes who protect businesses by finding and fixing security weaknesses before the bad guys do it. This legal hacking role offers amazing career opportunities and a great pay. In this course, you will start with fundamentals, understanding networks, operating systems, and common security vulnerabilities. You will learn how to identify security gaps, test systems defenses, and run real world penetration tests. Plus, you'll explore hackers tactics so you can stay one step ahead. Let's dive in and start your journey by becoming a cyber security expert. Before we commence, if you're interested in stepping into one of the most in demand fields of 2025, the advanced executive program in cyber security by simply learn is your perfect opportunity. In just 6 months, you will gain expertise in ethical hacking, penetration testing, ransomware analysis, and advanced defense strategies through a handson industry relevant approach. This program offered in collaboration with triple I Bangalore and IBM features live interactive classes, real world projects and industry recognized certifications. You'll also benefit from master classes by top triple IIT Bangalore faculty and an ex NPPCI expert diving into cuttingedge topics like Gen AI with cyber security. Whether you're looking to start or advance your career in cyber security, this course will make you job ready with practical tools, projects and certifications to help you stand out. Hurry up and enroll now. Find the course link in description box and in the pin comments. We humans are highly tech-savvy in today's times. With the extensive use of the internet and modern technologies, there is a massive challenge in protecting all our digital data such as net banking information, account credentials, and medical reports to name a few. Have you heard about the deadly W to Cry ransomware attack? The attack happened in May 2017 in Asia and then it spread across the world. Within a day, more than 230,000 computers were infected across 150 countries. The one to cry cryptoorm encrypted the data and locked the users out of their systems. For decryption of the data, the users were asked for a ransom of $300 to $600 in Bitcoin. The users who used the unsupported version of Microsoft Windows and those who hadn't installed the security update of April 2017 were targeted in this attack. The one a cry attack took a toll on every sector. Top tier organizations like Hitachi, Nissan and FedEx had to put their businesses on hold as their systems were affected too. Now this is what you call a cyber attack. To prevent such attacks, cyber security is implemented. We can define cyber security as the practice of protecting networks, programs, computer systems, and their components from unauthorized digital attacks. These illegal attacks are often referred to as hacking. Hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information. A hacker is a person who tries to hack into computer systems. This is a misconception that hacking is always wrong. There are hackers who work with different motives. Let's have a look at three different types of hackers. Black hat hackers are individuals who illegally hack into a system for a monetary gain. On the contrary, we have white hat hackers who exploit the vulnerabilities in a system by hacking into it with permission in order to defend the organization. This form of hacking is absolutely legal and ethical. Hence, they are also often referred to as ethical hackers. In addition to these hackers, we also have the gray hat hackers. As the name suggests, the color gray is a blend of both white and black. These hackers discover vulnerabilities in a system and report it to the systems owner, which is a good act. But they do this without seeking the owner's approval. Sometimes grey hat hackers also ask for money in return for the spotted vulnerabilities. Now that you have seen the different types of hackers, let's understand more about the hacking that is legal and valid, ethical hacking through an interesting story. Dan runs a trading company. He does online training with the money his customers invest. Everything was going well and Dan's business was booming until a hacker decided to hack the company's servers. The hacker stole the credentials of various trading accounts. He asked for a lumpsum ransom in exchange for the stolen credentials. Dan took the hacker's words lightly and didn't pay the hacker. As a result, the hacker withdrew money from various customers accounts and Dan was liable to pay back the customers. Dan lost a lot of money and also the trust of his customers. After this incident, Dan gave a lot of thought as to what could have gone wrong with the security infrastructure in his company. He wished there was someone from his company who could have run a test attack to see how vulnerable systems were before the hacker penetrated into the network. This was when he realized he needed an employee who thinks like a hacker and identifies the vulnerabilities in his network before an outsider does. To do this job, he hired an ethical hacker, John. John was a skilled professional who worked precisely like a hacker. In no time, he spotted several vulnerabilities in Dan's organization and closed all the loopholes. Hiring an ethical hacker helped Dan protect his customers from further attacks in the future. This in turn increased the company's productivity and guarded the company's reputation. So now you know hacking is not always bad. John in this scenario exposed the vulnerabilities in the existing network and such hacking is known as ethical hacking. Ethical hacking is distributed into six different phases. Let us look at these phases step by step with respect to how Jon our ethical hacker will act. Before launching an attack, the first step John takes is to gather all the necessary information about the organization system that he intends to attack. This step is called reconnaissance. He uses tools like inmap and hping for this purpose. John then tries to spot the vulnerabilities if any in the target system using tools like inmap and nexose. This is the scanning phase. Now that he has located the vulnerabilities, he then tries to exploit them. This step is known as gaining access. After Jon makes his way through the organization's networks, he tries to maintain his access for future attacks by installing back doors in the target system. The metas-ploit tool helps him with this. This phase is called maintaining access. John is a brilliant hacker, hence he tries his best not to leave any evidence of his attack. This is the fifth phase, clearing tracks. We now have the last phase that is reporting. In this phase, John documents a summary of his entire attack, the vulnerabilities he spotted, the tools he used, and the success rate of the attack. Looking into the report, Dan is now able to take a call and see how to protect his organization from any external cyber attacks. Don't you all think Jon is an asset to any organization? If you want to become an ethical hacker like John, then there are a few skills that you need to acquire. First and foremost, you need to have a good knowledge of operating environments such as Windows, Linux, Unix, and Macintosh. You must have reasonably good knowledge of programming languages such as HTML, PHP, Python, SQL, and JavaScript. Networking is the base of ethical hacking. Hence, you should be good at it. Ethical hackers should be well aware of security laws so that they don't misuse their skills. Finally, you must have a global certification on ethical hacking to successfully bag a position of an ethical hacker like John. Few examples of ethical hacking certification are certified ethical hacker certification C, CompTIA pinest plus, and licensed penetration tester certification to name a few. Simply learn provides a cyber security expert masters program that will equip you with all the skills required by a cyber security expert. You could have a look at it by clicking the link in the description. So, here's a question for you. In which phase of ethical hacking will you install back doors in the target system? A scanning, B. Maintaining access, C. Clearing tracks, D. Reconnaissance. Give it a thought and leave your answers in the comments section below. Three lucky winners will receive Amazon gift vouchers. The endless growth of technologies in this area is directly proportional to the number of cyber crimes. Cyber crimes are estimated to cost $6 trillion in 2021. Hence, to tackle these cyber crimes, organizations are continuously on the lookout for cyber security professionals. The average annual salary of a certified ethical hacker is $91,000 in the US and approximately rupes 7 lakhs in India. So, what are you waiting for? Get certified and become an ethical hacker like John and put an end to the cyber attacks in the world. Here we will learn the importance of ethical hacking, what exactly ethical hacking is, the ethical hacking process, and who an ethical hacker is. You will also be acquainted with a few cyber attacks with a hands-on demo for each. For this crash course, we have our experienced instructor, Bippen, who will take you through the various topics. He will also give you an insight into the popular CH exam and guide you on your journey as an ethical hacker. You can learn all of these topics in under 3 hours. We will be starting off this crash course with an interesting animated video on ethical hacking. But before we begin, make sure to subscribe to our YouTube channel and hit the bell icon to never miss an update from Simply Learn. We humans are highly techsavvy in today's times. With the extensive use of the internet and modern technologies, there is a massive challenge in protecting all our digital data such as net banking information, account credentials, and medical reports to name a few. Have you heard about the deadly W to cry ransomware attack? The attack happened in May 2017 in Asia and then it spread across the world. Within a day, more than 230,000 computers were infected across 150 countries. The W to Cry Cryptoorm encrypted the data and locked the users out of their systems. For decryption of the data, the users were asked for a ransom of $300 to $600 in Bitcoin. The users who used the unsupported version of Microsoft Windows and those who hadn't installed the security update of April 2017 were targeted in this attack. The one to cry attack took a toll on every sector. Top tier organizations like Hitachi, Nissan and FedEx had to put their businesses on hold as their systems were affected too. Now this is what you call a cyber attack. To prevent such attacks, cyber security is implemented. We can define cyber security as the practice of protecting networks, programs, computer systems and their components from unauthorized digital attacks. These illegal attacks are often referred to as hacking. Hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information. A hacker is a person who tries to hack into computer systems. This is a misconception that hacking is always wrong. There are hackers who work with different motives. Let's have a look at three different types of hackers. Black hat hackers are individuals who illegally hack into a system for a monetary gain. On the contrary, we have white hat hackers who exploit the vulnerabilities in a system by hacking into it with permission in order to defend the organization. This form of hacking is absolutely legal and ethical. Hence, they are also often referred to as ethical hackers. In addition to these hackers, we also have the gray hat hackers. As the name suggests, the color gray is a blend of both white and black. These hackers discover vulnerabilities in a system and report it to the systems owner, which is a good act, but they do this without seeking the owner's approval. Sometimes grey hat hackers also ask for money in return for the spotted vulnerabilities. Now that you have seen the different types of hackers, let's understand more about the hacking that is legal and valid, ethical hacking through an interesting story. Dan runs a trading company. He does online training with the money his customers invest. Everything was going well and Dan's business was booming until a hacker decided to hack the company's servers. The hacker stole the credentials of various trading accounts. He asked for a lumpsum ransom in exchange for the stolen credentials. Dan took the hacker's words lightly and didn't pay the hacker. As a result, the hacker withdrew money from various customers accounts and Dan was liable to pay back the customers. Dan lost a lot of money and also the trust of his customers. After this incident, Dan gave a lot of thought as to what could have gone wrong with the security infrastructure in his company. He wished there was someone from his company who could have run a test attack to see how vulnerable systems were before the hacker penetrated into the network. This was when he realized he needed an employee who thinks like a hacker and identifies the vulnerabilities in his network before an outsider does. To do this job, he hired an ethical hacker, John. Jon was a skilled professional who worked precisely like a hacker. In no time, he spotted several vulnerabilities in Dan's organization and closed all the loopholes. Hiring an ethical hacker helped Dan protect his customers from further attacks in the future. This in turn increased the company's productivity and guarded the company's reputation. So now you know hacking is not always bad. John in this scenario exposed the vulnerabilities in the existing network and such hacking is known as ethical hacking. Ethical hacking is distributed into six different phases. Let us look at these phases step by step with respect to how Jon our ethical hacker will act. Before launching an attack, the first step Jon takes is to gather all the necessary information about the organization's system that he intends to attack. This step is called reconnaissance. He uses tools like inmap and hping for this purpose. John then tries to spot the vulnerabilities if any in the target system using tools like inmap and next. This is the scanning phase. Now that he has located the vulnerabilities, he then tries to exploit them. This step is known as gaining access. After Jon makes his way through the organization's networks, he tries to maintain his access for future attacks by installing back doors in the target system. The metas-ploit tool helps him with this. This phase is called maintaining access. John is a brilliant hacker, hence he tries his best not to leave any evidence of his attack. This is the fifth phase, clearing tracks. We now have the last phase that is reporting. In this phase, Jon documents a summary of his entire attack, the vulnerabilities he spotted, the tools he used, and the success rate of the attack. Looking into the report, Dan is now able to take a call and see how to protect his organization from any external cyber attacks. Don't you all think Jon is an asset to any organization? If you want to become an ethical hacker like John, then there are a few skills that you need to acquire. First and foremost, you need to have a good knowledge of operating environments such as Windows, Linux, Unix, and Macintosh. You must have reasonably good knowledge of programming languages such as HTML, PHP, Python, SQL, and JavaScript. Networking is the base of ethical hacking. Hence, you should be good at it. Ethical hackers should be well aware of security laws so that they don't misuse their skills. Finally, you must have a global certification on ethical hacking to successfully bag a position of an ethical hacker like John. Few examples of ethical hacking certification are certified ethical hacker certification, C, CompTIA pinest plus, and licensed penetration tester certification to name a few. Simply learn provides a cyber security expert masters program that will equip you with all the skills required by a cyber security expert. You could have a look at it by clicking the link in the description. The endless growth of technologies in this area is directly proportional to the number of cyber crimes. Cyber crimes are estimated to cost $6 trillion in 2021. Hence, to tackle these cyber crimes, organizations are continuously on the lookout for cyber security professionals. The average annual salary of a certified ethical hacker is $91,000 in the US and approximately rupes 7 lakhs in India. So what are you waiting for? Get certified and become an ethical hacker like John and put an end to the cyber attacks in the world. So let's talk about hacking and what exactly hacking is. Hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information. A hacker is a person who tries to hack into computer systems. Now here there are some key words that we need to understand. First and foremost exploit. When you're exploiting weaknesses, weaknesses are technically called vulnerabilities which are basically design flaws, misconfiguration errors, usage of default usernames and passwords which have not been modified. So any misconfiguration or anything that has been left behind by a security administrator that can be misused which means exploited by a hacker to gain unauthorized access. So the next term is unauthorized access something that you're not allowed to do. And when you say a hacker is a person who tries to hack, it's basically a person with malicious intent trying to gain access to a system or a resource that they are not authorized to access in the first place. How do they do it? they find a vulnerability that is a weakness or a flaw and then they misuse it to gain access to that particular network. So here in the diagram you can see that a sender on the left hand side is trying to send some data to the receiver on the right hand side. The hacker would try to gain unauthorized access to the transmission that is being sent and would try to capture the data packets and read the secrets within. Let's look at a business case scenario into hacking. Now there is an organization uh everybody's going around their own business when they realize that their systems may have been compromised. Now they're trying to look at the customer data to ensure that that has not been compromised and trying to assure the customers. However, they do realize that some customer data has been lost and even the company reports have been modified as well. Now this is the scenario where there have been some security controls in place and those controls have been identified. They realized that there is an attack that has happened and based on that attack they have realized that the data has now been compromised and the records have been modified uh by the hacker which means that the data is no longer trustworthy and thus cannot be used by the business for any legal transactions. So then the hacker gives a call to the organization or gets connected to the organization demanding a ransom for the data to be replaced to be taken back into the original state where it was trusted and thus the organization can utilize it for business transactions. The organization has probably no backup. So they decide that they want to pay the lumpsum to the hacker to restore that data so that they can continue on with the business. does money exchanges and the hacker is able to restore that data and the business continues at as usual. However, the activity here of a hacker trying to leverage the misconfiguration of the weaknesses in the organization's security thus being able to hack them and uh make these ransomware demands. So the company then wants to figure out even if having a security system in place how was the hacker able to hack their systems. Thus, one of the employees comes up with a brilliant idea of identifying vulnerabilities in the network uh to proactively search for any flaws that have been left behind uh so that they can plug those flaws and nobody can misuse them. Thus, they figure out that they want to hire a ethical hacker who would help them identify the security posture of the organization, identify the weaknesses, vulnerabilities and flaws and help them remedy those flaws so that in future scenarios these scenarios will not happen. So before we go into an ethical hacker, let's understand what are the types of hackers. So what are the types of hackers? Hacker is a technically skilled person uh who is very adept with computers. They have good programming skills. They understand how operating system works. They understand how networks work. They understand how to identify flaws and vulnerabilities within all of these aspects. and then they understand and know how to misuse these flaws to get a outcome which would be detrimental to the health of the organization. So there are six type of hackers that have been identified. Black hat hackers, white hat hackers, grey hat, script kitties, nation sponsored hackers and activists. So blackhat hackers are bas basically uh the malicious hackers who have malicious intent and have criminalistic tendencies. They want to harm the organization by hacking into their infrastructure, by destroying their infrastructure, by destroying their data so that uh they can gain from it from a monetary perspective. Uh these guys are also known as crackers. The main aspect of these uh people are that they have malicious intent. They try to do unauthorized activities and they try it for personal gain. Another important aspect to remember is that a black hat hacker will always try to hide their identity. uh they will spoof their online digital identity by masking it by spoofing their IP addresses, MAC addresses and try to remain anonymous on the network. A white hat hacker on the other hand is also an ethical hacker or a security analyst who's an individual who will do exactly the same thing that a black hat hacker would do minus the malicious intent plus the intent of helping the organization identifying the flaws and remedying them so that nobody else can misuse those vulnerabilities. So they are authorized to act on the company's behalf. They are authorized to do that activity which would help the company identify those flaws and thus help the company mitigate those flaws improving on their security posture. So these uh these kind of security experts or ethical hackers would help organizations defend themselves against unauthorized attacks. Greyhead hackers is a blend of both white hat and blackhat hackers. So here they can work defensively and offensively both. They can accept contracts from organizations to increase their security posture. At the same time, they can also get themselves involved in malicious activities towards other organizations to personally gain or benefit from them by doing unauthorized activity. Script kitties are people uh who are technically not much aware about what hacking is. Uh they rely on existing tools that have been created by other hackers. They have no technical knowledge of what they're doing. It's just a hit or miss for them. So they just get their hands on a tool. they try to execute those tools. Uh if the hack works, it works otherwise it doesn't. So these people are basically who are noobs or newbies who are trying to learn hacking or uh just uh people who with malice's intent who just want to have some fun or trying to impress people around. Then we have the nation or the state sponsored hackers. As the name suggests these hackers are sponsored by their government. Now this may not be a legitimate job but most of the governments do have uh hackers uh enrolled in their pay on um on their organizations to spy on their enemies to spy on various countries and try to figure out uh the aspirations of those countries. So this is basically a spying activity where you're technically trying to get access to other count's resources and then try to spy on them to figure out what their activities have been or what their future plans have been. And then we have the activists who is an individual who has a political agenda to promote and they promote it by doing hacking. So uh these guys what is the difference between a black hat hacker and a activist? The black hat hacker may try to hide their identity. Activist will claim responsibility of what they have done. So for them it's a political agenda, a political cause and they will try to hack various organizations to promote their cause. They would probably do this by defacing the website and posting the messages that they want to promote on these websites. So what exactly is ethical hacking? Then we have discussed the types of hackers. We have identified a malicious hacker as a black hat hacker with the intent uh of doing harm to an organization's network for personal gain. We have discussed what the ethical hacker is. So an ethical hacker would be doing the same activity but in an authorized manner. So they would have legal contracts that they would be signing with the organization which would give them a definite scope of what they're allowed to do and what they are not allowed to do and the ethical hackers would function within those scopes would try to execute those test scenarios where they would be able to identify those flaws or those system vulnerabilities and then they would be submitting a report to the management of what they have found. They would also help the management to mitigate or to resolve those weaknesses so that nobody else can misuse them later on. They might use the same techniques and the same tools that blackhat hackers do. However, the main difference here is that these guys are authorized to do that particular activity. They're doing it in a controlled manner with the intent of helping the organization and not with the intent of personal gains. So, who's an ethical hacker? Again, an ethical hacker is a highly intelligent, highly educated person who knows how computers function, how programming languages work, how operating systems work. They can troubleshoot. They're technically very adept