O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Advanced White Hat Hacking and Penetration Testing

Video Description

In this Advanced White Hat Hacking And Penetration Testing training course, expert author Ric Messier takes you beyond the basics of Ethical Hacking and shows you advanced techniques for discovering potential security problems with your websites and networks. This course requires that you already have familiarity with the basics of penetration testing, and assumes that you have already completed the Learning White Hat Hacking And Penetration Testing course from Infinite Skills.
Ric jumps right into the nitty gritty with a chapter about using Dradis. You will learn about scanning, including stealth scanning, data acquisition using various methods, and advanced ways to utilize Metasploit. In this Ethical Hacking tutorial you also learn how to use Burp Suite to do web testing, what reverse engineering is and how to use it, and finally, Ric covers fuzzing with Peach.
Once you have completed this training course on Advanced White Hat Hacking And Penetration Testing, you will have an in-depth understanding of how to test networks and websites for potential exploits for the purpose of securing them. You will also know how to use the tools and software that you will need to perform and analyze this testing.

Table of Contents

  1. Introduction
    1. What You Should Expect 00:02:18
    2. What You Should Know 00:04:49
    3. What You Will Learn 00:04:04
    4. System Requirements 00:02:35
  2. Getting Organized
    1. Ethical Hacking 00:04:05
    2. Dradis Framework 00:02:47
    3. Using Notes With Dradis 00:03:48
    4. Importing Data With Dradis 00:03:43
    5. Installing Plugins In Google Chrome 00:05:04
    6. Installing Plugins In Mozilla Firefox 00:04:43
    7. Raspberry PI 00:03:06
    8. SSH Forwarding 00:05:41
  3. Scanning
    1. Refresher On NMAP 00:02:46
    2. Scan Types 00:03:21
    3. Stealth Scanning 00:04:02
    4. Application Scans Using AMAP 00:03:28
    5. Web Testing With NMAP 00:04:28
    6. Scanning And Scripting With NMAP And UDP 00:03:58
    7. Scanning With Hping 00:03:02
    8. Payload-Based Scanning With Unicorn Scan 00:02:45
    9. TCP Scanning With Unicorn Scan 00:04:10
  4. Data Acquisition
    1. Using Wappalyzer 00:03:15
    2. Using Passive Recon 00:04:55
    3. Using Firebug 00:05:38
    4. Using Groundspeed 00:05:22
    5. Converting With Hackbar 00:02:40
    6. Managing Cookies 00:04:35
  5. Metasploit
    1. Starting Up Metasploit 00:02:41
    2. Scanning With Metasploit 00:02:59
    3. Service Scanning With Metasploit 00:04:59
    4. SMB Scanning With Metasploit 00:06:23
    5. Importing Nessus Results 00:05:16
    6. Creating Payloads 00:05:36
    7. Creating Standalone Exploits 00:03:18
    8. Encoding And Packing 00:04:17
    9. Writing Fuzzers Using Metasploit 00:06:44
    10. Exploits 00:03:56
    11. Using Meterpreter 00:03:08
    12. Post-Exploitation 00:02:52
    13. Pivoting 00:04:20
    14. Manipulating Windows API 00:04:06
    15. Client Side Attacks 00:06:32
    16. Social Engineering Toolkit 00:02:25
    17. Spear Phishing 00:03:33
    18. Web Attacks 00:03:16
    19. Automating Metasploit 00:03:22
    20. SQL Server Logins 00:04:53
    21. Token Stealing 00:02:51
    22. Extending Metasploit 00:05:12
  6. Web Testing
    1. Running Burp Suite 00:02:15
    2. Passive Scanning 00:04:35
    3. Active Scanning 00:04:54
    4. Using The Intruder 00:02:41
    5. Brute Forcing Passwords 00:03:33
    6. SQL Injection Testing With Burp Suite 00:05:59
    7. Cross Site Scripting With Burp Suite 00:04:57
    8. Using The Burp Suite Repeater 00:03:08
    9. Using The Burp Suite Sequencer 00:04:31
    10. XSS-Me 00:04:14
    11. SQL-Inject Me 00:03:51
    12. TamperData 00:03:39
    13. Injection Attacks With TamperData 00:04:05
    14. Hidden Form Fields 00:03:09
    15. ZED Attack Proxy 00:04:10
    16. Fuzzing With ZED Attack Proxy 00:03:36
    17. Hackbar 00:02:32
  7. Reverse Engineering
    1. Assembly Basics 00:04:49
    2. Buffer Overflows 00:04:37
    3. Format String Attacks 00:03:24
    4. Debugging - Linux 00:04:43
  8. Fuzzing
    1. Peach Fuzzer 00:02:28
    2. HTTP Fuzzing With Peach 00:04:56
    3. E-Mail Fuzzing With Peach 00:05:08
    4. File And Network Fuzzing With Peach 00:03:33
    5. Sulley 00:04:44
    6. Spike Proxy 00:02:53
  9. Wrapping Up
    1. Extending Your Learning 00:04:05
  10. About The Author
    1. About Ric Messier 00:03:01