OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.
Take this course

How To Hack The Box To Your OSCP (Part 3)

4.9 Filled star Filled star Filled star Filled star Half star
Based on 88 ratings
see reviews
Vonnie Hudson

Are you ready to level up your game?

Ready for the hardest boxes to hack?

Want a challenge without feeling overwhelmed or confused?

I finally did it. I finally decided to create the last series in my three part collection on pwning Hack The Box machines.

There are tons of free write-ups and Youtube videos on-line that will show you how to breach a box but almost none of them break down the process step by step.

And almost none of them include all the commands as a tidy reference.

And even fewer map all attacks to the

Read more

Are you ready to level up your game?

Ready for the hardest boxes to hack?

Want a challenge without feeling overwhelmed or confused?

I finally did it. I finally decided to create the last series in my three part collection on pwning Hack The Box machines.

There are tons of free write-ups and Youtube videos on-line that will show you how to breach a box but almost none of them break down the process step by step.

And almost none of them include all the commands as a tidy reference.

And even fewer map all attacks to the

What I’ve done is taken you on a journey into my mind as I help you understand how an expert hacker thinks. You will get the behind-the-curtain view into my thought process as I think through difficult scenarios and carefully step through each obstacle until the box is pwned.

In addition, after we pop the box, we’ll take a step back and understand what vulnerabilities led to the initial intrusion vector by exploring host logs, vulnerable application source code and event logs.

I’ve prepared everything you need for learning success in one convenient package.

So, I’m going to ask again - are you ready to level up your game?

You are about to learn the following tools and techniques from an offensive perspective:

  • MITRE ATT&CK Enterprise Framework TTPs

  • ping

  • nmap

  • rpcdump

  • rpcclient

  • smbmap

  • smbclient

  • crackmapexec

  • whatweb

  • Wappalyzer

  • curl

  • openssl

  • gowitness

  • Burp Proxy

  • Burp Embedded Chromium Browser

  • feroxbuster

  • wfuzz

  • Web Application Attacks: SQLi

  • Web Application Attacks: Reflected XSS

  • Web Application Attacks: SSTI

  • Polyglot Payloads

  • Web Application Attacks: Command Injection

  • Reverse Shells: Powershell

  • Reverse Shells: Powershell Upgrade

  • Reverse Shells: Netcat

  • Reverse Shells: Meterpeter

  • Reverse Shells: PSExec

  • Reverse Shells: NoPAC

  • Base64 Encoded Powershell Payloads

  • rlwrap

  • PEASS-ng

  • Blue Team: wmic

  • Blue Team: tasklist

  • Blue Team: Get-WmiObject

  • CSRs

  • Chisel

  • ProxyChains

  • FoxyProxy SOCKS Proxies

  • tshark

  • responder

  • hashcat

  • Lateral Movement

  • Resource Development: Commando VM.

  • Resource Development: Exploit Testing and Maldoc creation

  • Defense Evasion: charlotte

  • Defense Evasion: Meterpreter

  • certutil

  • SharpCollection

  • PowerView

  • Rubeus

  • Certify

  • date (sounds lame but we actually use it in a way you've never seen before)

  • Detection Engineering: Log Review

  • Secure Coding Principles: Source Code Review

If this doesn't excite you, you are not the right person for this course. 

But if you're ready to freggin' have a blast and take your learning and skills to beast mode click Buy Now and let's begin.

Enroll now

What's inside

Learning objectives

  • How modern adversaries breach public facing webservers
  • How to weoponize benign applications with exploits
  • How to evade av and edr with advanced shellcode loaders
  • How attackers move laterally, create reverse tunnels and expand influence on the victim network
  • How to think in terms of mitre att&ck and understand the vernacular.
  • How to test and validate sqli, xss, ssti and more

Syllabus

Let the lighted path to leetness!

In this quick lecture I'm going to show you how to sign up for Hack The Box, setup your Linux VM and configure TMUX so you can start hacking like a pro! Let's go!