at computing. They understand the architecture. they understand uh how various components in a computer work. They can troubleshoot those components and they can basically be uh very good with programming as well. Now when I say programming, we don't want the ethical hacker to be a good developer of applications. We want them to understand programming in such a way that they can create scripts. They can write their own short programs like viruses, worms, trojans or exploits which would help them achieve the objective that they have set out for. So uh here you can see the ethical hacker there are individuals who perform a security assessment of their companies with the permission of cons concerned authorities. So what is a security assessment? A security assessment is finding out the exact security posture of the organization by identifying what security controls are in place how they've been configured and if there are any gaps in the configurations themselves. So an organization will hire a ethical hacker. They they would give the ethical hacker the information about what information is or what security controls, what firewalls, what IDs, IPSS, introen detection or intro prevention systems, antiviruses are already in place and then they will ask the ethical hacker to figure out a way to bypass these mechanisms and see if they can still hack the organization. What is the need of an ethical hacker? The need of an ethical hacker is proactive security. The ethical hacker would identify all the existing flaws in an organization and try to resolve those flaws to help secure the organization from blackhead hackers. So ethical hackers would prevent hackers from cracking into an organization's network by securing the organization by improving on their security on a periodic basis and they would also try to identify system vulnerabilities, network vulnerabilities or application level vulnerabilities that would have been missed or have already been missed and then try to figure out a way of plugging them or uh resolving them so that they cannot be misused by other hackers. They would also analyze and enhance an organization security policies. Now what are policies? Policies are basically documents that have been created by an organization of rules that all the employees need to follow to ensure that the security of an organization is maintained. For example, a password policy. A password policy would help users in an organization to adhere to the standards the organization has identified for a password complexity. For example, a password when a user is creating them should adhere to standards where they are using random words. They are uh they contain the alphabet A through zed uppercase and lower case 0 through 9 as numeric and special characters and they're randomized so that the password becomes more more stronger to prevent from brute force attacks. So what would an ethical hacker do at this point in time? They would try to test the strength of the passwords to see if brute force attacks or dictionary attacks are possible and if any of these passwords can be cracked. They would ensure that all the employees are following the policies and all the passwords are are as secured as the policies want them to be. If there are any gaps in the policies or the implementation of the policy, it is the ethical hacker's responsibility to identify those gaps and warn the organization about it. Similarly, they would also try to protect any personal information, any data that is owned by the organization that is critical for the functioning of the organization and they'll try to protect it by from falling into the hacker's hands. Now what are the skills that are required of an ethical hacker? These are the following skills. So first and foremost they should have good knowledge with operating systems such as Windows, Linux, Unix and Mac. Now when we say knowledge about operating systems, it's not only about how to use those operating systems but how to troubleshoot those operating systems, how these operating systems work, how these operating systems need to be configured, how can they be secured. For example, securing an operating system is not only installing a firewall and an antivirus, but you need to configure permissions on an operating system of what users are allowed to do and what users are not allowed to do. For example, limiting the installation of applications. How are we going to do that? We need to go into the system center, the security center of Windows, and we need to configure security parameters over there of what are acceptable softwares and what are not. Same with Linux and uh Mac softwares, operating systems. So we need to know how we can secure these operating systems. Similarly, all of these would have desktop versions and server versions of operating systems. As a ethical hacker, we need to know the desktop and server versions both how to configure them and how to provide services within the organization on these servers so that they can be consumed in a secure manner by all the employees. At the same time, they should also be knowledgeable of programming languages or scripting languages such as PHP, Python, Ruby, HTML for programming, if you will, because web servers come into the picture. So again, they should not be great developers where they can create huge applications, but they should be able to develop scripts, understand those scripts, analyze those scripts, and figure out what the output should be of those scripts to achieve the hacking goals that they have set out for. And ethical hackers should have a very good understanding about networking. No matter whether you're in application security, you're in network security or you're in hostbased security. Since a computer will always be connected to a network, either a local area network like a LAN or the internet, we should know how networking works. We should know the seven layers of the OSI model. We should know which protocols work on those seven layers. We should identify the TCP IP model and how OSI model can be mapped to the TCP IP model. We should understand how TCP and UDP work. How uh how each and every protocol is crafted, how they are supposed to behave for us to analyze and understand any network-based attacks. We should be very good in security measures. So we should know where those vulnerabilities would lie. What are the latest exploits available in the market and we should be able to identify them. We should be able to know the techniques and the tools of how to deal with security, how to analyze security and then how to implement security to enhance it as well. Along with that, it is important that a security analyst or ethical hacker is aware of the local security laws and standards. Why is that? Because an organization cannot do any illegal activity. Whatever responses that they have, whatever security mechanisms, whatever security controls they will implement, they need to be adhering to the local law of the land. They should be legal in nature and should not cause undue harm to any of the employees or any of the third party clients that they are dealing with. So the ethical hackers should be aware of what uh security laws are before they implement security controls or even before they start testing for security controls. And all of these should be backed up by having a global certification or a globally valid certification related to networking related to security, ethical hacking, the law of the land, anything and everything. maybe even programming. Uh it's good to have a certification in PHP, Pearl, Python, Ruby and so on so forth. Why? Because most of the organizations when they hire ethical hackers look out for these certifications especially globally valid certifications so that they can be sure or they can be assured that the person that they are hiring has the required skill set. So let's talk about a few of the tools that a ethical hacker would utilize uh in their testing scenarios. To be honest, there are hundreds of tools out there. What you see on the screen are just a few examples of them. Uh Nessus is a vulnerability scanner. What is a vulnerability scanner? It is an automated tool that is designed to identify vulnerabilities within hosts, within uh operating systems, within networks. So they come with their ready-made databases of all the vulnerabilities that have already been identified and they scan the network against that database to find out any possible flaws or any possible vulnerabilities that currently exist on the host or the operating system or on the network. Similarly, there would be application scanners like uh Aunetics or Arachnne that would help you scan applications and identify flaws within those applications as well. Now all of these are automated tools. The essence of ethical hacker is when these tools churn out the reports, the ethical hacker hacker can understand these reports, analyze them, identify the flaws and then craft their own exploits or use existing exploits in a particular manner so that they can get access or they can bypass the access security controls mechanisms that are already in place. How can they do that? With the tool called metasloit. You see that big M there on the right hand side. That M logo is for a tool called metas-ploit which is a penetration testing tool. What is a penetration testing tool? It is that tool that will allow a ethical hacker to craft their exploits or choose their exploits for the vulnerabilities that have been identified by Nessus. Since we are interacting with computers, we will always be interacting using tools. Right? So the first tool Nessus identifies the flaws and the possible list of vulnerabilities. We do a penetration test using metas-loit to validate those flaws and to verify that those flaws actually exist and try to figure out the complexity of those flaws and that's where metasloit helps us do that. Wireshark would be used in the background while we are doing both the activities using Nessus or Metasloit to keep a track of what packets are being sent and by received on the network which will help us analyze those packets. So whenever I run a Nessus scanner I would run a wireshark in the background. it will capture the data packets and I can go through those data packets and analyze that data packets to identify what Ness is actually trying to do. Similarly, when I try to attack a machine using exploit on metas-ploit, I will keep on wireshark running in the background to capture the data packets that have been sent and the responses that I've received from the victim. So that I can also go through those packets and analyze the responses and analyze the attack whether it was successful to what extent was it successful and basically will also give me a validation a proof of the activity that has happened. N MAPAP is another automated tool that allows me to scan for open ports and protocols. So why would I use N MAPAP? Because pro ports and protocols become an entry point for a hacker to gain access to devices. For example, when we connect to a web server, we connect through a web browser, but we automatically connect to port 80 using HTTP and port 443 is using HTTPS. So if I'm connecting to a web server using HTTPS, it is safe to assume that port 443 on the web server is open to accept those connections. Similarly, there would be other services that may be left open on the web server because nobody thought about configuring it or they misconfigured the web server and they left unwanted services running. So end mapap will allow me to scan those ports and services and allow me to understand what services are being offered on that server. So then I can start analyzing that server, identify those flaws within those services and then try to attack them. If the application that I'm analyzing is connected to a database and I want to do a SQL injection attack or if I if Nessus tells me that there is a SQL injection attack that may be possible on that particular application, I can use an automated tool called SQL map or SQL map that would allow me to automatically craft all the queries that are required for a SQL injection attack and help me do that attack at the same time. So here I do not have to manually create my own queries. Uh the SQL map tool would automatically create them for me. What I would do is I would use Nessus to identify that particular flaw. If Nessus reports that flaw, I would then go use the tool SQL map, configure it to attack that particular web server and when I fire off the tool, it will then automatically start directing queries, SQL injection queries to the database to see if those uh databases are vulnerable and if yes, what data can be retrieved from those databases. So all of these tools in a nutshell would help me hack networks, applications, operating systems and host devices. And this is what the ethical hacker does. They use these kind of tool sets. They identify what attacks they need to do. They identify the right tool for that particular attack and they write their exploits. They create those attacks and then they start attacking. Analyze the response and then give a report to the management uh providing them feedback about how the attack was created or crafted, what was the response to that attack and whether the attack was successful or not. If successful, they would also give recommendations of what to do to prevent these attacks from happening in the future. So when we are doing these attacks or when we want to launch these attacks, what is the process that we would follow? So there are six steps that we would do as a ethical hacker. If you're just a hacker, you probably wouldn't do the sixth step which is a reporting step. So the first step that would be done is the reconnaissance phase which is the information gathering phase which is very important from ethical hacker's perspective or a hacker's perspective because if I want to attack someone or something as a digital device, I need to know what I'm attacking. I need to know the IP address of the device, the MAC address of those devices. I need to know the operating system, the build or the version of that operating systems, applications on top, the versions of those applications. So I know what I'm attacking. For example, if I if I want to attack a server, I assume it's a Windowsbased server and I use a particular tool to attack it, but it actually turns out to be a Linux based server, my attacks are going to be unsuccessful. So I need to focus my attack based on what is there at the other end. So in my information gathering phase, I want to identify all of that information. Once I have that information done, I'm going to scan those servers using tools like end mapap that we just talked about and we're going to try to see the open ports, open services and protocols that are running on that server that can give me possible entry points within the network or within the device or within the operating system. At the same time along with the scanning with end mapap I would run a vulnerability scanner the Nessus vulnerability scanner we talked about or aetics for applications and then I would try to identify vulnerabilities in those applications operating systems or networks. Once I've identified those vulnerabilities in the scanning phase I would then move on to the gaining phase where I would then craft my exploits or choose existing exploits and start attacking the attacking the victim. At this point in time, if my attack is successful, I will probably have gained access uh by either cracking passwords or escalating privileges or exploiting a vulnerability that I may have found during the scanning phase. Once I have gained my access, I want to maintain my access. Why? Because the vulnerability may not be there for long. Maybe somebody updated the operating system and hence the flaw was no longer exist existing or somebody changed the password that may I may have cracked. Thus, I no longer have access. So what do I do to maintain my access? I install Trojans or backdoor entries to those systems using which I can secretly in a covert manner get access to those devices at my own will at my own time as long as those devices are available over the network. So that's where I maintain my access. I have hacked them. Now I want to maintain my access. So I install a software which would give me a backdoor entry to that device no matter what. Once I have done this I want to clear my track. So whatever activity that I've been doing for example installing a Trojan a Trojan is also a software that would create directory directories and files once installed on the victim's machine. So I want to hide that if I have access data stores if I have modified data I want to hide that activity because if the victim comes to know that something has happened they would start they would start increasing their security parameters they might start scanning their devices they may take them offline thus my hack would no longer be efficient. The reason I'm clearing my tracks is that the victim doesn't find out that they have been hacked or they have been compromised or even if they do find out that they've been compromised, they cannot trace the compromise back to me. So I would be deleting references of any of the IP addresses or MAC addresses that I may have used to attack that particular device. And this is where I will be able to identify where those logs were created, where those traces are. Once I take off those traces, the victim would not be any wiser of whether they have been compromised or who compromised their system. And if I am successful at all of these stages or what to whatever extent the success that I've achieved in any of these stages, I would then create a report based on that and I would report to the management about the activities that we have been able to do and whatever we have been able to achieve out of those activities. For example, we identified 10 different flaws. There were 20 different attacks that we wanted to do. what attack did we do? What was the outcome of that attack? What was the intended or or the expected output of that attack? I'll create a report which would give a detailed analysis of all the steps that were taken along with screenshots and evidences of what activity was conducted, what was the output, what was the expected output and I would submit that report to the management giving them an idea of what vulnerabilities and flaws exist in their environment or their devices that need to be mitigated so that the security can be enhanced. So these are the six steps that the ethical hacking process would take. uh just going through this the uh reconnaissance is where you're going to use hiking tools like NM map edge pane to obtain information about targets. There are hundreds of tools out there depending on what information you want. Then in scanning again N map MAPAP Nexpose these kind of tools to be utilized to identify open ports protocols and services. In gaining access you're going to exploit a vulnerability by using the metasloit tool that we talked about in the previous slides. In the maintaining access you're going to install backd doors. You can use metasloit at the same time. uh you can craft your own scripts to create a Trojan and install it on the victim's machine. Once you have achieved that, clearing tracks is where you're going to clear all evidences of your activity so that you do not get caught or the victim doesn't even realize that they have been hacked. And once you have done all of this, we are going to create reports that are going to be submitted to the management to help them understand the current security evaluation of their organization. So now let's see how we can hack using social engineering. Now what is social engineering? Social engineering is the art of manipulating humans into revealing confidential information which they otherwise would not have revealed. So this is where your social skill and your people skills come into the picture. If you're able to communicate effectively to another person, they would probably give up more information that they intended to give out. Let's look at look at examples. Right? If you see on the screen fishing activity, what is fishing? We receive a lot of emails on a regular basis. We have always received those emails where we have won a lottery of a few million dollars, but we have never realized that we didn't purchase a lottery to win a lottery in the first place. We have always had those Nigerian frauds where a prince died in some South African country and you out of 7 billion people on the planet have been identified where they want to transfer a few hundred million through your account and they want to give you 50% of that money in return as thank you. So some very basic attacks where you go onto websites and there's a banner flashing at you saying congratulations you're the 1 millionth visitor to this website. Click here to claim your prize. All of these are social engineering attacks, fishing attacks, fake websites, fake communications being sent out to users to prey on their gullibility. Most of humans always have that dream of striking it rich, winning a huge lottery once and for all and living their life lavishly ever after. But sadly in the real world that's not that doesn't happen that often and if you're receiving those mails it is very important that you first research the validity of those those communications before you even want to act upon them. So why are humans susceptible to social engineering? Because humans have emotion. Machines do not. Try pleading with a machine to give you access to a account that you have forgotten a password to. The machine wouldn't even know what you're doing. Try pleading with a human sympathy or empathy where you could try to create a social engineering attack where you can plead with them saying if I do not get access to this account immediately I might lose my job and then that would put my family into problems. Somebody would feel empathy or sympathy towards you and help you reset that password and give you access to that account. It's how good the attack is and how convincing you are for the success of this attack to happen. So what is a familiarity exploit? Attackers interact with victims to gain information which will benefit the attack. uh is to crack credentials as passwords. If we want to reset our passwords, what do we have as a mechanism to resetting passwords? We have some security questions that we set up. Those questions are nothing but personal information that we would know. But through a social engineering attack, we it would be easily be able to uh gather the information that you have set for your security questions. The security questions can be as simple as the first school that you attended. you probably have that listed on your LinkedIn profile where a per person can just go in there and see your academic qualifications and identify the school that you were in right similarly it might also be a question what was your mother's maiden name that's a very good attack and that's uh I mean if a person can interact with you let's say they're trying to take a survey and they approach you for a feedback on a particular product that you have been utilizing and they ask you these questions you wouldn't think twice before giving those answers as long as the request sounds legitimate to us we are able to justify that request, we do answer those queries. So, it's upon us to verify the authenticity of the request coming in before we answer it. Fishing as discussed would be fraudulent emails which appear to be coming from a trusted source. So, email spoofing uh comes into mind, fake websites and so on so forth. Exploiting human curiosity, curiosity killed the cat, right? So there was there's so many physical attacks where hackers just keep pen drives lying around in a parking lot. Now this is an open generic attack. Whoever falls victim will fall victim. So if I just throw around a few USBs in the parking lot obviously with Trojans implemented on them. Some people who are curious or who are looking for a couple of freebies might take up those pen drives plug them in their computers to see what data is on the pen drives. At the same time once they plug in there those pen drives on their computers the virus or the Trojan would get infected and cause harm to their machine. Then exploiting human greed. We just talked about the Nigerian frauds and the lotteryies those kind of attacks the fake money-making gimmicks. Now basically this is where you prey upon the person's uh greed kicking in and they clicking on those links in order to uh get that money that has been promised to them in that email. So one of the safest mechanism to keep data private and to keep yourself secure is using encryption. Now encryption can happen through cryptography. What is cryptography? Cryptography is the art of scrambling data using a particular algorithm so that the data becomes unreadable to the normal user. The only person with the key to unscramble that data would be able to unscramble it and make sense out of that data. So we're just making it unreadable or non-readable by using a particular key or a particular algorithm. And then we're going to send the key to the end user. The end user using the uh same key would then decrypt that data. If anybody compromises that data while it is being sent over the network since it is encrypted, they would not be able to read it. So the encryption algorithm would be something like this. Now if you see uh the computer word once made into unreadable format would look like eq o r xv gt for a end user it wouldn't make any sense but the person who has a key to unscramble that would be able to convert it back to computer and then understand the meaning of that word. So this is just a substitution cipher that is being shown on the screen. So what is the alphabet? The key is