In this lecture, you will hear 2 very important notes about the course: How to stay on the legal side, and how to benefit from the course in full.

Some basic information about pentesting and ethical hacking.

This lecture is slightly theoratical, but you will learn about the importance of penetration testing and ethical hacking in the world of cyber security.

You will also learn the difference between penetration testing and ethical hacking.

Introducing types of pentests and pentesting process.

In this lecture, you will learn the most common and useful approaches for pentesting process which contains:

Planning, Reconnaissance, Scanning, Exploiting, Privilege Escalation, Cleaning-Up, Reporting

And also the types of pentests, such as; 

External Network Segment, Internal Network Segment, Web Applications and Services, Wireless networks, 
Servers, Network Devices, Databases, Internal Client Applications, Social Engineering, DDoS and Physical Security

What is Kali and the reason we use it?

Kali is a penetration testing platform which is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. You will learn the reasoning behind the importance of Kali and why do we use it.

Wrapping up the section.

Penetration testing it is about finding and exploiting vulnerabilities in systems to see the risk of a real compromise, before that happens. Thats why it is important for securing the networks and systems.

The importance of working on a virtual lab.

You will be setting up your lab and get ready for action in this section!

The good side of this part is, when you've successfully completed the steps I will walk you through, you will have a cyber security lab for your future, real-world tasks, too. 

How and where to download required tools: Kali, VMware Workstation Player, Metasploitable and Windows 7.

You will the sites which you can download the tools directly.

Steps of installing VMware player.

VMware workstation player is very important for virtual systems. In this lecture, You will learn how to install your vmware player.

Steps of installing Kali.

Starting from booting the Kali ISO in VMware Player, you will learn how to install Kali step-by-step.

Steps of installing metasploitable, which is an intentionally vulnerable linux distribution.

As we need practical skills, we need victim for hands on exercises. You will learn how to install metasploitable with me, in order to achieve this goal.

Steps of installing Windows 7 as a victim environment.

Windows is the prominent OS in modern computer systems today. Attacking windows is crucial for that very reason.

In this lecture, you will learn how to install Windows 7 as your target.

Wrapping up the section.

You will notice that you already have the environment almostt ready by completing this section.

Playing with the interface and accessing required settings using Kali.

Starting with the system settings and basic operations like booting or locking Kali, you will learn to find out tools and folders in this lecture.

Upgrade the system to the latest version over Internet.

You will learn how to use apt-get update and apt-get upgrade commands to update your Kali system.

Installing a very useful component to Kali: Vmtools.

Learn how to install vmtools, which is an important set of tools provided from vmware, that enables our virtual operating system to perform significantly faster for graphics performance, to support shared folders with host OS, and to support drag and drop operations.

How to start and use the top 10 tools in Kali, like nmap, iceweasel, metasploit, armitage, burp suite, beef, maltego and faraday.

Wrapping up the section.

You will learn the summary info about what you have achieved in this section about Kali.

The importance of practical lab environment and setting up the victims.

We will walk through how to setup metasploitable and Windows 7 as our pentesting targets in the upcoming lectures of this section.

Introducing metasploitable and preparing the distro for exploitation.

In this step-by-step hands on lecture, you will install metasploitable linux os with me.

Introducing Windows 7 and preparing the OS as our victim.

You will deploy the Windows 7 operating system, with the network and language settings etc.

Installing a vulnerable application to Windows machine in order to exploit the OS safely.

The vulnerable software will be downloaded from exploit-db, which is the primary resource for downloading public exploits and related vulnerable applications.

You will quickly refresh what you've achieved in this section!

Scanning with Nmap using basic options.

You will learn basic port scanning techniques; ICMP echo request, SYN packet to TCP 443 port, ACK packet TCP 80 port, ICMP timestamp request. Also, you will see how to indicate network segments and ip addresses for scanning!

Port scanning details with TCP scan and SYN scan.

You will learn the different of TCP scan and SYN scan in this lecture!

Service and version detection features of Nmap, finding out the services running on the victim machines.

You will learn how to properly use the "-sV" switch for your tests!

Nmap scanning speed options.

There are different scanning speeds ranging from T1 to T5 as nmap parameters. 

Follow this lecture and learn how the difference!

Saving Nmap scan results using different formats.

You can save nmap scan results with "output" switches.

Learn the types of nmap outputs and save it to your disk!

Wrap up what you've achieved in this section! 

Nmap is a great tool, and you learnt the basic yet most important options in this part.

Exploitation phase in a pentesting campaign.

Exploitation means taking advantage of computer systems by gaining control, allowing
priviliege escalation or a denial of service. 

You will learn the importance of the exploitation phase, and how are you going to use it!

The modules of metasploit and starting up the application.

General overview of metasploit framework will be introduced here.  

Some of them are: Payloads, Exploits, Encoders, Post-mods, Auxiliary.

You will also update the metasploit framework to get started with the newest modules!

The commands you'll use;

"apt-get dist-upgrade"

"apt-get install ruby"

How to access metasploit modules and how to set parameters for exploitation.

You will practice how to find and open the modules, as well as the commands to set parameters to msf modules with e.g. "use" and "set"

Introducing the metasploit database and importing previously saved nmap results to the database.

db_import is an important parameter which you can import nmap results to metasploit. 

Follow this lecture to learn the details!

Exploiting a Samba vulnerability on the victim machine and get shell remotely!

This lecture is very exciting as you'll send an exploit to our victim machine and pwn it remotely!

The modules you'll use: exploit/multi/samba/usermap_script

Session backgrounding and remote operations on the victim.

You'll practice the new skills you learnt and exploit the victim again with using a different module: exploit/unix/irc/unreal_ircd_3281_backdoor

You will also practice the first command you'll run in the compromised server. e.g. 

"id" , "ifconfig", "pwd", and "uname -a"

And you'll be able to background msf sessions to interact with your metasploit console and continue hacking!

An advanced trick: Creating a remote SSH user on linux machines in limited shells.

In this lecture, you will practice some advanced stuff with me, and create a remote SSH user on the victim machine.

This will show some of the real life problems in a pentest and how to bypass them!

You'll quickly refresh what you have achieved with metasploit in this section!

The importance of windows hacking and using meterpreter payload!

Meterpreter is more then a payload. It is stealhy, powerful and extensible which makes it
veryy easy for advanced features like collecting screencaptures, erasing evidence and downloading documents.

You will learn the details in this section.

Exploiting the vulnerable application "Manage Engine Security  Manager Plus" and dropping an advanced payload: meterpreter.

You will practice what it is like to practice with meterpreter, and the options on this advanced payload.

Using meterpreter for advanced features on the victim, and creating a remote Windows user.

You will first practice meterpreter commands and also backgrounding your msf sessions.

Then, you will create a user remotely on the victim which enables you to login to that server, directly!

Wrapping up the section of hacking Windows 7 with an advanced payload: meterpreter.

Accomplished goals in the course!

Starting from the logic and reasoning behind why penetration testing is veryy important for information security world, you had chance to get started with the tools like Kali, nmap and metasploit.

Furthermore, you even hacked your first victims and got shell. This enables you to feel what it is like to conduct pentesting in real, productions systems.

I hope you found it useful, practical and enjoyable.

Please feel free to send your comments or questions about the course.

Keep in touch with FeltSecure!