Read more

Learn how to use ping TTL response times to discover the target OS and how to use nmap to conduct the fastest most useful scan against a target

Use rpcdump and rpcclient to quickly gain details about a target even before gaining credential access!

Quickly leverage smbmap, smbclient and crackmapexec to scan the attack surface of a target listening on port 445.

Attacking websites is where I thrive!  In this lecture you'll learn how to use whatweb, curl, openssl, Burp Community Browser, Burp Proxy History, Wappalyzer, gowitness, wfuzz, and feroxbuster!  Are you kidding me!!?? Nope! It's going to be awesome!!! Let's go!

W00t! In this lecture we will manually test form fields for SQL injection and Cross Site Scripting vulnerabilities.  We will use a modern approach for manual XSS testing (hint: doesn't include alert( )) and then we'll flip things up a bit by using Burp to conduct the same test.  Two for the price of one! Let's go!

Ever wonder how to go from a benign finding to PoC to full scale weaponization?  This lecture shows the first half of the process.  In the second lecture we'll modify our PoC into a Powershell based reverse shell.  We're also going to talk about how these kinds of vulnerabilities arise in the first place: it really comes down to the difference between CODE and DATA.  Let's learn!

In this lecture you're going to use nishang, rlwrap, netcat, a Powershell Download Cradle and a Base64 encoded payload to get a shell on the box!! Are you ready for this?  It's time to go from PoC to RCE baby!!!

So you popped a shell using nishang but formatting is busted, characters are missing, errors abound and the shell is unstable.  In this lecture, I'll show you a trick for upgrading nishang to a fully-interactive Windows shell.  We'll read through the github page documentation, encounter a few errors along the way and then I'll "think out-loud" so you can enter into my troubleshooting process and watch how I tackle the problem and get a quick resolution - one. step. at. a. time.  Let's go!! It's going to be a great learning experience for ya. :)

Yes! Netcat all the way!  In this lecture we'll get a pure netcat reverse shell.  As a consequence we'll leave an artifact on the victim and I'll show you how Blue Teamers and Cyber Threat Hunters can leverage this observable to find attacker tools when applicable.  Let's go!

Now it's time to use PEASS-ng (formerly winPEAS) to fine escalation vectors.  Along they way we'll find cleartext credentials and some opportunities for our next action.  Let's go!!!

We're going to run four MITRE ATT&CK techniques in this one lecture! And it's all about discovery baby! We're going to play with Powershell, tasklist, wmic and more!  Let's go! NOW! LOL

So we discovered a certificate signing request (CSR) document on the victim server.  What can we do with it?  What exactly is a CSR anyway?  After watching this lecture all ambiguity will be flushed from your mind!  Let's go!

What exactly does it mean to tunnel a remote port via a reverse proxy?  And how exactly can we pull this off?  After completing this lecture you will know!  You're going to learn how to use chisel, proxychains to create a reverse proxy to send a remote, private, internal IP to our attacking machine so we can inspect the internal web application using curl, html2text and Firefox!  Let's go!  This one is going to be a lot of fun

In this lecture we discover the software portal is sending credentials via WinRM to connected clients in an effort to auto-install software when a link is clicked.  By carefully modifying the URL and spying on the request with tshark and netcat, we can capture the request and verify NTLM credentials are sent in the request!  Check it out!  You don't want to miss this one. 

We're going to use Responder, Proxychains, Curl and Hashcat to capture and crack credentials which will support our lateral movement efforts in the following lecture!  Let's go!

Let's attempt to use our capture credentials to pivot and pwn!  In this lecture we'll try to expand influence in the target network leveraging crackmapexec and smbclient.  Let's go!