alphabet + 3. So c plus three alphabets that becomes e o becomes q. M becomes o. So the key that is utilized to scramble the data is the character that you are at the third character from there would be the corresponding key. So the encrypted message is also known as a cipher. The decryption is just the other way around where you know the key now and you can now figure out what that e correspondent to by going back three characters in the alphabet. Most of the times a certified ethical hacker must decrypt a message without knowing the secret key. So let's say a ransomware has affected your organization or has affected a device and you want to figure out uh or you want to decrypt that data. Now as a ethical hacker you wouldn't be for paying a ransom uh to the hacker would you? So it is now your prerogative of how you're going to work around and how you're going to try to crack the encryption mechanism how to crack the cipher to decrypt that message and see what's within it. Right? Decryption without the use of a secret key that is known as a crypt analysis. Crypto analysis is the reversing of an algorithm to figure out what the decryption was without using a key. So cryp analysis can be done using various formats. The first one is a brute force attack. Second is a dictionary attack. The third one is a rainbow table attack. A brute force attack is trying every combination permutation and combination of the key to figure out what the key was. It is 100% successful but may take a lot of time. A dictionary attack is where you have created a list of possible encryption mechanisms, a list of possible cracks and then you try to figure out whether those cracks work or not. Rainbow tables are where you have an encrypted text in hand and you're trying to figure out uh the similarities between the text that you have and the encrypted data that you wanted to decrypt in the first place. So in the brute force attack, you're trying every possible combination permutation of what the key would be. In dictionary attack, you have a word list that would tantamount to the key. And if you're you're trying to match all the words listed in the text file or the word list to see if any of those words are going to work to decrypt that data. Here in the rainbow table, the cipher text is compared with another cipher text. You find out similarities and then you try to work or reverse engineer your way accordingly. So let's have a quick demo on cryptography before we end this session. So to begin with the demo of cryptography, we are on a website called spammimic.com which will help us scramble the message that we created into a completely a format which would be unrelated to the topic at hand. So if I say I want to encode a message, turn a short message into spam. So what this does is you want to send across a secret message, you type in the secret message, a short one and it will convert that into a spam mail. You send it across. So whoever is reading that spam mail would never get an idea of the embedded message within it. So if I want to type in a message here, hi this is a secret message. The password is askd at the rate 1 2 3 4. And I want to send this out to people or to one of my colleagues. But I want to send it out in a secret manner so that others are not aware of this. So when I press on encode what the algorithm would do is it will convert this message into a spam mail. So my message hi this is a secret message the password is at the rate 1 2 3 4 or asd at the rate 1 2 3 4 gets converted into this. Now if you read it dear e-commerce professional this letter was specially selected to be sent to you. This doesn't make sense. There is nowhere or no reference to the actual message that I've already said. So if I copy this entire message and I send it let's say via email to the recipient. Now the thing is that the recipient needs to know that I've encoded it using spam mimic. The algorithm rem need needs to remain the same. So once they know that it is spam mimic what they can do is now in this instance what I'm going to do is I'm going to open up a new browser and I'm going to go to the same website and at this point in time I'm going to click on decode. When I click on decode I'm going to paste the message that I have just copied. There we are. And this message is now being copied into a different browser. And if I decode this, you will see that it will convert it back to the original message that there was. So the key is there at spam mimic and uh it is embedded within the message. So whenever we paste the message in the decode factor, it knows what the key was and it can decrypt that message and give me the actual message that was embedded within it. There we are, the entire message. This is what we created in the Google Chrome browser and in the Firefox browser we decoded. Similarly, if I want to protect these kind of messages, there is an aspen encrypt.com website where let's say we use text encryption and I want to encrypt the same message. This is a secret message. The password is ASD at the rate 1 2 3 4. And then I give it a password to protect this message. Let's say the word password. And I use the cipher to scramble this by using let's say AES which is the strongest cipher right now and I say encrypt. So this is what the encryption would look like. And basically uh if I don't have the password over here, if I decrypt it, you would see that the error has occurred. Now if I type in the password over here and then decrypt it, it will be able to convert that back into the unscrambled text and it will give me what the original message was. This is a secret message. The password is ASD at the rate 1 2 3 4. So if I want to keep my data secure from hackers, I want to scramble it in such a way that they would not be able to crack it or it would be very difficult from for them to crack it. And this is one of the first mechanisms that would be recommended by any ethical hacker to keep the data secure. Now let's talk about downloading and installing Kali Linux. Along with that, we'll also be looking at the basic commands that are required for Kali Linux. All right. So I've opened my browser and we want to go to the Kali website. So we want to go to kali.org. og you can directly type in kali.org and go to the website or you can just do a Google search and say kali download and it will give you the same website but it will directly take you to the downloads pages. So either here and or you can go to the homepage uh cookies are being installed on your machine. So uh see which cookies you want to allow. I'm only going to use the necessary cookies to support this site. And you can see that this gives you the latest Kali Linux news and tutorials. gives you the latest release, what is in that release and gives you a lot of documentation which will help you understand what tools have been developed and what functionality has been given in the latest version. If you want to download, you can directly go here and you can download Kali Linux. Now, Kali Linux is a 2.6 GBTE download. So, it's going to take time. The latest version being 2019.4. And we click over here. I'm using a download manager to manage all these huge downloads. And uh you can see it's pointed to the operating systems folder and it is going to be a 2.57GB download. So you click on download and in the background uh you can see this is going to be downloaded and we're going to minimize this and uh it will take a few minutes for that to download. But this is an ISO image. So we need to install it on a virtual machine. So what we need is we need to use a hypervisor which will allow us to create virtual machines. So we can either use VMware workstation which you can download from here. However uh this is paid version. So you can see it is around $250 or something for uh this software but it is a very good software to have. So if you click on download now it is going to start the download. It's a 30-day trial period if you want to use it. After 30 days you'll need to enter the key which you'll get after purchasing the software. If you do not want to utilize this the free version that you have you can either download VMware player but there are some limitations for VMware player that you might want to look at does you want to compare these products before you want to purchase them right otherwise you can download Oracle Virtual Box which is a free hypervisor it's not as robust as VMware Workstation but it does the trick right so the the free version uh 6.1 is free and you can then create your own virtual machines over there and install operating systems on them. What I do have, I already have a VMware Workstation installed. So, I'm just going to open that up. And that's my VMware Workstation. As you can see, I already have a lot of virtual machines created over here. What we're going to do is we going to configure a virtual machine for the Kali Linux operating system that we are downloading, which should be somewhere here. Let's see. It's at 43%. So, halfway there. Till then, let's create the virtual machine. So I click on file create a new virtual machine. I'm going to customize the machine. So click on next. This leave it default. We don't want to change that. And then we want to install the operating system later. We don't want to point it out right now. So I'll just click on I will install the operating system later. Click on next. We want to install Linux. Now in the dropown you would not see Kali Linux over here. However you can choose Ubuntu 64-bit. That's what I'm going to choose. There it is. Next. What is the name that we want? I want to give it Kali Linux without the typo. And I want to store it in one of the folders that I've created. By default, it stores on the C drive, which is not a good place to store. Uh you don't want to run out of space on your C drive. So, I'm going to click on this PC. And this is my data. And in here, I'll have a folder called virtual box or virtual machines. There it is. Within which you can see the other software that I already created. I'm going to create a new folder and call it Kali 2019 L. L for is is latest for me because you can see already have a Kali Linux. So I'm just going to identify this folder with the L at the end. Going to select it and click on okay. You can see the path being changed over here. Click on next. It's going to ask you how many processors. Now depending on the processor that you have. You can see I've got a 8 core i7. So if I give it 16 cores or 16 processors, that's not going to work. I cannot go beyond what the physicality already is. So for this machine, one processor with one core is more than enough. If you're going to use a lot of tools at the same time, you might just want to give it two cores. So we given it two cores. It will ask us for RAM to be provided for this virtual machine. By default, 248 MGB. That's 2 GB of RAM is more than enough. If you require more, we can change this later on. So click on next. We want to useNAT for now. Leave this default. Next. Whatever is recommended, keep it the way it is. We do not want to change it. Next. Create a new virtual hard disk for this machine. And it is going to ask us the size. 20 GB is more than fine. Store it as a single file. We don't want to use multiple file options. Click on next. And then click on browse where we want to store the VMDK file or the virtual hard disk file. And we go back again to the same folder that we had created virtual machines. And we look at the Kali Linux Kali 2019 L. And we want to store the VMDK file over there. Once we save it, we want to click on next. And then we want to click on finish. So this is the virtual machine that has been created right here. Right now this is the basic configuration. Now where are we at with the operating system? And you can see the operating uh system has been downloaded and it is stored in this particular folder. So we go to E drive. So we're looking for the so the operating system that we have downloaded. We downloaded in the operating systems folder. And if we go in here, you can see the current one, the Kali Linux 2019.4 ISO right here. So what we do, we go back to the Kali Linux machine that we have created, edit virtual machine settings, and we point this virtual machine using the CDDVD and then we point the ISO, the one that we downloaded over here. So we go back to E drive, we go back to OS, and we click on Kali Linux 2019, click on open. So now when this boots up, it will boot up with this ISO and then it will allow us to install the operating system. So click on okay. Then we click on power on this virtual machine. It will start powering on. It will boot to the ISO and it will start giving us the booting option. So I'm just going to uh enter the full screen mode over here for this to be better visible. And we don't want the live mode. What we want is we want to use the graphical install. And then we highlight that. We press enter. And you can see the setup starting up. We'll wait for the GUI to pop up. There it is. Which language do we want for now? We want English. Click on continue. Where are we located? Click on continue. And the configure your keyboard. We want the US keyboard, American English. Continue. It is going to detect the hardware. So, as you can see on the screen, it's attempting a auto configuration for most of these uh settings. The network with DHCP. It has identified the network cards uh hardware like uh the processor that has been provided. Now it is asking for a host name. We're going to leave it at default. We're going to click on continue. Domain name. I'm not joining this into a domain as yet. This is going to be a standalone machine. So I can leave this blank. Click on continue. Now it is going to configure the network. It is asking for a password at this point in time. The root password. Type in any password that you want. Ensure that you remember the password. Now by default the uh username for the account is the name is the word root. We are just creating the password for the root account. And then we want to click on continue. Setting of the clock. Looking at the hard disks. Now here it asks us do we want to use the entire disc the 20GB virtual hard disk that we had provided or do we want to give it a manual configuration or a guided one where we want encryption and a logical volume management coming into the picture. We're just going to use the first option guided you use entire disk. Don't worry, it's only going to use the virtual disc that we had created. Click on continue. It will give us that it's a 21.5GB VMware virtual disc that we had and click on continue. All files in one partition that's what we want recommended for new users. Whatever it is, we don't want to change these folders. Continue. And this is what we have configured. Uh once we click on continue, it is going to say you are you sure you want to make these changes? Click on yes. Click on continue. And it will start installing Kali Linux on your device. Now, this is going to take a few minutes for the installation to work. All right, so that's the installation that's completed. Now, it's asking us to configure a package manager. A network mirror can be used to supplement the software that is included on the installation media. This may also make new versions of software available. Do you want to use a network mirror? We can click no for now and then click on continue. Now, this is going to install the grub boot loader. This might take a few minutes as well. Install the group grub loader to the master boot record. Yes. Click on continue. Click the hard disk that you have just utilized. This is the one. Click on continue. It will install the Grubbook loader. Running through the last phases of the installation. And now it says the installation is complete. We want to click on continue. Finishing the installation. And then it will do a reboot. All right. And you can see this is starting up. So we are going to you just wait out the boot. And now it started the booting sequence. Just going to maximize the screen. And you can see it's asking me for the password. This is the one that we created. Now that's the that's not the password. That's the username. That's the root and the password that we had created at that point in time. And then click on log in. And this is your screen. And now what we need to do here is we need to install VMware tools which will help us manage the screen and help the virtual machine to be a little bit better uh integrated on the system. So that's not mounted yet. So we're just waiting for it to mount. There it is. And what we want to do here is open VMware tools upgrad. All right. So what we want is we want to extract or we want to use this open x archiver. And once we do that we'll see the VMware install.pl. Double click on that. All right. We've got the VMware tools here. What I've done is we have extract to and I've extracted that on the desktop. Right. So what we just did was click on the desktop over here. open and this is what it will do and click on extract. Now the error is happening because I've already extracted this. Open this up. We want to run this VMware install.pl. So what do we do? We open up the terminal window which is the command line interface over here. And now this is where some of the commands come into the picture. So for example pwd it will show us the present working directory. ls will show us the list of the folders that are there. So the folder that we have is on our desktop. So we'll just change directory to desktop. Press enter. Do an ls. That will show us the list. And you can see VMware tools distrib. That's the folder that we have right here. Right. So we want to go into that folder. CD VMware. At this point, you can just click on tab and it will populate everything over there. Press enter. Do an ls. And we want the VMware install.pl to be executed. All right. So we tried executing that command. We had an error over there. So what we need to do is we need to execute this command. So dot /vmware install.pl and it will start creating. Now uh it will ask you for your input installing VMware tools in which directory do you want to install the binary files. Uh by default it is going to use / usr/bin. If I just press in uh enter it is going to use the default. As you can see the input over here. What directory do you want the init directories? I'm just going to press uh keep on pressing enter for the defaults to come in. This part does not exist. It is going to create it. Default. Yes. Defaults everywhere. And then it tries to start initializing it to maximize the screen. And this is where it is installing. And you can see by just installing that it automatically adjusted the screen. And now we got a full screen of Kali Linux right here. Right. And that is what VMware tools does for us once we have installed the operating system. And now we can see the entire screen. on here you will see the tool sets that are given here. Now why are we using Kali Linux in the first place because this comes in uh with a bundle of thousands of softwares that are ready to be utilized for ethical hacking right and they have been categorized over here for information gathering vulnerability analysis web application analysis and so on so forth. So you can see for foreign sex onwards reporting tools and as you scroll down you can see your development tools graphics coming in internet uh and the system configuration coming into the picture. These are your settings for your operating system. So these are basically your tools. We are right now in the favorites. If I click on information gathering you will see that the tools for information gathering start appearing over here. For vulnerability analysis, we have got Sparta, NMAP, fuzzing tools, web application analysis. We have got comics, skipfish, SQL map, database assessments, password attacks and so on so forth. So if you just go in the favorites, this was the terminal emulator that we utilized. This is the command line that we saw. We used the cd command. We use the pwd command. We did the ls command as well to give us the list of the directory that we are in. Similarly, there would be commands like cat. So let's go to cd downloads. Let's see what they uh what's there. I can see this case sensitive. So if I type in a capital D and then do a tab ls there's nothing over here on download. So CD dot dot will take us back one directory. Now you can see we are back from downloads to root. If I want to go to desktop this is how I go to desktop. Do a ls you can see the VMware tools uh folder over there. CD VMware tools and we go into that folder ls which will give us the list of all those files. Now you can see install is a file that we had edited back then. So if I do a cat install you will see the cat basically is the command that will help us look at the contents of the file. All right without opening of the file or without editing the file. So you can see just uh if I scroll up this is where we gave the cat command. It then uh printed the contents of the file over here and then it exited and gave me back the command line right here. Right now if I want to copy this cp root desktop VMware install and if you want to copy it to root downloads and press enter. Now what we are going to do is we going to see if this file the install file that we just edited over here has been cop copied to the downloads folder. So we do a uh we are currently in the VMware on the desktop VMware tools district folder. We do a cd dot dot that takes us down one directory. So we are still in the desktop. do a cd dot dot. Now you can see we are back in the root and now we're going to do a cd downloads done ls and you can see the copied file right here. So if I do a cat install you can see the same content of that file coming in. So these are some of the commands that we would need to learn as we go ahead. The remove command is let's say we've got install we do a man rm man is the manual page command that uh gives us the pages with the description of how that particular command is to be utilized. So rm is remove files or directories synopsis the description the options hyphen f for force hyphen i for prompt hyphen capital I prompt once before removing more than three files and so on so forth. If you want to exit this, you can press Q to exit and you come back to this page. So if I say rm install ls, you'll see that the install file has now been deleted. So in Windows, we use the deell command. In Linux, it is the rm command. So this is what we wanted to look at the demo for Kali Linux, how to download it, how to install it, and some of the basic commands that we can utilize. All right, let's begin with the fishing uh tutorial. We have the Kali Linux operating system booted up over here. Uh what we going to do is we're going to open up a tool called set social engineering toolkit which you would find in this option and that's the tool that we want. It's a command line tool uh a menudriven tool. We are going to host a fake uh Facebook page and we can see how we can harvest credentials by this kind of an attack. So these are some disclaimers you might want to go through there. Do you want to agree to the terms of service? Yes. Press enter. And that's your social engineering toolkit. And we are talking about a fishing attack which comes under the social engineering attack. So like I said, it's a menudriven tool. So we just have to look at these options and then just type in the number of the option that we want. So we want to do a social engineering attack. So I type in one, press enter. In that it is asking me whether I want a spear fishing attack, a website attack vector. We going to choose a second option. So I type in two, press enter. And then it asks me uh what I want to do. So I want to take the third option here credential harvester attack methodology and we want to do the third attack. Now it is asking whether we want to use the inhouse website templates that it already has or do we want to clone a site or do we have a customized site that we have prepared that we want to migrate into this tool. We're going to do the site cloning option. So we going to type in two. Press enter and then it is going to ask me the IP address where it wants to capture and store the credentials. By default, this is the IP address that I'm using. So, if I leave it blank, it will take my default IP address. So, I'm just going to press enter. And now it is asking me the URL to clone. So, I type in httpsubdubdub.fas.com. What it is going to do? It is going to connect online and it is now just it has cloned the website uh facebook.php. The best way to use this attack is that you if use the if the username and password form are in the same field or the same page. Regardless, this captures all posts on a website. So you may need to copy top dubdubdub star into html depending on where your directory structure is. Press return if you understand what we are saying here. So press enter. The social engine toolkit credential harvest attack is running on port 80. Information will be displayed to you as it arrives. So the site was 71.134 right the default IP address and this is where the website is being hosted. Let's check that out. So let me open up a browser on my host machine and uh let me point it to the Kali Linux machine that we have just created 192 16871.134 and you should see a login to Facebook coming up right here. Looks genuine. It is genuine because we just went online and downloaded this. Let's just have a recap. Let's have a explanation of what we are trying to do. I am trying to host fake Facebook page on my server which has an embedded script in it which is going to do credential harvesting. So the attack here is let's say if I'm now hosted this I can craft a fake email send it across to a victim saying uh your Facebook account has seen some unforeseen activity create a hyperlink using HTML coding within that click here to access your account and verify uh that the account is secured and when they click on that link they will be redirected to my fake page which is here you can see the uh IP address is my virtual machine's IP address but I'm seeing a Facebook login page and I'm going to type in someone at somewhere.com and the password. I'm just going to type in the regular ones that I use. And if you see it when we typed in uh the username and password, the page just refreshed and gave us the login page again. But now, if you look at the URL, I'm actually on Facebook's login page, which is exactly the same that I was hosting. So, a layman wouldn't probably figure out they've been hacked by now. They just would figure out, okay, they probably typed in the incorrect password and the page refresh or something like that and they're just going to log in and they're actually going to access the Facebook page. Thus, uh they might not even realize that something went wrong. But if I go back to my virtual machine, you can see that it has captured some data and it is reporting over here of what has happened. So if I just scroll up, let's see what happened here and if we have been able to capture anything. So we got a hit printing the output. This does the HTTP 1.1200. Okay, response coming in. Password field found and uh we just looking there it is email someone.com and uh password that I typed in asd at the rate 1 2 3 4. So it has captured the username and the password right here. Uh once we done I mean this is the way attackers work. Now this is a very basic attack. Again uh in the actual trainings you would then look at how you would host this on a real website. Make it a global attack. Right now it's a virtual machine with a class C IP address. So here the thought process is where can we get a free hosting where we can host this kind of sites. Maybe I'll have to purchase a domain which looks like similar to Facebook or the victim that I'm trying to attack. So this is just a P. So we just wanted to find out if we can how fishing is done and this is exactly how it is done right. So pressing Ctrl C would execute this tool and takes you back to the actual menu. Press 99 99 to exit. And there it is. Close the two window. And that's the fishing practical. After fishing, let's talk about SQL injection. SQL injection stands for uh structured query language injection which is a database attack though it resides within the application. So it's the application vulnerability that we are trying to uh look at to try to bypass authentication. As the name suggests, a SQL injection vulnerability allows an attacker to inject malicious input into a SQL statement. What is a SQL statement? A query that is used by an application and is fired off to the database. Database executes that query uh gets that uh information that is required and sends it back to the user if the user is authenticated. So, we're going to look at the SQL injection attack demo here. And uh what we going to do is we're going to go back to our VMware workstation. And I have got a tool over here called OASP broken web application which is a utility that has been created for people like us to test our skills to learn on how we can develop our skills further. So this has a lot of uh vulnerable applications built within it. We're just going to try to access it and we're going to see if we can create a SQL injection attack. Just waiting for it to boot up. Once it boots up, it will give us an IP address. There we are. So we need to connect to 71.132. So I can just use the same browser I was using. Close off Facebook. And now go to 192 16871.132. And this is the OASP broken web application project. Uh what we're going to do is we're going to go to utility. And this is a application that has a lot of information within it. You can see it gives you links about what you should do, help me, video tutorials, listing of vulnerabilities that they have and so on so forth. So you can see we are not logged in right now. I'm just going to do this as a demo. So what we're going to do is we're going to look at this and bypass authentication. So we are taken to the login page where you need a username and password to log in. I'm going to type in test as the username and test as the password. Click on login and you can see that account does not exist. So the authentication mechanism works. Now what we want to do is we want to create a query. Now what does a query look like? When I type in a username and a password, if I just type in a single quote here, it is going to create an error. And this is what a SQL query looks like. Select username from account where username is a single quote. And then the exception error happened. So it did it's not showing the rest of the query to us. Now what I'm going to do is I'm just going to craft a query here. Uh single quote and give it a condition or 1= 1 spacey space. What happens hyphen space is comments out anything after that. So the password field is being commented out at this point in time. And I'm just giving it a condition where the condition is true. one does equal 1 and if this condition is true it is going to allow me to log in. So you can see right now we are not logged in this bypasses the authentication mechanism and you can see user authenticated and we are now logged in as admin. So uh in the training what we need to understand uh as a whole is how SQL works, what are the queries that are structured with how you can what are the testing operators. Now the single code that we used that was an operator in the SQL syntax what these operators are how they function and then how you can leverage these attacks. There are different tools that are given to you in Kali as well that uh you can utilize. So in Kali Linux you can just open up a command prompt and there's a tool called SQL map. You need to give it a particular site. So, SQL map- u for the URL and whatever the URL is. Now, URL here. And then once you're here, you just press the enter key. This tool will craft all the queries in the background for you. You don't even have to no SQL query or SQL languages. Uh this is a very easy tool to utilize. Sadly, I cannot demo this on a live website because that would be illegal. But, uh you can uh see how you can operate this yourself. That's what uh SQL injections are all about. Moving on, we now talk about uh VPNs, virtual private networks. And a virtual private network is basically a secure network that allows me to anonymize myself over the internet. So what I'm doing is I'm connecting from here to a server that encrypts my channel, encrypts my connection and thus allows me to keep my data secure. Now the basic essence of a VPN or a virtual private network is to allow me this encryption mechanism where I can encrypt and safeguard my data. The added advantage that nowadays a VPN gives is that it can allow us to spoof our IP address or offiscate our IP address so we can actually become anonymous on the internet. It can allow us to use multiple IP addresses and thus uh secure ourself on the internet. For example, I use VPN called Cyber Ghost. And what this allows me to do is it allows me so many servers over here. If you look at the entire list, all the servers, then there are no spy servers. Uh which and guarantee me that they are not going to keep and store any logs and thus they are not going to record any of the activity that I'm doing. Right? Since they are located out of Romania, this becomes a little bit more safer for me because the government and the laws over there are a little bit more relaxed than other countries. uh they give me uh different links for torrenting, for streaming, for connection feature. So uh there are a lot of VPNs out there. So for example, let's go to the website cyberost.com. So we can see there's a a sale going on 76% sale or you can go on to ExpressVPN which is also a very good VPN. Then there is NordVPN. It depends on what uh you want and how you want to utilize it. So just purchasing a VPN or getting a free freeVPN is not enough. It depends on which country the VPN originates from and which server you're connected to. For example, most of the countries uh have a pact where they share information amongst themselves even if you're connected to a VPN. That means that these companies that provide these services have to generate and store logs and these logs have to be reported to the government if they ask for it. Now if uh there's a list of 14 countries that actually uh focuses on this practice. So you have to find out VPN that and a server that is not a part of those 14 countries and ensure that those logs are not going to be reported to the uh government and these are three VPNs basically are something that which are good and I personally use Cyber Ghost. I've used the others. I just keep on rotating them just to get an idea of which one is better. So uh these are VPNs that you can allow you to anonymize yourself on the internet. Moving on uh these are the ones that we talked about. There are other safer VPN, Hide My Ass, ExpressVPN and so on so forth. From our terminologies, let's now talk about VPS. Uh VPS is basically virtual private server where you can rent a service or a server as a service, a virtual machine as a service. So basically on a cloud using infrastructure as a service you can rent a server and utilize it for whatever activity you want. So let's go to uh these sites register.com Godaddy network solutions or we can talk about other cloud solutions as well. So here you can get uh register your domain names. Uh so in the previous exercise for let's say when we talked about the fishing exercise uh what we want is we can go on to register.com or we can go on to godaddy.com and we can purchase a particular domain for example something like this instead of the O's I'm typing in a couple of zeros for the Facebook and see let's see if uh anything of that is available now something photo is available or facetips.com is available uh there are other options that are making over here that they're giving giving us over here and once we purchase this we can then have our own hosting uh with a web hosting as a service and uh we can have a Linux based uh hosting or a Windows-based hosting depending on what you want and that's where your shared hosting comes into the picture. If you just want uh if you want to look at a virtual server and you want to rent a server over there itself, you can move on to rackspace.com and here in your services you can have physical server or a virtual server in a public cloud. Your other cloud providers uh for example would be Amazon AWS and on AWS you can basically look at EC2 elastic compute cloud which is basically virtual servers in the cloud and over here you can rent out a server with whatever capacity you require. You'll obviously have to pay rent for what what those servers are going to cost but uh once you have those servers you can then launch any services on top of it. Uh looking at uh other services that we have, we talked about to is a onion routing uh software that allows users to browse the web anonymously. So we can just go online and we can try to spoof our identity and I'm going to show you how. So I've got a VMware workstation right here, the one. So we're just going to pull that up and we're going to power on a Windows 7 machine where we're going to look at the onion routing. So our Windows machine has booted up. We're just going to log in and uh this is my Windows 7 machine. Now I've got a Chrome browser right here and we're going to go to a website called see myip.com which is going to give the IP address that I'm currently using. So right now I'm not on connected to any VPN or anything and you can see that's my IP address that I'm utilizing. Now if I want to anonymize myself what I'm going to do is I am going to uh use to and that's the to browser that's set up right there. If I click on it, it's going to open up the software and it's going to create a new network and it's going to connect to the to network and allow me to anonymize myself. Right. So that's the Tor browser opening up and uh giving me a new browser over here. So I've got one which is the old one which is uh my current IP address. If I just refresh that, you'll see that I'm still on the same IP address as far as this browser is concerned. There's a refresh and it's still showing me the same IP address. Where if I go on to to right now and if I go to see my ip.com you will see that it is going to give me and you can see the amount of time it is taking to reach that site. That's because I am using a VPN and there's a lot of encryption running off and you can see now I'm suddenly uh connected via Hong Kong and even to reach this site what to does is it gives me a proxy chain. A proxy chain is where it creates multiple hops to hide my identity and uh before I reach see my uh ip.com I am using three different IP addresses over here. One in France, one in Germany and one in Hong Kong. So if I do something over here to trace back my steps to my actual IP address the law enforcement agencies or anyone who's going to search uh like a foreign investigator would have to go through these IP addresses before they come back to me. Now it's not impossible but the effort and time that's going to be taken to come across three different countries is going to uh be phenomenal. So it may just defeat the purpose of having so much resources spent to identify who did what. So that's what to does for us. All right, moving on from to we are going to look at key loggers. Key loggers are basically softwares that run in the background and record all the keystrokes of the user. So if I've got a key logger installed right now, whatever I type will be stored in a text file for the hacker so that they can look at it later on. And just to give you an example of that, we go back to my VMware workstation and we open up another Windows 7 machine. I'm going to power this on and I'm going to close this one till then. So this virtual machine has booted up. We are going to use user one. Login as user one. Just close all these softwares uh which are not required. And once this machine is booted up. What we're going to do is I'm just going to open up a random websites and see what we're doing. Basically, there's a key logger that's there in the startup that's going to record our keystrokes. And we just want to see what it actually does. Now, Firefox is getting updated. So, let's hold on. Now, this is the latest version of Firefox, right? And we're just going to go to, let's say, facebook.com. Wait for the website to open up. All right. Let's try opening it up again. And that's facebook.com. And we're just going to type in some random username and password somewhere someone at somewhere.com. And the password being again asd12 34 5 6 7 8 9 0. Login. Obviously that login is not going to work. User probably doesn't exist or if it does the password probably is incorrect. And uh so we're going to close this. Uh we're going to let's say open up another browser window. Go to another site. uh rediff.com and then go to rediff mail. Try the same thing over here. Someone at somewhere.com password asd 1 2 3 4 5 6 7 whatever it is. Don't say we can see the combination is incorrect. Now there's a key logger running in the background and what we want is we now want to open up the key logger. Now it is visible here because I've kept it visible. You can hide it in the start menu and there's a shortcut key for you to pull it up later on. So this completely becomes invisible and uh what it can do is it basically creates a record of whatever you have been doing so far. So you can see these things populating on the 25th of December. So if I look at the visited websites you can see I opened up Mosilla Firefox the first where it uh there was a problem loading the page then we opened up Facebook then we opened up Rediffmail.com and so on so forth. So this it just gives me the list of visited websites. Whereas if I look at keystrokes and clipboard, you will see whatever we have typed in. So we first typed in facebook.com then again uh the second time I try try to type in then uh I hit backspace. Then I typed in facebook.com and then you can see I typed in someone at somewhere.com and in tab a rate 1 2 3 4 5 6 7 8 9 0. We closed up the browser. We opened up a new one and we went on to rediffmail.com and then you can see me typing this one then going back one space. then the rest of what I typed and then the password coming in. So that's what a key logger does. If you look at the taskbar, it's not going to show you a key logger running in the background. It's in processes, you're not going to see anything at all, but it's going to mask itself as a service. So if you look into the properties, you can see that icon coming in over here, which matches this one. And so you can see that this masking itself as a service.exe. If this gets hidden as well, it would be very difficult for a user to even identify this. All right. So that's what a key logger is. Moving on, let's see what else we want to talk about. So we've talked about to, we've talked about key loggers, and now we want to talk about firewalls. Now for key loggers to be prevented, we need antiviruses, right? So we know you need a good antivirus program that's going to be installed, updated, and run on a regular basis to protect ourselves from malares. But what about network connections? And you need a firewall in a system to prevent or to detect what kind of connections are going on in the first place. Now we cannot rely on softwares 100%. So even if a firewall is not configured properly that's that's going to be a problem. So what we need to do is we have to have a firewall configure it correctly and then allow and disallow certain activity from off uh happening. And what we're going to do is I've got such a system on my machine here. I use a software called glass wire. What it does is it is a network analyzer. So it allows me to analyze whatever is going on. I can see all the apps that I'm utilizing and how much upload and download they have been uh doing all the traffic. So you can see the protocols that I'm utilizing. So I come to know what's going on in the background. And this gives me the entire graph of how much I have been doing for the past 24 hours, past 3 hours, past 5 minutes and so on so forth. Right? So this is what the activities and these are the alerts that it has been generating. I can click on those alert and it will start telling me what it was all about. If the graph doesn't work for me, it gives me usage as well. So how much uh I have utilized since I've installed this software right and what applications have been utilized which host I've been connected to and the traffic type that was utilized and then the things on my network. So these are the devices that I have currently on my network that has been that have been identified and then comes the firewall. So on the firewall the firewall is clicked on you see all those services that have been identified and I can just click on a particular service to lock that service. So this becomes a discovery tool, identifies whatever networking is going on, gives me all that information and then I can look at and I can just click on any of these services that I find it as malicious and blocked them. I can create different profiles for different applications as I'm as and when I want them and these are the alerts. So you can see that this was the first time a network connection was looked at from VMware. And what this allows me to do is whenever I execute a file, it can upload it to virus total.com and scan it as a third party antivirus to ensure that there is nothing malicious on it. So I already have an antivirus over here. But if this ever gets compromised, I still can rely on a third party service where in real time as an when I execute my applications uh they would be verified and I would be assured that nothing is wrong with my system. And this software that I'm utilizing glasswire basic is free and then there are paid versions as well. It's just glasswire.com is where you're going to find this. Moving on, rootkit. Rootkits are also malicious softwares that you allow an unauthorized user to have access to a computer to restrict areas of its software. Now a root kitten is a senses which uh a software a malicious software that infects a machine and prevents a fun some functionality from it like hiding data or preventing users from uh running antiviruses and uh it's basically a malicious software that is used to hide information from the victim so that they would not realize that they have actually been compromised. It's going to be a difficult showing of a rootkit. So I cannot show that demo to you. So we're just going to move on and we are going to talk about ethical hacking techniques. Now, now when we say ethical hacking techniques, we want to look at what kind of audits are available when we want to do ethical hacking. So, uh there's a blackbox audit, a white box audit and a gray box audit. So, if I'm invited in an organization to conduct a test, to conduct a audit, to conduct a vulnerability assessment or a penetration test to identify vulnerabilities and then try to plug them out. They're going to give me three different variations. In a blackbox audit, they're not going to tell me about the infrastructure. they're not going to give me any information and they want me to start from the basics of gathering information, identifying their systems and based on the information that I gather whether I'm able to develop any hacks and compromise their infrastructure. So it will be a simulation of a hacker who's sitting outside the organization and trying to find a way in. Whereas a white box audit is where full infrastructure knowledge is given. Anything and everything that is required for an audit is given and this is a simulation of an insider attack. a person sitting inside the organization misusing their permissions and then trying to compromise trying to get access to data that they do not have access to. So the simulation is from a malicious insider. A gray box is where some partial knowledge is available and from that partial knowledge you're going to try to build up more information and then you're going to try to get access to those resources. What are the tools that we utilize? So we've already had a couple of demos on key loggers, SQL injection, SQL map and so on so forth. Metas-ploit is a very much used tool for penetration testing and uh having knowledge on metasloit is very much necessary as far as ethical hacking is concerned. N map MAP this is a tool used for network discovery. Ness a vulnerability scanner. Yshark is a packet capturer that allows you to capture packets and analyze whatever is going on. SQL map is something that we have seen a SQL injection attack tool which generates its own queries. And John the Ripper is a password cracking tool. Uh Backtrack used to be an operating system that was utilized for penetration testing. However, Backtrack has now been replaced by something called Kali Linux and that's the operating system that we have utilized in all our demos where we tried to look at SQL map and those injection attacks that we did. So what are the areas of ethical hacking? We have just talked about all these areas as well. network services. We looked at the glasswire application that showed us how my machine is consuming networks, which protocols are being consumed, how uh the connections are being uh created. If somebody's able to install a Trojan on my machine, it is going to try to create a new connection on the network with the hacker to allow that hacker a backdoor access. Now, if I have that glass wire or a similar firewall implemented, it is this firewall that is going to detect it and prevent that connection from happening. So if I install a software that is suddenly suspicious or that installs something else in the background that I may not be aware of, that tool is going to identify all the connections that are being made and it is going to highlight that connection. I need to go through all of those connections and identify whether they are legit or not. And if I find some suspicious or doubtful, I'm going to block that connection and then I'm going to investigate what's going on. And that's where ethical hacking comes into the picture. You want to find out if your firewall that you have implemented is going to work correctly or not. if the configuration of the firewall is done properly or if the firewall is misconfigured is it leaking out information right at the same time you're looking at web applications we looked at the OAS broken web application where we did some SQL injection attacks right so that was a weakness or a vulnerability in that application which would allow us to bypass authentication and get access uh to resources that we were not authorized for and then client side attacks would be where uh you install key logger at the end of the at the client system and then you try to capture whatever data the uh user is typing in like usernames and passwords on the Facebook and the rediffmail.com website that we saw and then try to misuse that information to get access to those resources. Then Wi-Fi networks, right? Wi-Fi is something that we use on a regular basis. We got our smart devices nowadays, smartphones, tablets, fabts that we can connect to Wi-Fi and start using all our services, our banking applications on our smartphones. And thus we want to ensure that wireless connectivity is simple and is secured. So you want to use encryption mechanisms. You want to use tools on your smartphones, antiviruses, firewalls on your smartphones to ensure that whatever you are utilizing is going to remain secure. And then social engineering, we've looked at the fishing website on facebook.com. We've seen how easy it is to clone websites and uh host them on Apache server. So if you look at