W00t! Now we build out the best offensive Windows distribution on the planet! Commando VM!  If you haven't heard of this one you definitely need to check this lecture out.  The reason we're building this VM is to support our action on objectives: we need an offensive Windows server or workstation so we can test our exploit chains before the final delivery phase to the victim.  This VM is packed with sooo many goodies including nmap, Covenant C2, Mimikatz, Sysinternals, Hashcat, Burp and so much much more!  It's going to be awesome guys.  You ready?

Okay, so we've got our shiny new offensive Windows VM setup! Now I'm going to show you how to setup a file share so we can transfer the vulnerable web app from the victim network into our exploit development rig.  I KNOW you're ready for this one... so I'm not even gonna ask... haha

Can I get a what what!  So in this lecture, we're going to pop calc.  What? That's lame.  No it's not.  We're going to read and understand a PoC and then modify it to coerce Node.JS to spawn a local child process when the vulnerable desktop application is opened by the victim user.  There's a lot going on in this lecture and I promise you will love it.  I take the time to patiently describe every process - and by the end of the lecture you will be one step away from weaponization. 

This is one of the most advanced lectures in the entire course.  Here's what's up:  by the end of this lecture you will learn how to patch, debug and troubleshoot broken exploits.  You will also learn how to compile, deploy and execute a fully undetected ("FUD") shellcode loader and ultimately shovel a Meterpeter shell to your attacker box.  You will build a complex attack chain involving Reflected XSS, LOLbins, C++ Shellcode Loader, Metasploit, Meterpreter, and SMB attacks.  All in one mega lecture! Let's go!

Do you know how to escape a Docker Container? That's what we're doing in this lecture!  We're also going to explore the target system and discover our next attack path.

Now it's time to stage our attack tools on the victim server.  We're going to use some little known Metasploit modules to transfer and run our tools to the target. Prepare to learn.  Prepare for leet.  Let's go!

You ready to pop the box? Yup.  We will pwn and profit in this lecture.  Along the way you will learn how to use standard Powershell Cmdlets for offensive purposes, how to use the Meterpreter Powershell modules, how to patch a broken Powershell script, how to execute binaries on the victim using Meterpeter, how to use Rubeus to steal NTLM hashes, how to use CrackMapExec to validate access and how to pop a system shell on the target using PsExec.  I really don't know how I could have made this lecture any more awesome.

Ready to get Domain Admin in 60 seconds?  Yes, we're running an exploit but no I won't leave you hanging.  I'm going to take 15 minutes to explain our 60 second attack so you understand EXACTLY what's happening under the hood.  Let's do this baby!!

Okay, we've popped the box.  Now it's time to get ready for a damage assessment!

You came for the Gold? Here's the Gold.  You will enter the Docker Container and retrieve the IIS logs.  We'll find our attack payloads.  We'll find the vulnerable lines of source code.  You'll learn how to mitigate the threat.  If you've made it this far... you are awesome as far as I'm concerned.  You're skills are now leveled to heights very few people have.  I respect you.  Let's do this!

Traffic lights

Read about what's good
what should give you pause
and possible dealbreakers
Covers tools and techniques aligned with the MITRE ATT&CK framework, which is essential for understanding modern adversary tactics and improving defensive strategies
Focuses on practical application by walking through the process of hacking Hack The Box machines, which provides hands-on experience for real-world scenarios
Includes reverse shell techniques using Powershell, Netcat, and Meterpreter, which are valuable for penetration testing and red teaming exercises
Explores web application attacks like SQLi, XSS, and SSTI, which are common vulnerabilities that penetration testers need to identify and exploit
Requires learners to sign up for Hack The Box, which may require a subscription to access certain machines and challenges
Is part of a three-part series, suggesting that learners may benefit from taking the previous courses to build a strong foundation

Save this course

Create your own learning path. Save this course to your list so you can find it easily later.
Save