it as a from ethical hacker's perspective, the job of ethical hacker is to simulate these kind of attacks that a hacker may conduct. And uh first of all, you're basically going to find out areas where these attacks can happen. Think of it from a hacker's perspective. Try to simulate those attacks and see if those attacks are going to be effective. Can those attacks be prevented? And can your current security controls that you have put in place identify, detect and prevent these attacks from happening in the first place and that is what ethical hacking is all about. Let's look at the metas-ploit attack. Metas-loit is a framework of penetration testing that makes hacking very simple. You just need to know how to utilize the tool. You need to identify the vulnerability associated with a particular exploit and then run the exploit on metasloit. We'll be demoing this during the practical. So there are active exploits and passive exploits. In active exploit exploits a specific computer, runs until execution and then exits. Uses brute force and exits when an error occurs. In a passive exploit, these exploits wait for incoming requests and exploit them as soon as they connect. They can also be used in conjunction with emails and web browsers. So in passive exploits, we create a payload. We uh like a reverse connection payload. We send it to the victim. Once the victim installs that software, the machine will then initiate a connection to us. Our machine will be in a listen mode and then we will once that software is executed at their end, we would then try to connect and exploit that particular vulnerability. This is the uh practical that we'll be doing on metas-loit. So let's move on with the demos and then we'll see uh what we can discuss amongst them. All right, let's have a look at some of the demos that we had uh talked about in the ethical hacking and penetration testing module. We are going to look at three different demos. The first one is going to be a SQL injection attack that we're going to perform on this tool that we have. The second one is a password tracking attack on Windows 7. And the third one is a meetup reader based or a metastas based shell shock attack on a Linux based web server. So let's get cracking. I've powered on this virtual machine uh which is the OASP broken web application. It is a tool that is provided for people who want to enhance their skills and they can practice uh how to do these attacks in a legal manner. So we are going to go to this site. I'm just going to open up my browser. The IP address is 71.132 and that's the OAS broken web application that we want to utilize. We're going to head off to Mutil 2 and we are going to look at a SQL injection attack where we want to bypass authentication. Now this takes us to the login screen. So we can just try our luck here and see that the authentication mechanism works. The account does not exist. So the username and password that we have supplied is not the correct one. So we want to ensure that there's a SQL database and uh we can uh try to attack it and see uh if we can bypass the authentication. Now uh what we want to do is we want to create a SQLbased malformed query that can give us a different output. So I'm just going to type in a single quote over here and type login and you can see that this is now suddenly recognized as a operator and there's an error that is given out compared to the login that we tried uh earlier when we used a proper textbased login mechanism. It gave us the account does not exist. But here the single code gave us a error and it shows us how SQL works. This is the query that we had created. Now in the trainings that you have for ethical hacking there would be explanations of what this queries are all about. How the syntax works. Here we just going to see if we can create a malformed query to log in as a user in this case. So what I'm going to do is uh create the query over here and we're going to give it a comparison. So we're going to give it a or 1= 1 spacey - space and if you now click login you should be able to bypass authentication and you can see user has been authenticated and we now have admin access to this application. Now here the SQL queries need to be crafted in such a perspective that they're going to work. So there would be a lot of exercise in identifying what the database is. There's a Microsoft database, an Oracle database and so on so forth. And then you have to choose those proper commands. But identifying that would come in the training. Right now we're just looking at de at a demo. This is how a SQL injection attack works. Now let me log out here. Similarly, now we are in a login page. The same query worked wonders where it allowed us to bypass authentication. So it also depends on what kind of a page I am and what query would be accepted at this point in time. So here application understanding would also come into the picture where uh which function we are calling upon when we are connected to a particular page. Now this is a user lookup function right. So again here we try the same method test that's not going to work authentication error bad user on password and if we type in the same query over here single quote or and give it a condition single quote or 1= 1 spacey - space. Now here it is not going to log us in because this is not a login page. This is a user lookup form. So here it would instead give us a dump of all the databases that it has. So you can see all the usernames and passwords coming in that are stored in the user lookup field. So this is where the understanding comes in of which query to create at what page depending upon the function that is being called. Right? So that's the SQL uh injection attack that we wanted to look at. Let's move on to password tracking. Now this is a Windows 7 machine that we have. I'm just going to do a very basic password tracking example. We're just going to log in. Now here the assumption is that we are able to log in. We have access to a computer and we want to check out other users who are using this computer and see if we can find out their passwords so that uh we can login as a different user steal data if required and we wouldn't be to blame if there are any logs that are created. So here we've got a tool called Kane enable that is installed right here. Now I'm already an administrator on this machine. I'm checking out other administrators who share the same privileges or any other user who may be on this system whose password I can crack and thus I would be able to get access through their account and then do any malicious activity. Right? So this allows me to go into a cracker tool and it allows me to enumerate this machine and identify all the users and passwords that are there in this particular machine. Right? So, I'm just going to click on the plus sign and I'm going to import uh hashes from a local system. So, where are these files stored? Where does Windows store its passwords? In what format are they stored and what this tool does to retrieve those? That's something that we all need to know as a ethical hacker. Right? So, import the hashes from the local system. Click on next. It's going to enumerate that file and it is going to give you a list of all the users that are there. So you can see the users are hacker admin test the one that we are logged in as and then there's a user called virus as well and you can see that this is the hash value of the password that is being utilized. Now there's a particular format uh for a hash value for windows and how it stores but once we have these hash values let's say if I want to crack this password there are various attacks that we can do for example a dictionary based attack or a brute force attack. Let's try a brute force attack. Right? NLM is the hashing mechanism that is used by Windows. So we're going to try to create an LTLM hash attack. And here we're going to use a predetermined rule set. For example, we are not sure what characters are being utilized over here. So we just create an attack like this using all characters and uh lowerase A through Z, uppercase A through Z, numeric 0 through 9, and all the special characters. Let's say the password is between 7 and 16 characters. And this is the character set that you want to try the brute force attack on. What is a brute force attack? It is an attack where the computer is going to try each and every permutation and combination out of this character set and try to figure out if the password is going to be correct. So if we click start, it's going to start with a particular characters and then it is going to identify if that NLM hash is going to work against this character. And you can see the time is going to be phenomenal over here. So it's not necessary that this attack would be viable. it will be 100% successful given the time frame. However, the time frame is huge enough for this attack to become a little bit redundant. There are other attacks that we can do which can easily identify this data for us as well. But that is something that we will look on in future videos. So that's how we can get access to users and passwords. Uh there are different mechanisms where let's say we don't have login access then what are we going to do? how we can create a fake user login or how we can remotely access a machine and then try to get the same access and that is what we are going to try to do in the next demo on a Linux machine. So what we are doing in a Linux machine could also be doable on the Windows machine with a different exploit. So what I'm going to do is this is the Linux web server that I have that I'm going to power on. I'm going to use a Kali Linux machine to hack that device and I'm going to just power off my Windows 7 machine. Give it a minute till it boots up. Now this is also a demo machine that we have which has its own preconfigured vulnerabilities. So here we've got something from the pentesters lab uh and has a shell shock vulnerability imp implemented inside. Shellshock vulnerability uh affects Linux, Mac and Unix based operating systems for a particular version of the bash shell. Bash is the bone again shell which is the command line interface in these operating systems. So what we are trying to do here is we going to use the Kali Linux machine try to find out the vulnerability over here and if it exists we are going to use metasloit to attack this machine. Now the first and foremost thing is we want to identify the IP address. We have no idea what the IP address is. We are in the same subnet. So we are assuming that we are able to connect to this machine. So what I'm going to do is I'm going to open up a tool called Zen Map. I'm going to open up a command line interface. find out what my IP address is and my IP address is this with a subnet mask of 255255255.0. So I want to see if there are any other machines that are live in the same subnet and we are doing a ping swipe over here to identify which machines are live. In a minute we'll get all the IP addresses 71.1 2 133 254 and 128. We know that we are 128 at this point in time. Uh 254 is the DHCP server. So we assuming that 133 is the machine that we want to look at and let's then try to see if we can scan that machine 133 and we're going to do an intent scan to find out which ports are open, what services are running over there and if it is whether the pentest machine that we were looking for. You can see of the start port 22 and port 80. And somewhere here it's going to give us the ports that are open and the details about those ports. And somewhere here it will tell us that this is the pentest lab machine that we wanted which is correct. So now we want to do a vulnerability analysis on this. What we're going to do is I'm going to use another GUI based tool called Sparta which I can just find out from here. Sparta uses two tools in the background. Uh end mapap tool and a tool called nikto. So we're just going to start scanning. 192 16871.133 was the IP address. add to scope and over a period of time you can see all of these will start populating with information. There we are. That's the Nikto tool coming in scanning on port 80 which is uh which means that it's a web server using HTTP. It tells us it's an Apache HTT HTTPD2.2.21 and gives us the 22 port number as well. If we head over to the tab of Nikto or let's look at the screenshot first, this is what the website would be looking like and Nikto gives us the options over here. It tells us that there is a vulnerability over here for shell shock and this is the path where the vulnerability is going to exist. So what we're going to do, we go back to the command line. Sorry, we open up a new one. Minimize all these other windows and we're going to open up Metasloit. Metas-loit is a penetration testing tool that is used by most hackers and ethical hackers to test applications and test uh existing exploits and vulnerabilities. So just give it a minute till it starts. You can see there are already around 1,700 exploits right here. Uh we're going to see all those exploits with these commands. There we are. Sorry for the typo. And it will just give us a list of all the exploits that are stored in metasloit in this version. So all of these are Windows based. If we scroll up, we will be looking at other vulnerabilities as well or exploits the unique spec exploits, Linux, OSX, multiexloits, and we're looking for a exploit for um multibbased Apache or HTTP. Let's go up. Uh let's look at So this is the one that we're looking for. Apache mod CGI bash environmental executable. So what we're going to do is we're just going to copy it. Go back to the bottom. Say use exploit and paste the one that we wanted. Press enter. Say show options. So it'll ask us to configure this. I'm just going to configure it based on the knowledge that we have. Set our host which is the remote host the victim's machine. So we put in the IP address. It asks us for the target URI. So that's the path that we saw. Set target URI to CGI- bin / status. Enter. Now with the exploit, we need to find a payload that is going to give us the output that we want. So we say show payloads and it will give us a list of all the compatible payloads with this exploit. And we want to create a reverse TCP connection which is this. So we know it's a Linux operating system. We want this uh payload to be set. So set payload. Press enter. That's the payload coming in. Show options. Now that we have set the payload, this is the options for the exploit. And now we want to set our options for the payloads as well. So we are creating a reverse TCP connection which means we are remotely executing code at the victim side and making the victim connect back to our machine which means we need to set up a listener. So I need to put my IP address over here. set local host or LHOST 192 16871 128 which was our IP address. Show options again just to ensure everything is fine which looks like it is and we then type in the word exploit so that it will start this attack. I can see that it has created a mutter session at the victim side and it has opened up a session. So if I do a pwd now pwd is a Linux command for present working directory and it will show us that we'll connect it to where dubdubdub cggi-en bin do an ls it will list all the files that's the status file over there do a cd backslash it will take us to the root of this machine now remember we saw the uh passwords on a windows machine similarly we can head over to the cdet folder ls and you can see these files psd and shadow now pssw is the file where Linux stores it usernames and shadow is the file where password in this version there's a new module called for IoT internet of things it focuses on emerging attacks vectors like cloud artificial intelligence and machine machine learning it basically talks about smart devices and it talks about the vulnerabilities the risk that the smart devices face in today's world uh for example it will tell you about the industries that are utilizing all these smart devices why are they utilizing it for what kind of devices they are utilizing and what are the risks within those devices it will also O give you a lot of tools for you to practice upon to identify such IoT devices. What would constitute an IoT or a internet of things device any device which has an IP address and can connect to the internet and create data. So even your smartwatch, your smartphone, your cars that have internet connectivity nowadays, your uh Google Homes, Amazon Alexas, all of these devices would come under the IoT umbrella. And have you ever wondered about uh sitting at home having a Wi-Fi, having all of these devices, even a smart TV if you will, connected to the Wi-Fi, and have you ever questioned how a hacker would then be able to access your home through all of these devices, record information and basically just spy on you? Similarly, an organization where they utilizing IoT, they would be vulnerable for the same vulnerabilities. And this course does include IoT security to a certain extent. uh where we talked about vulnerabilities and how to identify those vulnerabilities in IoT. Then there's a new vulnerability analysis module where it gives you risk assessment. It talks about CVSS scoring systems. It talks about how to do a vulnerability management program in the first place. What are the steps required in a vulnerability management program? How should it be repeatable and how it should be measurable as a program and what should be the outcome. So basically it will give you a structured way of how to do a vulnerability management assessment and how do you want to achieve the end goal. thus leading you to a penetration test. So all the modules are leveled up. What do you mean by leveled up? That means they've been updated to the latest tools, latest standards, latest technologies. So you've got cryptographic attacks, you have got attacks on applications like SQL injection. We'll be talking about packet sniffing using uh various tools. All of these are upgraded which means they are up to the latest operating system. So even when we do this course you'll be looking at operating systems like Windows 10, Windows 8, Windows Server 2012, Windows Server 2016, Kali Linux machines, Android machines and Ubuntu desktop as well. So all of the operating systems are latest, the tools are latest and you will be interacting with these tools and then there's a mobile security toolkit as well which uh will help you do a penetration test on a mobile device. So these are what is new in version 10. Now let's talk about the roles and responsibilities that a ethical hacker should have when they actually go into the world. Now what are the responsibilities roles what are the capabilities that we should have that we should be able to look at scripts that would test for vulnerability. So for example a SQL injection attack it's a scriptbased attack let's say uh cross-ite scripting attack that is again going to be a scriptbased attack. So we maybe we want to go ahead a little bit look at Windows systems and do a PowerShell attack and know about PowerShell scripting a little bit. If you look at Linux Windows there's a bash shell where there's bash scripting and you'll want to learn that scripting as well. Now the course doesn't include all these scripting languages. It does help you understand what these scripting languages are and it does have some basic introduction to how these languages can be utilized to create those scripts. Then we also want to develop tools to increase security. You want to look at those commands that are utilized on all operating systems. You want to look at the capabilities of the operating systems of how to create security parameters and ensure the operating systems and applications devices are secure. Uh you should be able to perform risk assessment. Now when you say risk assessment, risk assessment is the likelihood of an attack being actually executed on an organization based on the threats and the vulnerabilities that we have identified. So risk assessment is something that uh you find out a vulnerability and then you try to figure out in a hypothetical manner of what is the likelihood of that vulnerability being exploited by a hacker if they find that vulnerability and if they do execute that what is the impact that is going to happen on the organization and what is the penalties or the repercussions that the organization is going to face if that vulnerability is exploited. That's what a risk assessment is. Then we should also be able to develop security policies or set up security policies and implement them to ensure that the security mechanisms are standardized and are consistent. And then we should also look at training staff for network security to ensure that they are aware of these vulnerabilities and they know what their responsibilities are to maintain some semblance of security in the organization. So why do we want to become a certified ethical hacker? Now since you're watching this video, it's easy to assume that we all are interested in security. We all are interested in hacking. But hacking is not a real job. For us to get a job in the industry on a security parameter or information security parameter, we want to become a certified ethical hacker. So if you look at the popular hacking cases that have happened in 1990s there was a national crackdown on criminals. Microsoft entity operating system was hacked. Now this was back in the 90s when security wasn't that much evolved and there were a lot of attacks back then uh that crippled infrastructure that crippled banks when they started realizing that computing isn't as easy as it seems. Of course if you use a computer the functionality is always there but if the functionality is not properly configured you're just exposing yourself to cyber criminals where they're going to steal information and your organization may just go bankrupt because of that. In 2013, an example, Adobe reported 2.9 million accounts as stolen. In 2016, Casperski, which is a internet security firm, uh, announced that there were 758 million malicious attacks that occurred worldwide. Imagine that, 758 million malicious attacks that were identified and reported. In 2018, Facebook reported a loss of 30 millions to accounts that were stolen. 