Reviews summary

Advanced offensive security for oscp prep

According to learners, this course offers deep, practical insights into advanced offensive security techniques, particularly focusing on methodologies relevant to the OSCP exam by tackling challenging Hack The Box machines. Students appreciate the instructor's approach of revealing their thought process step-by-step, which helps demystify complex attacks. The course is praised for its hands-on labs and comprehensive coverage of various tools and techniques, from initial reconnaissance to pivoting and defense evasion. While providing significant value for OSCP preparation and skill development, some learners note that it is Part 3 of a series and assumes prior knowledge, potentially making it less suitable for beginners. The instructor's clear explanations and ability to troubleshoot in real-time are frequently highlighted as highly positive aspects.
Access to Hack The Box VIP is necessary.
"Be aware that you will need a Hack The Box VIP subscription to follow along with the labs."
"Following the course requires access to specific retired Hack The Box machines, which means purchasing VIP."
"It's important to factor in the cost and necessity of an HTB VIP membership for the practical exercises."
Instructor is knowledgeable and engaging.
"The instructor's energy and obvious expertise make even the most complex topics engaging."
"His ability to troubleshoot issues live during lectures is a great learning experience in itself."
"You can tell the instructor is passionate about the subject, which makes the course much more enjoyable."
Broad range of offensive security tools used.
"A wide variety of tools are demonstrated throughout the course, showing practical application for each."
"I appreciated seeing tools like PEASS-ng, Responder, CrackMapExec, and Meterpreter used in realistic scenarios."
"Learning how different tools fit into the overall attack chain was very helpful."
Dive into pivoting, evasion, and exploit modification.
"The sections on pivoting, defense evasion, and modifying exploits were particularly insightful and covered techniques not often found elsewhere."
"I was impressed by the depth of coverage on topics like lateral movement and building FUD shellcode loaders."
"The course goes beyond basic exploitation, covering complex scenarios like Docker escapes and tunneling."
Excellent hands-on practice with HTB machines.
"Working through the challenging Hack The Box machines with the instructor's guidance provided invaluable hands-on experience."
"The practical labs are the strongest point. I learned so much by following along and actively participating."
"Getting to tackle real Hack The Box scenarios is exactly what I was looking for in an advanced course."
Instructor clearly explains thought process.
"Watching the instructor's thought process unfold was incredibly valuable. It's not just showing commands, but explaining *why*."
"I really appreciated how the course broke down complex scenarios into manageable steps, showing the attacker's perspective."
"The instructor's explanations of the 'why' behind each step were much more helpful than just getting commands from a writeup."
Highly relevant for OSCP preparation and success.
"This course is a must-have for anyone preparing for the OSCP. The machines covered and the techniques taught are spot on for the exam."
"The skills and methodologies demonstrated here are exactly what I needed to feel confident going into my OSCP attempt."
"If you're targeting OSCP, this course aligns perfectly with the types of challenges you'll face and the mindset required."
Not suitable for beginners, assumes prior knowledge.
"This is definitely not for beginners. You need solid foundational knowledge before attempting Part 3."
"Ensure you've completed the previous parts or have equivalent knowledge, as this builds on advanced concepts rapidly."
"Some steps felt very advanced and required me to pause and research prerequisites I was missing."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in How To Hack The Box To Your OSCP (Part 3) with these activities:
Review Web Application Security Fundamentals
Solidify your understanding of web application vulnerabilities like SQLi, XSS, and SSTI before diving into advanced exploitation techniques.
Browse courses on Web Application Security
Show steps
  • Review OWASP Top Ten vulnerabilities.
  • Practice identifying vulnerabilities in sample code.
  • Familiarize yourself with common attack vectors.
Review 'Penetration Testing: A Hands-On Introduction to Hacking'
Get a solid foundation in penetration testing methodologies and tools.
View Penetration Testing: A Hands-On Introduction to... on Amazon
Show steps
  • Read the chapters on reconnaissance, scanning, and exploitation.
  • Practice using the tools discussed in the book on a virtual machine.
  • Take notes on key concepts and techniques.
Review 'Web Application Hacker's Handbook'
Deepen your understanding of web application vulnerabilities and exploitation techniques with a comprehensive guide.
View The Web Application Hacker's Handbook on Amazon
Show steps
  • Read the chapters related to SQLi, XSS, and SSTI.
  • Try the examples provided in the book on a test environment.
  • Take notes on key concepts and techniques.
Four other activities
Expand to see all activities and additional details
Show all seven activities
Practice SQL Injection on PortSwigger's Web Security Academy
Reinforce your SQL injection skills through hands-on exercises and challenges.
Show steps
  • Complete the SQL injection modules on PortSwigger's Web Security Academy.
  • Attempt the advanced challenges to test your skills.
  • Document your approach and solutions for each challenge.
Write a blog post on a MITRE ATT&CK technique
Solidify your understanding of the MITRE ATT&CK framework by researching and explaining a specific technique.
Show steps
  • Choose a MITRE ATT&CK technique relevant to the course.
  • Research the technique and its real-world applications.
  • Write a blog post explaining the technique and how it can be used in attacks.
  • Include examples and code snippets to illustrate the technique.
Build a vulnerable web application
Gain a deeper understanding of web application vulnerabilities by building your own vulnerable application.
Show steps
  • Design a simple web application with common vulnerabilities.
  • Implement the application using a framework like Flask or Django.
  • Introduce vulnerabilities such as SQL injection, XSS, and SSTI.
  • Document the vulnerabilities and how they can be exploited.
Create a penetration testing report
Practice documenting your findings and recommendations after completing a penetration test.
Show steps
  • Perform a penetration test on a vulnerable machine.
  • Document your findings, including vulnerabilities and their impact.
  • Provide recommendations for remediation.
  • Format the report professionally.

Career center

Learners who complete How To Hack The Box To Your OSCP (Part 3) will develop knowledge and skills that may be useful to these careers:
Red Team Member
Red team members simulate real-world attacks to test an organization's security defenses. This course is directly aligned with the responsibilities of a red team member, providing extensive training in offensive security techniques and tools. This course helps one to weaponize applications with exploits. A Red Team Member can use skills and knowledge of tools such as `nmap`, `crackmapexec`, `reverse shells`, `defense evasion`, and `lateral movement` to conduct realistic and effective attack simulations.
See salaries and explore the career path for Red Team Member
Penetration Tester
The role of a penetration tester involves simulating cyberattacks to identify vulnerabilities in systems and networks. The course on ethical hacking provides extensive hands-on experience with tools and techniques used by real-world attackers. Aspiring penetration testers can use the knowledge of tools like `nmap`, `smbmap`, `Burp Proxy`, `SQLi`, `XSS`, and `PowerView` to effectively assess and improve an organization's security posture. This course walks through the process of exploiting vulnerable systems and understanding the vulnerabilities that led to the initial intrusion vector. Therefore, someone exploring becoming a penetration tester may find this course valuable.
See salaries and explore the career path for Penetration Tester
Application Security Engineer
Application security engineers focus on securing software applications throughout the development lifecycle. The course may be helpful to understand how attackers exploit web application vulnerabilities, which directly informs the design and implementation of secure coding practices. Application security engineers can leverage the knowledge of tools for web application attacks such as, `SQLi`, `XSS`, `SSTI`, and topics like secure coding principles and source code review to build secure applications. Learning how to test and validate these exploits can help application security engineers better defend against real-world attacks.
See salaries and explore the career path for Application Security Engineer
Vulnerability Assessor
The primary task for vulnerability assessors is to identify weaknesses in systems, networks, and applications before they can be exploited by attackers. This course may be useful in providing the practical skills and knowledge needed to conduct thorough vulnerability assessments. A vulnerability assessor benefits from learning tools like `nmap`, `Wappalyzer`, `wfuzz`, and techniques for `SQLi`, `XSS`, and `SSTI` to discover potential entry points for attackers. The course's emphasis on understanding the attacker's perspective and exploring vulnerabilities helps vulnerability assessors prioritize and address the most critical risks.
See salaries and explore the career path for Vulnerability Assessor
Network Security Engineer
Network security engineers specifically focus on protecting network infrastructure from cyber threats. This course may be helpful by providing insights into how attackers target networks and the tools and techniques they use. Network Security Engineers can use the skills and knowledge of tools like `nmap`, `smbmap`, `chisel`, `tshark`, `responder`, and methods for `lateral movement` to design and implement secure network architectures and defend against network-based attacks. This course's content on reverse tunnels gives additional insight to securing networks.
See salaries and explore the career path for Network Security Engineer
Information Security Analyst
Information security analysts plan and carry out security measures to protect an organization's computer networks and systems. This role involves analyzing security breaches to identify their root cause and implement preventative measures. This course may be helpful due to the hands-on experience with penetration testing tools and techniques such as `nmap`, `Burp Proxy`, and `hashcat`, which allows an information security analyst to simulate attacks and identify vulnerabilities. A deeper understanding of attacker thought processes and exploring host logs better prepares information security analysts to defend against real-world threats.
See salaries and explore the career path for Information Security Analyst
Security Analyst
A security analyst protects computer systems and networks from cyber threats. This role involves analyzing security breaches to identify the root cause and implement preventative measures. This course may be helpful to learn penetration testing tools and techniques such as `nmap`, `Burp Proxy`, and `hashcat`, which allows a security analyst to simulate attacks and identify vulnerabilities. The course's focus on understanding attacker thought processes and exploring host logs would prepare a security analyst to better defend against real-world threats. A security analyst would greatly benefit from this course.
See salaries and explore the career path for Security Analyst
Cyber Threat Hunter