2018 again Kora reported 100 million customer accounts being stolen and in 2018 again Marriott 500 million travelers accounts stolen and manipulated. Now when you see accounts were stolen how does it affect the organizations? Now first and foremost if those accounts were stolen that means usernames and passwords were cracked and those accounts may have contained credit card information or may have contained some personal information that would identify the personal the person and thus make them gullible for a social engineering attack or an identity theft attack. So it has a cascading effect. If I would have been affected or you would have been affected with these attacks, the repercussions would have been catastrophic. your credit card information being stolen that means somebody else would have misused it and you would have uh seen a huge bill come to come your way. Now you can go back to the bank and uh dispute that but that that's again a dispute that you're trying to have with the bank for something that you didn't do which requires a lot of energy and a lot of time and at the end of it somebody has to pay for that particular loss. Now in this scenario the bank would have had to bear the loss but then that's a loss for the bank and bank doesn't want to do that and that's where they would try to hire certified ethical hackers who would try to test these vulnerabilities and plug them in so that the end consumer is also secured the bank is also secured right in this case uh Marriott there were 500 million travelers accounts that were stolen a lot of credit card information uh was uh leaked out email accounts were hacked and compromised And thus there was a lot of repution that happened. Now the thing is that there are also laws that these organizations need to adhere to that tell the organizations how to keep their information secure and also have penalties in place if the organization gets hacked and the penalties are pretty severe. So organizations do not want to get hacked or do not want to get compromised. Not only from the customers perspective where they would be losing customers, losing reputations and then thus facing losses but also from a legislative perspective where they would have to pay fines to the government for the frauds that have happened. So uh these are some of the popular hacking cases that have cost these organizations quite a lot of money and thus uh they have a lot of security in mind. uh if you look at the news uh in uh BBC news there was something reported from a French uh police that there was a virus that infected more than 850,000 computers worldwide. Now on the similar lines if you remember ransom wares and if you look at wuk cry that happened in 2018 or 2017 it also cost the world $4 billion in losses during that just one small month of its infection. Then Apple Google basically disclosed that a large scale hacking effort was targeted at Apple devices and this has been uh it has reported that there was a sustained effort to hack iPhones over a period of at least 2 years which means that there's a specific target towards Apple consumers and they are at a higher risk of getting hacked than others. Then the Texas government organizations hit by ransomware attack. So hackers have infected 23 organizations connected to local government in the US state of Texas with ransomware. That means that their databases have been encrypted. The government themselves do not have access to that database. The databases could have been compromised by the hackers. And that means that whatever services were being provided to the users based on that database may no longer be available to the end users because of the ransomware. Now moving on with these, why won't do we want to become a certified ethical hacker? Increased attacks lead to more job openings. Now if you look at ransomware, the vanry attack that happened in 2017, there was a knee-jerk reaction given by the rest of the world for IT security. Suddenly budgets started opening up. Suddenly people wanted more ethical hackers on their payrolls to test for vulnerabilities. In UK and Europe we have GDPR uh which is again another law that imposes CV of penalties on organizations that get hacked and for not having proper security and a vulnerability assessment and penetration testing program in place. So that leads to a lot of job requirements as well where organizations look at people with the special skill set to help them mitigate the vulnerabilities to keep to safeguard them and their customers from hackers and also from penalties from law enforcement and governments. So thus the demand keeps on increasing for ethical hackers which automatically means that the salaries are going to increase as well. So more the demand, lesser the supply, higher the salaries. That's plain economics. Then challenge hacker with malicious intent. So from a ethical hackers perspective, it is our duty to safeguard an organization which means that we'll be pitched against hackers and we have to ensure that those hackers would be challenged to the maximum limit before they even try to get access to any of the resources that we are trying to pro protect. It offers a boost in your career. So more uh efforts that you put in, more vulnerabilities that you find, the better the career prospects that you have and the better job aspects that you're going to get. And this also lets you keep yourself updated on the latest technology. As the technology progresses, as we evolve on technology, security will also evolve and the ethical hacker would need to keep themselves updated on these technologies. So this is what is a plus point to become a certified ethical hacker. So why do we want to get the certification and what would it mean by being a Ccertified uh individual? Take this into consideration. You are applying for jobs and uh you have been applying for cyber security related jobs of course and you go in for an interview. In the interview you are asked quite a few questions and they will be testing you on cyber security concepts. So they will be asking you a lot of technical questions about cyber security about information security and any other related topic. So let's say in a few minutes into the interview there are some concepts that you have not brushed your skills upon and they ask you about certifications and one of the main certifications that is sought after is the C certification and if you're not certified that's where things can become a little bit problematic where organizations today very proactively start looking for people or candidates who are already certified rather than take them on board and get them certified. So in this scenario uh having a certification would obviously help not only to be uh shortlisted for the job but the certification involves a lot of training which would help you understand the concepts and prepare you for the interview a lot better as well right so getting yourself certified is quite necessary in today's world let's look at what the certification is all about the certification involves a very hands-on training that trains an individual into thinking about cyber security from a hacker's perspective and developing this mindset is very important because to catch a thief we have to think like a thief teaches the candidate to spot vulnerabilities in a system so it trains you on how to identify flaws how to verify that they exist and then how to treat them as well like I said this is a very sought- after certification and companies look for people who are already certified as C or a certified ethical hacker so what is this certification all about uh this is a global accepted certification and it tests the knowledge that a candidate may will have about threats and their prevented preventive mechanisms. So the certification the exam itself will test you on the parameters. The training would provide you with all the information that you require to clear the exam and to gain knowledge from a real world perspective. So it will train a candidate to think like a hacker. It will train the candidate to use the tools to identify those flaws uh to spot those uh flaws in the first place and it will give an understanding to the candidate where to look for those flaws in the first place. So essentially when you get certified as a certified ethical hacker you become a white hat hacker or a ethical hacker which means that you will be looking at flaws ethically and reporting them to those organizations. The certifying authority is the EC council. It is a very well-known and a widely accepted certification authority across the globe. It is based out of the United States but the certification is valid across the globe. So what does it take to take the exam and who can take the exam in the first place? Now the basic criteria is that a candidate should be 18 years and above. So any person who has completed an official EC council training is eligible to attempt the exam without going through an application process. So there are two ways you can actually attempt the exam. You either have work experience that means you're already in the cyber security space. You already have some uh you already have some hands-on knowledge and you want to give the exam. In that scenario, you just have to prove that you have got two years of experience with network or information security and then you can apply to EC council to directly appear for the exam without attending the training. else you can then approach EC council and register yourself for a training course after which you can give the exam. So there are two ways that you can deal with it. What are the fees for this exam? Now the fee itself is $500 for the exam. Candidates who take the second route where they prove that they have experience and they directly want to appear for the exam. there is another additional $100 of application fee that they have to pay to EC counselor for them to verify that you actually have that experience and then allow you to appear for the exam. So what are the exam questions like? What what is the exam all about? The exam code is 312-50 and there are 125 questions that need to be answered in 4 hours. Now that sounds like a lot of time but trust me it isn't. The questions are descriptive in nature. They give you a scenario. You have to identify those keywords based on the knowledge and the understanding that you have and then gauge the correct answer for that particular scenario. And the scenarios could be a little bit complex, could be a little bit confusing. The exam will be a multiple choice question exam. So one questions with four answers. If any question has multiple answers, they will mention it in the question itself. The pass percentage cuts off at around 60 to 85%. So there is no fixed percentile. Every question has a different grade. Every question has a different value and based on the questions that you have been asked and the correctness of the answers you would either pass somewhere between 60 to 85%. The results are immediate. So once you complete the exam and you submit it, it will uh let you know there itself whether you have cleared or not. So what are the skills that you require for this exam? You must have very good networking skills. And when we say networking skills, you should know your protocols. You should know how computers communicate with each other. Uh the protocols like HTTPS, FTP, SMTP and anything about the OSI layer. You should be good with your operating systems. The candidate should also have a very good knowledge about operating systems. And when we say operating systems, we want the candidate to know about troubleshooting methods and how the operating system work in the first manner. So you should have some basic skills about operating systems and the configuration of these operating systems. Uh you should also know the different types of cyber attacks such as social engineering, fishing and how to prevent these attacks. So this is the exam skills. The training prepares you with all these skills. The candidate must be able to hack into an organization system with permission and erase all digital evidences. So uh the training itself will get you accustomed uh with all the hacking phases, how a hack is constructed, how a hack is made more effective and how the hack evolves and later on how you can delete all the evidences of the hack that has happened. So for the exam you should have or you should be very good with your networking skills, understanding protocols and how they work, configuring operating systems and troubleshooting them. You should be able to classify different cyber attacks and know how to launch them as well. And you should be able to hack into devices and erase all digital evidences that may have happened. Password cracking and cryptography is also a very much required skill to clear the exam. There must be a few rules followed and there is a code of ethics from EC council. So they essentially give you a non-disclosure agreement before you start the training which you have to go through and you have to sign it, submit it to EC council. only then are you allowed to go forward with the exam. So what are the exam all about? What are the topics within that exam and what kind of questions would you get? So there are seven domains in this training based on which they will ask you questions. When you say background uh background is nothing but your knowledge on networking skills u your knowledge on a little bit of operating systems, how communications happen, how protocols work and so on so forth. Analysis would be where you analyze certain attacks and you're able to uh analyze let's say packets and based on those packets you can identify whether uh it's a legitimate packet or is it a malicious packet with any malicious data within it. Then with security tools you are able to talk about security as in the concepts of security like confidentiality integrity and availability triad the AAA identification authentication authorization and accountability tri aspects uh and various other concepts that are there in security. So you'll be questioned on those topics as well. tools and programs. Ethical hacking carries a lot of tools and you should be conversant with those tools. Uh in the during the training there will be hundreds of tools that uh you would be going through and you would be facing questions on these tools. So there would be some basic questions like commands that would be given to you to identify what that command would execute or there would be a specific scenario given to you and then they would ask you which is the most uh suitable tool that you would utilize to crack that particular scenario. And then there's the methodology of course of how or which steps would you take in this particular attack to be successful. Then we talk about policies and the ethics. So as you can see all of these domains have different weightage in the exam. 21.79% for your backgrounds. So you can see the background information is very much important. Operating systems, networking, a little bit of applications, a little bit of architecture of how things are deployed. Now C is normally an advanced certification, right? So there are a few presumptions that you already know a little bit about uh active directory, how operating systems work, uh how identity management works. So there's a little bit of presumption that you have these background knowledge but in the training you can be prepped up for that knowledge as well. So it does contain a little bit of insights about how these things work. Analysis is where you're looking at some scenarios and based on the evidences given to you, you can analyze what's going on. So that's at 20.73%. Security which is the main topic is at 23.73%. Tools and programs related to security would be at 28.91%. The methodologies would carry a weightage of 8.77 policies 1.90 and ethics 2.17%. So you have 125 questions. You can figure out percentile wise how many questions you would get on each of these domains. So let's have a look at these domains a little bit more. The background is about network and communication technologies. Again, like I said, protocols, procedures, services, how computers work. So, ports on a computer, how uh how ports are utilized by services and how communications happen over these services and these ports, how we can scan these ports to identify what's going on and then try to find out vulnerabilities within them. Then we have got information security technologies and the information security threats as well. So when I want to launch an attack on a device, where would I find vulnerabilities? Is it just on the network? Uh do I look at the operating system? Do I look at different applications that are there on the operating system and so on so forth. So where are the threats? That's something that we need to identify and that's what this domain deals with. So uh 27 questions from this domain. Then analysis and assessment, information security assessment and analysis and the security assessment process. So uh let's say you're in a penetration test and you want to launch an attack. What is the assessment that you want to do before you launch that attack? What is the process you want to conduct and uh how you going to analyze the vulnerability in the first place to identify which penetration test or which attack you should uh do at that particular point in time. Then security would talk about information security controls. Controls would be all the uh security elements that you can implement to prevent uh hacking. So firewalls, IDS, IPS, antiviruses or endpoints, all of these would be included in this domain. Information security, attack detection. So it's not only about how you can attack, you also want to know if you're being attacked in the first place. So analysis would basically identify how you're being attacked and the detection is where where you first detect that something is wrong after which you can analyze it, right? And how you can prevent uh security attacks happening at your organization as well. So which firewall would fit at what OSI layer? What uh in the architectural aspect where do you want to place a ID uh IDS or an IPS? Where would you want to place a firewall? Where would you want to place a UTM to have a layered approach a structure structured approach towards security where a hacker would have to peel off layers of security to reach the data that they wanted to get access to in the first place. So there will be 30 questions from the security domain, 16 questions on the analysis and assessment domain. The fourth domain is the tool, systems and programs. So this is where all the tools that you would have utilized resume. So this is where all the tools that you have utilized in the ethical hacking scenario and there will be questions asked about those tools. So in the training there are some tools that are prescribed in the course where you'll have to concentrate on those tools. You'll have to get your hands on on those tools to understand how those tools work and then give appropriate answers in this domain. So there would be 36 questions for tools, systems and programs. Then the fifth domain is procedures and methodology. Information security procedures and assessment methodologies would be asked over here. So how would you uh conduct a test? How would you conduct a vulnerability assessment? What is the method and the procedures that you would follow in conducting these tests? So there would be around 11 questions for this domain. The sixth one is regulations and policies. So this is all about uh some basics that you need to be aware about uh for information security policies and frameworks uh like ISO 27,0001 PCIDSS and these uh regulations that are available in the real world that you can that can help you or guide you to place a security architecture on your organization. These questions are not going to be in depth about any of the laws or policies. It's just checking your awareness whether you are aware of these laws or policies and where they can be implemented. So you can see there are only a couple of questions that would come in regulations and policies. And then ethics. Ethics is the code of conduct uh of how you are expected to behave as a ethical hacker. What is expected out of your job role? What you should be doing and what you shouldn't be doing. So there would be around three questions of ethics in the exam. Now let's look at a few sample questions from the exam as well. So this will help you get an idea what the exam questions would be. So consider the attack scenario given below. There are five steps listed. Step one starts with user browses a web page. The second step is where user uh web server replies with the requested page and sets a cookie on the user's browser. In the third step, attacker steals the cookie by either at creating an attack of on the network for sniffing or at the application with cross-ite scripting or sending a fake mail or uh hosting a fake website by a social engineering attack which is a fishing attack. In the fourth step, attacker gets access using whatever they have done and orders a product using modified cookies. And in the fifth step, the product is actually delivered to the attacker's address whereas the bill is fooded by the victim. So what is the attack that is happening here? Identify the web application attack. Is it a session fixation attack? Is it a unvalidated redirect attack? Is it a cookie poisoning attack? Or is it a denial of service attack? So again going through these steps, which of these would be the correct answer. Now in this scenario, it is C, which is a cookie poisoning attack because if you look at the steps, the attacker basically hijacked the cookie or stole the cookie and then modified it to be utilized for some malicious reasons. Second question, which one of the following scanning techniques do attackers use to bypass firewall rules, logging mechanisms and also hide themselves as usual network traffic? A stealth scanning technique, B TCP connect scanning technique, C maintaining access or D FIN scanning technique. Now here as you can understand we need to know what these techniques are, right? So what does a FIN scan mean? What is maintaining access? What is TCP connect? What does TCP mean? TCP is transmission control protocol. How does it work? So when you connect using TCP, what is actually happening in the back end? That is what the knowledge is all about. And in here the correct answer is a stealth scanning technique. So what do we mean by stealth? How can we achieve that? Which tools help us achieve that? That is what we want to gain an understanding in before we can attempt the exam. Question three. Which of the following Wi-Fi chalking method refers to drawing symbols in public places to advertise open Wi-Fi networks? Warwalking, warflying, war chalking or war driving. Now here we need to know first that there is something known as Wi-Fi chalking, right? And there are some symbols that are utilized globally and they are recognized globally. They're standardized by the way. And these symbols represent some type of Wi-Fi networks. For example, open Wi-Fi, which means you can freely connect to the Wi-Fi or paid Wi-Fi where you have to pay before you can connect to the Wi-Fi or once you get connected, you first to have to make a payment only then the internet would be activated. Right? So for different Wi-Fi mechanisms there are different options that can be utilized and which of the question is which of the Wi-Fi chalking method refers to drawing these symbols in public places to advertise open Wi-Fi. So in this the answer is war chalking. Now the question here itself is a little bit so here the question itself is is a little bit misleading because it mentions Wi-Fi chalking in the question itself and that would then lead us to whether war chalking is a correct answer or not. So uh some of the questions could be a little bit misleading. So let's start looking at the certifications. So to be an ethical hacker you must hold a certification which specializes in ethical hacking or in cyber security. Companies look for candidates who are globally certified. When we say globally certified, they're looking for a certificate that has been given by an organization that is recognized globally and is well accepted in the industry. So these are the top five certifications a candidate can obtain. The first one become a certified ethical hacker. Then there is global information assurance certification penetration tester. Then offensive security certified professional comia pentest plus and finally the licensed penetration tester. Now uh these certifications are offered by different organizations. All of these organizations are recognized globally and their certifications are well accepted uh in the technical space. So let's start off with the certified ethical hacker and we'll look at uh the organizations that provide these certifications and how we can attain them. So C or certified ethical hacker in its current form is in its version 10. It's been revised and updated over a period of time. EC council is the certifying authority for C. They have their own authorized training centers through which you can attend trainings, give those exams, get yourself certified and thus become globally certified and uh can be eligible to apply for security related jobs. It is a very well-known certification and is widely accepted at the same time. It would test the candidates's knowledge of security threats and preventive measures. Now there are two types of exams that you can give with C. One is a multiplechoice question exam which is theoretical in nature. They ask you questions and you answer the correct one. You select the correct answers. If you're clear, you get certified. The second certification nowadays is where there's a practical exam associated with it. That's a uh you'll have to purchase the voucher for that exam and give that exam. The practical exam is held in a virtual lab where they are given scenarios and based on those scenarios you have to resolve the questions given to you and give proof of the resolution which would then uh get you certified as an ethical hacker. The theoretical exam in this scenario is the fees is around $500. This is for the multiple choice question exam uh where you can pay the fees and you can uh attend through a uh online portal and you can give the exam directly. The exam is 4 hours long in which you have to answer 125 questions. Now 4 hours for 125 questions seems a long time but it isn't. It's a very technical exam. There are scenario-based questions and it would take some time for you to analyze and understand the question and then identify the equivalent correct answer. So it's a very competitive exam and you'll have to study really hard to clear this exam as well. The cutoff for passing varies from 60 to 85%. So there is no exact grade and all the questions have different weightages. So depending on the questions that have been given to you and the way that you have answered them, you would pass at either 60% or you would pass when you have scored 85%. Once you are CE certified, which is a very technical certification, you will be qualified to apply for job roles as a penetration tester or a security engineer. These are job roles where you would be responsible of ethically trying to attack applications uh servers switches and try to find out vulnerabilities within them. The training of this certification will make you adept in most of these tools that are required. There are a lot of practicals in this uh trainings and uh if uh you successfully completed those practicals clearing the exam is a easy task. With the practicals comes your knowledge and would help you understand how you would be performing penetration tests in the real world. If you have never used Linux before and are looking to get into it, this is the perfect opportunity for you to learn on how you can use this operating system in your daily lives. Now although this video is specifically catered towards people who are trying to get into cyber security or who are trying to learn ethical hacking, the more people that get into Linux is that much easier because it just provides an alternative operating system that you can use and perform in your day-to-day lives. Now uh it's very important especially for ethical hackers to understand how Linux works and specifically how Kali Linux works that we are going to cover today. Now uh Kali Linux is also an operating system dedicated specifically to cyber security analysts and hackers and has a bunch of tools that makes the process of ethical hacking and vulnerability analysis malware analysis very easy. So uh in this Linux crash course we will learn everything about Kal Linux what it is what you can use it for then understanding a bit more of the Linux system fundamentals. Now that can span across a multi a variety of topics. For the uh Linux fundamentals we often have how to navigate the file system, how we can use the Linux operating system command terminal for creating editing and just manipulating files. We'll understand some networking commands that can help you. We'll understand how the uh the service mechanism how to start start services stop services. We'll understand how to install uninstall some particular tools. We'll also create a small script with bash so that you can understand how you can use the bash language to start your scripting journey in Kal Linux directly. Before we move forward, let's check out the C certification course by simply learn. If you want to learn more about cyber security and ethical hacking in general, check out our C certification training course. The certified ethical hacker certification is the industry standard for train penetration testers and our training program will ensure you are well equipped with all the necessary skills and techniques required to ace the exam. You'll get an exam voucher for free with the course allowing you to learn, master, and excel as a penetration tester with a single package. You can find the link for the course in the description box below. That being said, we can get started with our demonstration. Now the first thing we need to understand is how we can install Linux properly. To install Linux or Kali Linux to be specific in this case we will need two things. One we need the ISO file which is basically the installation file of every single operating system and we will need an environment to run it in. Now many people um use Linux or any other operating system as a dual boot in the system. So that when you start up your computer or a laptop, it will ask you where do you want to boot into? Do you want to boot into Windows or Kali Linux or Ubuntu something like that. But for easier access what many people prefer and many people will recommend is using a virtualization software. So what that will happen is you will keep using your normal Windows operating system but you can use virtualization software like virtual box or VMware to run Linux operating systems in Windows directly. It'll uh run in a sandboxed environment which makes it easier to learn and you don't have to dedicate another uh bootloader access and it just gets a whole lot complicated. The dual booting is a lot more complicated and it is recommend it is recommended for beginners to just stick with virtualization software. Now for virtualization software you will get two options here which will be virtual box by Oracle or VMware. Now I highly recommend VMware because I feel it is much more stable and it has a a bit more fluidity when running operating systems. Now since you are running full-fledged operating systems in a single window, your system must have a good amount of RAM free so that it can be completely dedicated to the operating system being run in the sandbox environment. So I would really recommend uh VMware over virtual box which I feel is has become slightly dated now. Meanwhile, VMware Workstation Player is going to be much better. This is obviously a pre a case of preference and you can try out virtual box if you want. Most of the things will be similar but once you download VMware and install it you should be getting a window like this. Now this is the works workstation you can get the VMware player version which is the free version. You can get that as well and again most of the things will be similar. So now that we have VMware and we have our environment where we are going to install Linux and work on it. Let's check Kali Linux. Now, Kal Linux as you can see it's the world's most advanced penetration testing distribution and more importantly it is based on DBN. DBN is one of the uh you can say the forefathers of operating systems, one of the operating systems which paved the way for many Linux distributions to be based on it. Apart from Kali, we also have another operating system which is called parrot security. This is also used by ethical hackers and cyber security analysts because this has the uh this functions the same way as Kal Linux as in it has all the tools and techniques that you may require in your ethical hacking journey. So uh you can use either of them either Kal Linux or pirate security and more importantly for today's video actually any Linux distribution will do because this is more about learning the basics and the basics will stay same irrespective if you go for Kali parrot Ubuntu or any other Linux distribution that you can think of but I'm just letting you know that there are two options here parrot has a bit more features but Kali Linux is the industry standard today and has been for like a decade now at this point uh so it is much recommended to go with Kali and that's what we are going to work on today. So to download the ISO file we'll just click the download button here and you can see it offers a variety of options. You can directly download for virtual machines which is see as you can see it is the recommended but it is it is going to deprive you of a few um learning things. So what we can do is we will get the live boot system. What live boot will do? It will provide the ISO file which we can later use to install on our VMware system. So I will go to the live boot. It includes everything. As you can see I got a torrent file. I will place this torrent for download now. Actually instead of the torrent we can just download the point release live image. Um the this actually this version had every tool possible but this one this uh January edition you can see Kali 2023.1 the January live version point release live image you can just download this one directly just click the download button here which is written at 3.8 8 gigs the ISO file size just click on download and your download will start. So remember once again you can do this process with pirate security directly as well. I think if you go to download button here yes you have to choose a security edition. Now they also have multiple versions for let's say the home edition is for daily use you know um just casual browsing or just multimedia process all those things. Hack the box is completely separate service that functions easy to easy to hack um boxes that will be a completely separate edition similar to cloud architect and raspberry pi but if you are going to use pirate security get the security edition directly just download it from here and you it you'll be good to go but for now we are just going to install kal nux since that is what the majority of industry uses and we'll move forward with it accently These are the containers. Yes. Now what you what would have happened if I chosen virtual machine is as you can see there are many virtualization software like VMware virtual box and chemo. It what will provide is it will provide a installed file. It'll give a folder where the virtual box app VMware has already installed Kal Linux. So you can just load up in your VMware system. As you can see you can it'll you have to just open a virtual machine if you download the image directly this one. So you can just open up that folder and your operating system will load on its own. But why after getting the ISO you can customize a lot of things. The thing about this virtual images are they're not customizable as such. With the ISO, I can customize how much hard space I want to devote to just the sandbox operating system. How many how much RAM usage although those RAM usage and all can be uh customized. Everything will be tailor made based on your specific needs. So we will check that once the download is completed which is just 1 minute remaining. Apart from that you can see there is a 64bit. I think this is 32-bit as well. I'm not sure if a 32-bit is required nowadays considering everything is 64 but yes before uh while the ISO is getting downloaded let's check out VMware Workstation now to get started at creating our sandboxed environment we will touch upon create a new virtual machine. Yes. Uh here we can let's say check on custom because we want to customize how much we want to uh give hardware. We can use workstation 16.x which is the latest one. Now here I'm going to choose I will install the operating system later. If I give the ISO file here directly, it will install the operating system on its own which kind of defeats the purpose. If that was the case, we would have downloaded the live image. Anyway, we I will click on I will install the operating system later. We will choose in the guest operating system. We will choose Linux. And make sure you choose DBN 10.x 64bit as we read in the website. It is based on DBN. It's TBNN based Linux distribution. Now this can obviously change. There are other operating systems on which others can be based like Fedora and uh Arch but this one is DBN. So we are going to choose DBN over here. DBN 10X 64bit which is the latest version. Click on next. We will name it as Kali Linux and click on next. The number of processors I'm going to give two processors here. total processor course is four. This you can determine based on how much how powerful your system is and how much you can give as is because a major part of how how how a virtual machine runs is not just how much RAM you give to it is how much RAM is available outside of a sandbox environment because if let's say your system is u uh has 8 GB of RAM you devote 4 GB to the virtual machine. Windows itself takes up around 4 GB uh at least 3.5 GB when it's sitting idle. So you have to account for all that when dedicating processors and more importantly RAM as well. So we're going to click on next for now. And here what I'm going to do is I'm going to give 2.5 GB of RAM which should be enough for the thing at least the things that we are doing today. This can be customized later on as well. Let's say you have started working and then you realize the amount of RAM that you have given is just not enough and you need a bit more then you can customize that later. For now I'm going to give 2.5 GB of RAM. You can see the recommended is 2 GB. Anyway, I'll just go a step further. Click on next. Use network address translation is the network connection as in what kind of networking it should have. The virtual sandbox should have considering it is being run inside an operating system. your windows whatever internet connection is given to your windows will uh go to uh Kali Linux directly but you can customize that let's say you don't want networking you want host only networking that you connect the guest operating system to a VPN later on it's a completely customizable process but for easiest access we are going to use use network address translation IO controller type LSI is always going to be the most recommended so just go ahead with it choose CI for the virtual disk type. Now these are different virtual disck types that can be used and they have different purposes like some make it easier to transition between multiple uh installations of VMware or virtual box based on what you have chosen but SCSI is always considered the best disk would be we will create a new virtual disk. Now this is the maximum disk size or the disk capacity. How much hard storage are we are going to devote for the operating system installation and all the files whatever you work in the system that will be stored somewhere right so we're going to devote the basically the uh room size to make it easier to understand so I will give 30 GB of memory size now here you have another option uh you can actually allocate all disk space now as it is written allocating in the full capacity can enhance performance but requires all of the physical discs to be available right now. So the good thing about VMware is if I think that's in virtual box as well. If I do not click this even though I have written 30 GB it does not take up all of the 30 GBs in your hard disks. It takes how muchever is required. Let's say after installation and everything uh it takes up 10 GB of space that is all that will be taken up. It won't take up all the 30 GB. the more you keep working and slowly the data increases the size increases of the virtual machine folder it will go up to 30 GB that's it. So if you allocate all of it now it will take up the 30 GB directly and it will be slightly more performance because it will remove that uh read functionality when the virtual when the virtual machine is being run. So I will I will click it and between these two options between single files and multiple files single files is faster but multiple files will make it easier if you want to move your virtual machine system from let's say one laptop to another or you have to switch between personal and official systems but for now I can choose a single file 13 disk file will be created you can just put whatever name and I think everything else is settled now what we will do is we will click on finish. It will take some time to create the disk. I think the ISO download would have been completed. Yes, the ISO download is completed by now. It'll just take a while to create the disk. Uh there is also Kali Net Hunter which is a mobile penetration testing platform. It is available only on Android. Uh you can use it to perform small tasks. Obviously you can't you can't perform everything that you can on Kal Linux desktop environment but a lot of the things can be performed like basic network scanning and some amount of sniffing and uh brute forcing tools all those things can be performed on net hunted directly but that is a video for another day. So we'll just wait till the disk is created and then we'll move forward with the process. As you can see, the virtual machine is now created. So the next step would be to actually align the ISO file. So we're going to click on edit virtual machine settings. Here we'll select the CDB position. Use ISO image file. We're going to browse. Go to downloads. Use the Kali Linux ISO and click on okay. So now we can power on. Select live system AMD 64 at all times. Okay. You can see a pop-up here below that says install DBNS on physical computer that we are going to do which would be Kallay Linux. In this case it just shows Debian because it is based on Debian. That's it. When you're done and the operating system boots up, click I finish installing. So we will do that when the time is correct. So, we can see the live boat running up. Okay, you can see K Linux is booting up now. You get the uh the usage CPU usage meter here and this should be the memory. Yes. Okay. So, we have enter booted into the desktop. These are the multiple workspaces. But once again, this is not installed. What we're going to have to do is install this operating system. You can see you can use in the live environment you can use everything but you just have to install this operating system directly. The networking system is working. Okay. So once you familiarize yourself with the Kali Linux operating system and more importantly in the live environment you are able to check if the amount of RAM that you have given and your processor in general is able to sustain everything or not. We will what we'll do is we will just power off the virtual machine. We'll again power on and this time we'll not choose the live system. What we will choose is we'll go down. We'll choose the advanced installation options. We'll click graphical install and install. That's it. Now what this will do is we'll launch the graphical installer instead of the live system. U some operating systems like u Parrocurity for example will allow you to install directly from the live environment but that's it. It's uh it's not really a very big difference if you run it from here or there. Now the installation installer is launched. I'm sorry. Uh I will select the English language. Yes. Uh it'll ask for your location so that it will set your time zone. I will choose India. Configure the keyboard. You can choose American English considering that is the standard uh keyboard layouts that is available on the market. It will load the additional components like the the networking modules, the input output device detection drivers, all those things. Some of the partitioning devices as well. I think uh it will take the network hardware. Next configuring configuring the network with GHC. Yes. Uh now that we have to create uh select the host name. The host name I will just keep it as Kali. That's not a very big deal. This is more important if you're a lot into networking and you want to have you know particular home network. as a kind of like acting as a server for the enter all the devices in the home Wi-Fi otherwise it's not an issue uh kind same thing with the domain name I will skip the domain name because it's not really essential for what we are doing here yes but the username will obviously be required the full name I will give it as similar for example I'll keep the same username that was the full name this is the username uh password you can give based on your wish. Make sure passwords the same. This is the single user by the way. You can obviously create multiple users like we do on multi uh other operating systems. Now it will check the disk partitioning here. Since we are installing it on VMware any virtualization software be it virtual box or VMware we will use guided which is use entire disk. Continue. As you can see we had devoted 30 GB it is showing 32.2. Similar situation here. going to click on continue. All files in one partition which is recommended for new users. You have you can partition it to home via tmp maybe uh other partitions as well that you can keep a swap partition as well but that's not necessary now we'll keep all of them in a single partition. Just make sure all the changes are there. It'll create the swap memory on its own and click on continue. It'll ask that these are the changes being made. Just select yes continue. and it'll start installing Kal Linux into the V VMware virtual disc. This will take some time. So, we will speed this up and come back to it when the installation is done. So, now we have to set the package manager. The main partitioning system is done and most of the installation part is done. You just have to configure the package manager and use a network mirror. Click on yes a you don't need to set up anything else here. You can just click on next and it will set up a which is the package manager of Kal Linux. Now what the package manager will do is help us install and install update the tools and libraries that Kali Linux uses all the softwares and all the tools that we're going to use later on. It will configure the package manager for now. It's almost done. Now it's installing the grub boot loader which will uh uh when you start up the system it will ask you where do you want to login? Uh yes install the group gra boot loader to my primary drive. Click on continue. We'll just select dev sda which is you'll find a single drive anyway instead of entering enter device name manually just click on whatever storage space is being uh written below that now if you're using it on virtual box or VMware which we are doing right now you will get only one storage that's it dual booting you'll get multiple and you'll have to make some choices but that is advanced and we don't need to get into that right now for now only the last one should be enough now it is finalizing the installation Just running a few post installation clicks. That's all. And as you can see the installation is complete. So please choose continue to reboot. Uh we'll just press continue. Now it it uh loaded in a lot of the packages during the live version and during the installer so that it can continue with the installation. So it's going to remove that live package now from the RAM and complete the process. As you can see, Kali Linux has rebooted and is going to the installed operating system. Oh, you will learn if you're a beginner into Linux, you will run into a lot of the commands being shown. Just don't freak out. It's all normal. It does take some time to start up depending on how much memory you have given it, how much RAM you have devoted to it, how much even how much hardness you have given it also depends on that. And uh obviously it also relies on how much memory your Windows operating system is using. So that how much extra RAM is available and how well Windows can push VMware Workstation. So we have the login screen. We are going to use whatever username and password we had set during installation to login. Now this will be the root user. You'll understand more about that just now. Let's just allow it to boot completely. Okay. So now we have Kal Linux operating system installed and ready to go. Now what I would recommend the first thing is just go around just check if you're new to Linux uh do not make a lot of changes or anything like that but do move around. For example, if you can just click the start button here which is termed as applications you can see a lot of the programs that are installed. Now the good thing about Kalin is it's very help uh intuitive. So for example information gathering you'll see all the tools that you can use for information gathering. Now same for vulnerability analysis web app analysis password attacks all the brute forcing tools that you can use the wireless attacks like air crack uh pre example sniffing networks like wireshark etc. So just go around the operating system see uh check the file manager how it works and you know basically get a feel for the operating system directly. Okay, like you see here's a file manager. Just check everything how it's working. You can enter the settings and move and make some small small changes. Now a lot of the settings won't matter a lot in when running virtually but it's good to know and understand what are the things that Linux offers. So it's a very important step. One more thing if you are in a virtual machine is make sure that VMware tools is installed. Usually this gets installed directly but if not you can just reinstall here. Okay I think so our environment is ready and set up. Now as you might know a major part of Linux is the command line. So we're going to click the terminal here or you can just open right h has open. So this is basically the command line that you can use in Mac OS or windows. So a lot of the things that we do on wind uh on Linux is in the command line itself. Now you can use general uh graphical tools like uh let's say the file manager for example. You can do use graphical tools you can use other networking tools as well. But it's something it's always better to use the terminal because one you can uh reach things faster compared to a graphical tools considering you just have to write a single command and that's it for most of the tools other than having to navigate through a lot of menus and sections and um other compartments that you have to do on a graphical interface. So we will have to focus more on this command line terminal. And the first thing that we have to learn in a command line terminal is the pseudo user or the root user. We had discussed uh when creating the user but I told that that will be the root user considering we're only adding just one user for now. Okay. So let's break that apart actually. Uh sudo is the keyword that we are looking for. Okay. Now the super user or the root user administrator of the system is going to be someone who has the all of the access to access everything all the sensitive files all the sensitive settings all those things. Now if you can just see uh let's say if I want to open a file I'm going to uh put cat etc shadow let's say permission denied cat is the way to open up text files by the way now this file does exist but I cannot open it because the permission is denied I'm not the root user right now I'm just simply on add kali now the terminal does not go into root mode by default because it does it's not it's not safe from a security perspective. So we have to check on what are the things that can be done securely. That's why what we will do is we will write down now sudo let's say uh sudo is the command for and invoking the root user. We will write the same command which is sudo cat shadow. It'll ask you for your root password that we set before. We'll just put the same password and as you can see it showed the details of the shadow password uh shadow file. So why uh so that's the reason actually why it's not recommended to have the root user at all times. It's all uh it's not recommended. Meanwhile, what you can do is let's say you work a lot with a pseudo password. For example, a lot of the things that we're going to do in this video will require the pseudo keyword which is the root access. Now if you just open a new tab for example you'll get another terminal without any issues. Now one thing I want to note out is if you are learning a lot of the tools use that require the pseudo command like opening sensitive files like this one shadow or making small small changes that require root access like changing the network adapter checking what kind of uh what kind of external devices are being connected from a system perspective all those things you will require to run continuously. So instead of writing pseudo again and again and again for every command, what you can use is this command pseudo su. Now what this will do is it will change the terminal um change the user in this particular terminal tab to a root user. Now I will just press enter and you can see you can check this dollar sign here. Once I press on pseudo su this will change to a hash. And you can see the user has changed now from the simply learn to the root user which basically has all the permissions to do whatever it can with the system. It can change into hash. So now whatever you have to do you don't have to write pseudo command anymore. Just write it shadow and there you go. Now remember this root user terminal is only valid for this particular tab. Not even this window. This particular tab. If I go to this tab here or I'll just close it and create a new tab, it's still a dollar and we in the simple learn user. Anyway, you can't login directly to the root user for security purposes. Like let's say if while it is ultra rare for Linux to have any kind of malware, it is always better to not give it all the permissions like you can have in some other operating system like Windows. So you have to dial into root directly. Okay. So you can use pseudo command. uh you don't have to use sudo command if you have the pseudo su a lot of the things uh sometimes you'll find commands that will not work