Cyber threat hunters proactively search for malicious activity within computer systems and networks. The course may be helpful to learn various attack techniques and tools, such as `nmap`, `crackmapexec`, `reverse shells`, and `lateral movement` methods, which equips a cyber threat hunter to anticipate attacker behaviors and identify hidden threats. By understanding how attackers operate and the vulnerabilities they exploit, a cyber threat hunter can develop effective strategies for detecting and neutralizing threats before they cause significant damage. The content on log review and detection engineering provides additional skills for threat hunting.
See salaries and explore the career path for Cyber Threat Hunter
Security Engineer
Security engineers are responsible for designing, implementing, and managing security systems and infrastructure. This course may be helpful by providing a strong understanding of offensive security techniques, which informs the design of more robust defenses. Security engineers can use the knowledge of tools like `nmap`, `Burp Proxy`, `reverse shells`, and `defense evasion` methods to build secure systems that can withstand attacks. The course's coverage of topics like secure coding principles and source code review is also relevant to security engineering, enabling professionals to develop and maintain secure applications.
See salaries and explore the career path for Security Engineer
Cybersecurity Consultant
Cybersecurity consultants advise organizations on how to improve their cybersecurity posture. This role involves assessing security risks, developing security strategies, and implementing security solutions. This course may be helpful by providing a broad understanding of offensive security techniques and vulnerability assessment methodologies, which enables a cybersecurity consultant to offer informed recommendations. Someone working as a cybersecurity consultant can leverage a knowledge of the tools, secure coding principles, and threat modeling to provide effective security advice.
See salaries and explore the career path for Cybersecurity Consultant
Security Consultant
Security consultants advise organizations on how to improve their security posture. This course may be useful in providing a broad understanding of offensive security techniques and vulnerability assessment methodologies, which enables a security consultant to offer informed recommendations. A security consultant can leverage the knowledge gained from the course on tools like `nmap`, `Burp Proxy`, and `hashcat`, and on topics like secure coding principles and threat modeling, to provide practical and effective security advice.
See salaries and explore the career path for Security Consultant
Digital Forensics Analyst
Digital forensics analysts investigate cybercrimes and security incidents by analyzing digital evidence. The course may be helpful to provide valuable insights into attacker techniques and methodologies, which aids in identifying and interpreting digital evidence. This role would find value in its lessons on `host logs`, `vulnerable application source code` and `event logs`. Someone working as a Digital Forensics Analyst may also benefit from learning how attackers move laterally, create reverse tunnels, and expand influence on the network.
See salaries and explore the career path for Digital Forensics Analyst
Cloud Security Engineer
Cloud security engineers specialize in securing cloud-based systems and infrastructure. This course may be useful by providing a foundational understanding of offensive security and vulnerability assessment, which is relevant to securing cloud environments. Cloud security engineers can use the knowledge of tools and techniques gained from the course to assess the security of cloud deployments, identify vulnerabilities, and implement appropriate security controls. Knowledge of `Docker Container` escapes would be beneficial.
See salaries and explore the career path for Cloud Security Engineer
Security Architect
Security architects design and implement security solutions for organizations, aligning security strategy with business goals. This course may be helpful as it provides a broad understanding of offensive security techniques and vulnerability assessment methodologies, which informs the design of more robust and resilient security architectures. The course assists by explaining the MITRE ATT&CK framework. Security architects can leverage the knowledge gained from the course on tools, secure coding principles, threat modeling, and defense evasion to create effective and adaptable security solutions.
See salaries and explore the career path for Security Architect
Information Security Manager
An information security manager is responsible for overseeing and coordinating an organization's information security efforts. This role involves developing and implementing security policies, managing security risks, and ensuring compliance with relevant regulations. The course may be useful for developing a strong understanding of the threat landscape and the technical aspects of cybersecurity. Comprehending attacker methodologies and the vulnerabilities they target allows the information security manager to make informed decisions and allocate resources effectively.
See salaries and explore the career path for Information Security Manager