like the cat tc shadow they will not work or sometime the commands will work but they won't work all the way you'll find something is wrong so always make it a point to try it with p sudo once before moving forward so now let's understand how we can navigate the file system in Linux so what I'm going to do is I'm going to open the terminal again just in case the size of the text aware So as you can see uh this still symbol this means we're at the home location. To understand how we can determine which directory we are in currently always remember terminal will open in a particular directory that's the entire point of the terminal or the command line for example to find out what you are in right now you can just type in the command pwd which stands for present working directory. Click enter and you can see I'm at the home folder in the simple learn. Now this can obviously change for example if I want to move somewhere else. Now I'll just open the file manager and show you once this is the home simply run folder as you can see it is written here. Tuna is the name of the file manager. This is the home folder. Now you have desktop documents downloads music all these folders subfolders you can say inside the simpler folder home folder. So what I'm going to do is I'm going to move to let's say the documents folder. Okay. So the command for that would be cd which is change directory. So I'm going to write as you can see it'll automatically uh try to complete the more you use kal linux and actually most of the Linux operating systems the shell or the terminal understands where you go and what you do all those things. So that way I going to change the directory to the uh let's say the documents folder. We're going to just write CD documents. And as you can see there is an extra uh word here the documents which means that now you are in the documents. We can use pwd command again to check and you can see home simple learn documents. Now what if you're at a position where you don't know where uh you are and what are the files that are present there. For example, I just opened this in the graphical user interface and found out that okay these are the subfolders that I can get into. to understand what are the folders available at your particular location. The command is just listing for command is ls. Press enter. Okay, this is the documents. Apologies. We'll just to go back one step. Right now we are in home simply learn documents. To go back a single step, we'll just write cd double dot double full stop. Then you can see once again we are back to home simply learn. Now once again to understand what are the folders that are present we have to use the command ls. And as you can see you can see everything that is present. and the desktop document downloads music pictures all those folders can pop up. Now you can move here and there based on where you want to go. Apart from this let's say if you want to create a new folder for your own one thing we can do is mkdir that command stands for make directory. Now if I want to create a new folder by the name of MKD IIR SLP. Now remember make sure you understand which position we are at which is right now whom simply learn based on the last PWD. I haven't used CD command anything after that. So now if I press ls you can see another folder in the name of SLP. Now you can do the same things. So you can just go to SLP. You can see the uh path has now changed to home. Simple SLP. You can go back and that's how you can work and create folders to delete. Let's say I don't want to have the SLP folder anymore. I'll just use rmdir SLP. Now if I check ls, we don't have that folder anymore. So that's how you work in between folders. Now one more thing that you can do is just clear and it'll clear up the terminal for you. Now just to check where we are again home simply learn. Now remember seeing the uh cat folder, right? Uh the cat uh sorry the cat command using the etc folder and the shadow file. Now let's if I want to see what is inside the etc file for example if I just put down ls it will only show me what uh the the folders present in my present working directory. What I can do is I can just write ls etc and these are the folders that are present in the etc folder. So you can check other files listings here as well and directly giving the full path. So that will ignore the current working dire the present working directory and show the folders present in the path that you mention. Okay. Apart from that one more thing that we need to know when it comes to listing out details is the la command. Now all of these commands this ls pwd is 90% of the commands that you're going to use in the Linux terminal. I just clear this for now. 90% of the commands that you use in Linux will have subcomands or uh it is also called as flags that go along with it. Now for example in my current present working directory if I press on ls I get these folders right but these are not the only folders that are present. These are the only folders that are being shown. Now to see the other files and folders that are present in the home folder I can write the normal command ls I'm going to add a sub command or a flag if you say hyphen la. And you can see there are much more than the desktop documents downloads. That's something that we were already seeing here. But apart from that you can see other files and folders here. The dot cache config bash logout everything you can see. Now everything that has a dot or full stop uh before it is considered a hidden file. It's not going to show up directly using ls. You have to write the la command which will show all the files. Now it's very important to understand these subcomands and what are the flags that can be used in different purposes. uh this basically the shell. So the more you research you do and understand what kind of flags that you can use, it's going to be easier. What can help here is the man command. The man basically stands for manual. You can find it in every Linux actually. Let's say you want to learn what are the flags that you can use with the ls command for example or you just want to know what that command is. So you can just type in man ls and you see it basically says ls stands for list directory contents. is a description. Here you can see all the subcomands the flags minus b minus d. There's a good explanation for every single subcomand that you can use in order to navigate to the file system or just listing. This is just for ls command. You can do this with almost any command that you want. It says once you are uh once you've read what you needed to know just press Q to quit and there you have it. So that's all about how to list commands uh list folders and navigate through file systems using cd mkdir and rfdir. Now about the commands that you saw and all the folders that you were able to see. Let's say if I just press ls a you can see there is a folder called cache right. So to enter that file you also need to just use the cd command. You can see the present working directory has changed. You can just press press ls here and see if anything else. Yes, you can see there are other folders here as well. So the entire process remains the same but just understand that if there are some files and folders that you're not able to see which is going to happen a lot considering a lot of the things that are hidden in Linux by default. You can access all of those things but you need to know the right commands and the right way to access them. So if you are missing out on some files and folders just make sure you can uh you're using the ls command and sometimes even the la command to get the details of everything that you're missing. Now this folder currently doesn't have as such any a lot of missing files and folders like the home folder had. So right now it's not very indicative but you get the full idea of it. Another thing that you can use apart from the let's say the man command is the help command help uh hyphen help. This is a small this is not as detailed as man and this doesn't work for all commands but you can do a lot of the commands. Uh if you need a quick answer to something you can definitely check this out which is a hyphen help. So while you're clear about folders like how to manipulate folders let's take a look about how we're going to work with files for example. Now let's say uh we use the echo command. Echo command is the equivalent of trying to put something on screen. So let's say if I just press echo with the quotes it will just print out hello. If I want to put it inside a file, I'll just say uh just press control0. I'll just pray echo hello. To autocomplete, just press the right arrow on your keyboard. It'll auto complete. Uh after that, echo hello. I want to put this into a file. Let's say uh my filet txt. Yes. Uh we'll do one thing. This is currently in the cache folder, right? We'll just go back. Yes, this is a home folder. So, we're going to do the same thing here. Now, to go back to a history of commands, I want to do the same thing. I want to echo hello into a new file. So, I'll just press the up arrow and it will go cycle through my recent commands. So, I'll just press enter. And if I just press S ls. Now, you can see the home folder. There's a new file of my file.ext. Okay. If I want to let's say move this file to one of these folders. Let's say I want to move this to the video folders. So the command for that is cp which is copy. I will copy the my file.ext to the videos folder. So I'll just enter I don't need to actually enter videos to see the files like we had discussed. So what we're going to do is I'm going to just type in ls videos and you can see it has the my file.ext folder. Now since I copied it obviously the home home folder will also have the my file text. In order to remove the my file text I have to use the rm command. Now to remove directories we used rmdir to remove files. We just have to use rm. So I'm going to use rm my file.ext to delete the file. Now if I ls the home folder does not have but since it had in the I had copied uh kept a copy in the videos folder. I'll press ls videos. Press enter and you can see it still has the my file command. Okay. Now one more thing that we can need to know is the move command. The move command will essentially move whatever folder wherever you want. Let's say I want to create IO hello my file. Again I'll press ls and I'll see the my file.txt folder. Now if I want to move this file let's say if I use the mv command instead of the cp command which is just for a I want to use the my file.txt to let's say the downloads folder. It's saying permission denied. So what I will do is I will click on pseudo. Like we discussed a lot of the things will not work directly. We will use the same command. We'll use the downloads folder. It will now work. It's time to take a look at users and privileges. Now if you remember our ls command uh let's just check my present working directory. It's the home folder. Now if you remember the minus l a you see a lot of the um characters here which is dr wxr all those things. Now this is basically to understand what fold or what permissions a user has. If you check here there are folders and files. You can see the folders in the dark blue color and the files in the white color. You can see light blue for links but it's a completely separate uh thing. So uh another thing the permissions part if you see there are three groups here. This is the first group. This is the second group. This is the third group. The first group is the owner of the file. Now what permissions does the owner have? Now for example, right now the owner of let's say this one uh this file for example is root. Most of the time it will be the user but this time it is root. It has uh read, write, execute. R for read, w for write and x for execute. Obviously the owner will be able to do all those things. Now the second group is basically for anyone who is part of the uh domain group in the users like if you remember while installing there was a option called create a domain. Why we did not create it because we don't have a lot of users right now but when you create a domain what are the people in the group who are going to do so they have the read function which is RX for execute but they do not have the write function they cannot write directly in this file. Similarly for the third group which is anyone outside of the group. So any other user if they are not in a particular group of the file then they also have the read function and the execute function but they will not be able to write into the file directly. So that's how you can check all of the files that are able to uh that a user can access or not access. That's basically the entire purpose of the uh the privilege section because we don't want to give undue permission to a people who do not require it. The entire point of security in Linux is to be is the level of abstraction that is providing users with exactly what they needed. So if you have a user that does not require executable functions to let's say the downloads folder, we can cut it off from our as a root user anyway. So so that's about providing privileges and providing access to certain files. Now like we had discussed the etc shadow file that we had uh used when checking the cat file. Now one more thing that we can do again is understanding what the shadow file does. If you just press cat etc shadow obviously it will not work. It will just say permission denied. We're going to say pseudo cat shadow. This basically has the password hashes for all the users that are in a system. Right now you can see the root had does not have a hash because it's not safe to have a particular hash for a user just from security perspective. Uh we the the user that we have created which is simpler you can see the password hash being mentioned here. Now depends on how many users you create. If you create three four five users you can see all the pass password hashes here. Now you can uh if the why this is password protected by security and you need to use the pseudo user command is because if someone has this hash let's say if someone is a cryptographer and he's able to brute force through hashes then it's very it's going to be very easy to try and figure out the passwords to particular users passwords that's why even the hash is not shown with uh full confidence unless and until they get the pseudo user command. So that's about uh you know uh privileges and how you can use the pseudo command to bypass the normal user limits. So now let's take a look at some of the networking commands. We're going to clear this one for now. Uh check the adapters that we have in use right now. You can just write if config or actually IPA uh sorry not see IPA uh similar information. IPA is a newer variant. It basically shows what are the adapters and the networking conditions right now. For example, you can see Ethernet. Now, even though I am using Wi-Fi on my local system in network address translation, which is the NAT that we set the network package manager when setting up the virtual machine virtual machine on this VMware, it will link up as Ethernet. So, you can see Ethernet. You can check our local address. You can check the 24 subnet. This is our broadcast address. And this is our MAC address for the system. This is the IPv6 address as well. Now, similarly uh this can be checked on whichever system you are being connected to. The IPA uh if config is the same. It's just uh an older variant. Apart from this, there is another command actually IW config. Now, this is particularly for wireless. Oh, sorry. Uh that was a wrong spelling. I IW config. Now, right now it will not show any wireless extensions. If you are looking into wireless sniffing, uh the uh network packet detection or even wireless hacking, for example, we will publish a video on wireless hacking soon. So stay tuned for that. Apart from apart from wireless hacking, if you are using any wireless extensions, let's say we have small adapters that people can use as portables or wireless cards for Wi-Fi from some systems that do not have Wi-Fi enabled NIC's in their motherboards that people use modifiable custom uh portable um adapters. So if you have one of those plugged in, you will see it in IW config. From here if config, you will only may be able to find out the IP address and that's it. IW config will give you all the information and you can check later. Coming to different IP addresses, a command that you should be knowing is ARP. Now if you're not familiar with ARP, that is going to be uh address resolution protocol. I think IPN will also show the same information. So what both of these do is it basically states which IP address relates to what MAC address. It will also show which one is reachable, which one is stable, all those stuff. Now remember whatever is being done in these kind of uh IP addresses and MAC addresses all of them need to be put in a routing table if you want to connect with each other. Now how you can che
Original Description
🔥CISM Certification: Certified Information Security Manager - https://www.simplilearn.com/cyber-security/cism-certification-training?utm_campaign=OdrOlFjtmwM&utm_medium=Lives&utm_source=Youtube
🔥IITM - AI-Powered Cybersecurity Mastery- Red Team (India Only) - https://www.simplilearn.com/vapt-vulnerability-assessment-penetration-testing-certification?utm_campaign=OdrOlFjtmwM&utm_medium=Lives&utm_source=Youtube
🔥IIITB - Advanced Executive Program in Cybersecurity (India Only) - https://www.simplilearn.com/pgp-advanced-executive-program-in-cyber-security?utm_campaign=OdrOlFjtmwM&utm_medium=Lives&utm_source=Youtube
️🔥 IITM - AI-Powered Cybersecurity Mastery - https://www.simplilearn.com/ai-cybersecurity-course?utm_campaign=OdrOlFjtmwM&utm_medium=Lives&utm_source=Youtube
The Ethical Hacking Full Course 2026 by Simplilearn provides a comprehensive introduction to cybersecurity, covering fundamental concepts, threats, and best practices. It includes a live demonstration on cybersecurity, followed by an exploration of Kali Linux for ethical hacking and the top dangerous hacking gadgets. The course also introduces EthicalHacker GPT, a tool for ethical hacking, and a Wireshark tutorial for network analysis. Learners will understand common cybersecurity mistakes and explore top cybersecurity certifications, including penetration testing using Kali Linux. The course concludes with a deep dive into the toughest cybersecurity certifications and top 50 cybersecurity interview questions to prepare learners for career opportunities.
Following are the topics discussed in the Cybersecurity Full Course 2026
00:00:00 - Introduction to Ethical Hacking Full Course 2026
00:07:55 - Ethical Hacking Tutorial
00:08:38 - Top 7 Dangerous Hacking Gadgets
02:38:12 - Ethical Hacking Basics
03:45:01 - Linux for Ethical Hackers
05:25:49 - Kali Linux For Ethical Hacking
11:53:52 - Live Demonstration
13:34:40 - Kali Linux For Ethical Hacking
13:52:09 - EthicalHacker G
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Simplilearn · Simplilearn · 1 of 60
← Previous
Next →
▶
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Ethical Hacking Full Course 2026 | Ethical Hacking Course for Beginners | Simplilearn
Simplilearn
AWS Full Course 2026 | AWS Cloud Computing Tutorial for Beginners | AWS Training | Simplilearn
Simplilearn
Data Structures And Algorithms Full Course | Data Structures and Algorithms Tutorial | Simplilearn
Simplilearn
SQL Full Course 2026 | SQL Tutorial for Beginners | SQL Beginner to Advanced Training | Simplilearn
Simplilearn
Microsoft Azure Full Course 2026 | Azure Tutorial for Beginners | Azure Training | Simplilearn
Simplilearn
Shopify Tutorial For Beginners 2026 | Shopify Course | shopify dropshipping | Simplilearn
Simplilearn
Six Sigma Full Course 2026 | Six Sigma Green Belt Training | Six Sigma Training | Simplilearn
Simplilearn
🔥Feeling Stuck? How Upskilling Can Boost Your Career! #shorts #simplilearn
Simplilearn
Growth Hacking In Marketing | Learn Growth Hacking Marketing Strategies | Simplilearn
Simplilearn
🔥Cracked 3 Job Offers with One AIML Course! | 20–30% Salary Hike #shorts #simplilearn
Simplilearn
Top 10 Must-Have Figma Plugins for UI/UX Designers in 2026 | Figma Plugins | Simplilearn
Simplilearn
Business Analytics Full Course 2026 | Business Analytics Tutorial For Beginners | Simplilearn
Simplilearn
Simplilearn Reviews | Getting future-ready with course in Artificial Intelligence | Roopam’s story
Simplilearn
Generative AI Full Course 2026 | Gen AI Tutorial for Beginners | Gen AI Explained | Simplilearn
Simplilearn
Full Stack Developer Course 2026 | Full Stack Java Developer Tutorial for Beginners | Simplilearn
Simplilearn
Simplilearn Reviews | How David Went From Seasoned Engineer to AI Innovator #GetCertifiedGetAhead
Simplilearn
Complete Social Media Marketing Strategy for 2026 | Social Media Marketing Strategy | Simplilearn
Simplilearn
🔥Top 4 Cybersecurity Certifications You Need! #simplilearn #shorts
Simplilearn
🔥Cloud Engineer Salary in India 2026 | City-Wise Breakdown #shorts #simplilearn
Simplilearn
Digital Marketing Full Course 2026 | Digital Marketing Tutorial For Beginners | Simplilearn
Simplilearn
Full Stack Java Developer Course | Full Stack Java Developer Tutorial for Beginners | Simplilearn
Simplilearn
Social Media Marketing Full Course | Social Media Marketing Tutorial For Beginners | Simplilearn
Simplilearn
How To Create LLM Chatbot Demo 2026 | Build a LLM Chatbot From Scratch | Simplilearn
Simplilearn
Digital Supply Chain Management Certification | Supply Chain Management Course | Simplilearn
Simplilearn
AI Agents Full Course 2026 | AI Agents Tutorial for Beginners | How to Build AI Agents | Simplilearn
Simplilearn
ITIL Full Course 2026 | ITIL 4 Foundation Course | ITIL Tutorial For Beginners | Simplilearn
Simplilearn
Generative AI Full Course 2026 | Gen AI Tutorial for Beginners | Gen AI Explained | Simplilearn
Simplilearn
ITIL Full Course 2026 | ITIL 4 Foundation Course | ITIL Tutorial For Beginners | Simplilearn
Simplilearn
Simplilearn Reviews | Integrating AI & Music | Diego's Story
Simplilearn
Digital Marketing Full Course 2026 | Digital Marketing Tutorial For Beginners | Simplilearn
Simplilearn
SEO Full Course 2026 | SEO Tutorial for Beginners | SEO Training | SEO Explained | Simplilearn
Simplilearn
PMP Vs CAPM: Which Certification Should You Choose? | PMP Vs CAPM | Simplilearn
Simplilearn
Complete Data Analyst Roadmap 2026 | How To Become A Data Analayst In 2026 | Simplilearn
Simplilearn
Generative AI Full Course 2026 | Gen AI Tutorial for Beginners | Gen AI Explained | Simplilearn
Simplilearn
🔥5 Jobs That Are Most Likely Safe from Layoffs in Today’s Market #shorts #simplilearn
Simplilearn
🔥Git vs GitHub – What's the Difference?
Simplilearn
What Goes Behind Building the Likes of Uber and Netflix? | Product Management Tutorial | Simplilearn
Simplilearn
AI Agents Full Course 2026 | AI Agents Tutorial for Beginners | How to Build AI Agents | Simplilearn
Simplilearn
Full Stack Developer Course 2026 | Full Stack Java Developer Tutorial for Beginners | Simplilearn
Simplilearn
Product Life Cycle 2025 | Stages Of Product Life Cycle | Product Life Cycle Tutorial | Simplilearn
Simplilearn
Project Management Full Course 2026 | Project Management Tutorial | PMP Course | Simplilearn
Simplilearn
PCB Design Course 2025 | PCB Designing Explained | How To Make PCBs | Simplilearn
Simplilearn
Python Full Course 2026 | Python Data Analytics Tutorial For Beginners | Simplilearn
Simplilearn
🔥Top Product Management Skills You Need to Succeed in 2026 #shorts #simplilearn
Simplilearn
SQL For Data Analytics 2026 | Essential SQL Commands | SQL Tutorial For Beginners | Simplilearn
Simplilearn
Simplilearn Reviews | Paving Way To Success With AI & ML Course | Soumik’s Upskilling Journey
Simplilearn
Six Sigma Full Course 2026 | Six Sigma Green Belt Training | Six Sigma Training | Simplilearn
Simplilearn
Learn Snowflake In 45 Mins | Snowflake Tutorial | What Is Snowflake | Snowflake Explained
Simplilearn
🔥ML Career Tip – How to Start Learning Machine Learning in 60 Seconds! #shorts#simplilearn
Simplilearn
🔥Agile vs Waterfall in 60 Seconds #shorts #simplilearn
Simplilearn
Excel Full Course 2026 | Excel Tutorial For Beginners | Microsoft Excel Course | Simplilearn
Simplilearn
What Are AI Agents? | Types Of AI Agents | AI Agents Explained | AI Agents Tutorial | Simplilearn
Simplilearn
How To Create a Product Roadmap In 2026 | Product Roadmap | What Is Product Roadmap | Simplilearn
Simplilearn
SQL Full Course 2026 | SQL Tutorial for Beginners | SQL Beginner to Advanced Training | Simplilearn
Simplilearn
🔥What Is Phishing? #shorts #simplilearn
Simplilearn
Cloud Computing Full Course 2026 | Cloud Computing Tutorial | Cloud Computing Course | Simplilearn
Simplilearn
Simplilearn Reviews | Overcoming Rejection & career plateau to finding a New Job : Bhaskar Banerji
Simplilearn
Six Sigma Full Course 2026 | Six Sigma Green Belt Training | Six Sigma Training | Simplilearn
Simplilearn
Generative AI Full Course 2026 | Gen AI Tutorial for Beginners | Gen AI Explained | Simplilearn
Simplilearn
VLSI Design Course 2026 | VLSI Tutorial For Beginners | VLSI Physical Design | Simplilearn
Simplilearn
Related Reads
📰
📰
📰
📰
Kioptrix 2: Walkthrough and Write-up
Medium · Cybersecurity
Even Cybercriminals Can’t Trust Their Service Providers
Medium · Cybersecurity
iOS 27—Apple’s New Software Will Allow Apps To Alert You About Scams
Forbes Innovation
OWASP Top 10 #1: Understanding Broken Access Control (Beginner's Guide)
Dev.to · Vimal Mudalagi
Chapters (9)
Introduction to Ethical Hacking Full Course 2026
7:55
Ethical Hacking Tutorial
8:38
Top 7 Dangerous Hacking Gadgets
2:38:12
Ethical Hacking Basics
3:45:01
Linux for Ethical Hackers
5:25:49
Kali Linux For Ethical Hacking
11:53:52
Live Demonstration
13:34:40
Kali Linux For Ethical Hacking
13:52:09
EthicalHacker G
🎓
Tutor Explanation
DeepCamp AI