Reading list

We've selected two books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in How To Hack The Box To Your OSCP (Part 3).
Cover image
The Web Application Hacker's Handbook
Save
Comprehensive guide to web application security testing. It covers a wide range of vulnerabilities and provides detailed explanations of exploitation techniques. It valuable resource for understanding the underlying principles of web application hacking and is often used as a textbook in cybersecurity courses.
The Web Application Hacker's Handbook
Paperback
Check
The Web Application Hacker's Handbook
Kindle Edition
Check
Cover image
Penetration Testing
Save
Provides a practical introduction to penetration testing. It covers the essential tools and techniques used by penetration testers, including network scanning, vulnerability analysis, and exploitation. It good resource for beginners who want to learn the basics of penetration testing and ethical hacking. It provides a solid foundation for understanding the concepts covered in this course.
Penetration Testing: A Hands-On Introduction to...
Paperback
$$
Penetration Testing: A Hands-On Introduction to...
Kindle Edition
$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Rating
4.9 Filled star Filled star Filled star Filled star Half star
Effort
5.5 total hours
Via
Udemy
Instructor
Vonnie Hudson
Language
English
Traffic lights
Read about what's good
what should give you pause
and possible dealbreakers
Covers tools and techniques aligned with the MITRE ATT&CK framework, which is essential for understanding modern adversary tactics and improving defensive strategies
Focuses on practical application by walking through the process of hacking Hack The Box machines, which provides hands-on experience for real-world scenarios
Includes reverse shell techniques using Powershell, Netcat, and Meterpreter, which are valuable for penetration testing and red teaming exercises
Explores web application attacks like SQLi, XSS, and SSTI, which are common vulnerabilities that penetration testers need to identify and exploit
Requires learners to sign up for Hack The Box, which may require a subscription to access certain machines and challenges
Is part of a three-part series, suggesting that learners may benefit from taking the previous courses to build a strong foundation
Share this
Share to help others discover this course.
Facebook LinkedIn X Reddit Link Email
Begin learning today
Enroll now to gain full access to How To Hack The Box To Your OSCP (Part 3).
Enroll now
Save for later
Add this course to your list. Find it anytime.
Save
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser