Crash Course: Linux Basics
Get Your Hands Dirty
-
Important note
-
Disclaimer
-
VSCode IDE For Your Scripts! (9:30)
-
Intro to Ethical Hacking Basic Concepts and Terminologies (15:30)
-
Vulnerable Labs #1: dvwa, bwapp, webgoat, juiceshop, metasploitable2 (19:09)
-
Read Me!
-
Vulnerable Labs #2: metasploitable3 (10:19)
-
Capture The Flags(CTF): HTB and others (17:01)
Ethical Hacking 1: Understand Attack Vectors
Ethical Hacking 2: Information Gathering & Enumeration
-
Initial Reconnaissance with OSINT Framework (17:29)
-
Scanning with ZENMAP (13:07)
-
Scanning with NMAP in Command Line & in Python (25:28)
-
Scanning with Metasploit AUX & CENSYS (14:44)
-
Metasploitable Environment Preparation (8:32)
-
Enum with NMAP Part 1 (20:29)
-
Enum with NMAP Part 2 (14:15)
-
Enum with Metasploit and other tools (16:22)
Ethical Hacking 3: Vulnerability Scanning & Analysis
-
Introduction to Vulnerability Scanning and Analysis (13:35)
-
Setting up OpenVAS-GVM (9:31)
-
Vulnerability Assessment with OpenVAS-GVM (16:01)
-
Vulnerability Analysis in Action (27:23)
-
Second Opinion Vulnerability Scanning with NMAP NSE Scripts (21:30)
-
Third Opinion Vulnerability Scanning with Metasploit (12:07)
Ethical Hacking 4: Exploitation, Post Exploitation and Password Attacks
-
Initial Presentation (18:18)
-
Metasploitable2 - Part 1 (13:14)
-
Metasploitable2 - Part 2 (11:49)
-
Metasploitable2 - Part 3 (18:30)
-
Metasploitable2 - Part 4 (13:22)
-
Metasploitable3 Ubuntu - Part 1 (15:42)
-
Metasploitable3 Ubuntu - Part 2 (17:02)
-
Metasploitable3 Ubuntu - Part 3 (17:10)
-
Metasploitable3 Ubuntu - Part 4 (15:50)
-
Metasploitable3 Win2k8 - Part 1 (19:23)
-
Metasploitable3 Win2k8 - Part 2 (17:12)
-
Metasploitable3 Win2k8 - Part 3 (16:08)
-
Password Hash Crack - Part 1 (16:18)
-
Password Hash Crack - Part 2 (13:19)
Ethical Hacking 5: Network Attacks (Wired & Wireless)
Ethical Hacking 6: Social Engineering Attacks
-
Social Engineering Concepts - Part 1 (10:10)
-
Social Engineering Concepts - Part 2 (11:25)
-
Gophish Framework - Reaching the Target - Part 1 (17:05)
-
Gophish Framework - Reaching the Target - Part 2 (13:13)
-
Social Engineering Client Side Attacks - Part 1 (11:31)
-
Social Engineering Client Side Attacks - Part 2 (10:52)
Ethical Hacking 7: Web App Pentesting (OWASP-TOP 10)
-
Web App Pentesting Concepts - Part 1 (17:50)
-
Web App Pentesting Concepts - Part 2 (12:49)
-
Web App Pentesting Concepts - Part 3 (15:48)
-
Web App Pentesting Concepts - Part 4 (11:29)
-
Burp Suite Basics - Part 1 (19:49)
-
Burp Suite Basics - Part 2 (16:55)
-
Damn Vulnerable Web Application Lab - Part 1 (15:40)
-
Damn Vulnerable Web Application Lab - Part 2 (20:41)
-
Damn Vulnerable Web Application Lab - Part 3 (23:51)
-
Damn Vulnerable Web Application Lab - Part 4 (20:36)
-
Damn Vulnerable Web Application Lab - Part 5 (10:32)
-
OWASP Webgoat Lab - Part 1 (9:56)
-
OWASP Webgoat Lab - Part 2 (14:22)
-
OWASP Mutillidae II Lab - Part 1 (23:09)
-
OWASP Mutillidae II Lab - Part 2 (21:48)
-
Metasploitable 3 Vulnerable Web App (9:07)
-
bWAPP - Buggy Web Application Lab (13:43)
-
PortSwigger - Online Vulnerable Web Apps - Part 1 (16:15)
-
PortSwigger - Online Vulnerable Web Apps - Part 2 (12:38)
Crash Course: Python Scripting (incl. 2x Mini Projects)
-
Basics 1: Installation & Config , Basic Operations, Binary Operations (17:18)
-
Basics 2: Loop Statements, Flow Control and Modules (17:34)
-
Basics 3: Data Types and Functions (18:39)
-
Classes and Objects, Mini Project I: Writing a Port Scanner (21:06)
-
Mini Project II: Writing a Malware Command & Control (C&C) Server/Client (18:41)
Practical Pentest with CTFs (Let's Capture The Flags)
-
Intro to Hack the Box (HTB) CTF (7:38)
-
Easy 1 - BLUE (Enumeration, Exploitation, Hash Dump and Impacket Framework) (20:07)
-
Easy 2 - DEVEL (Indirect Web Shell Upload, Local Exploit Suggester, Priv. Esc.) (14:40)
-
Easy 3 - NETMON (PRTG Exploit with Python, Creds Discovery & Guessing) - Part 1 (18:45)
-
Easy 3 - NETMON (PRTG Manual Exploit with Nishang Reverse Shells) - Part 2 (16:06)
-
Medium 1 - POPCORN (Dirbuster Enum, Upload Abuse, Nix PAM, DirtyCow Exploit) (21:43)
-
Medium 2 - BLUNDER (Gobuster, Bludit CMS exploits) - Part 1 (18:23)
-
Medium 2 - BLUNDER (Hashcat, LinPEAS Priv Esc., sudo Exploit) - Part 2 (16:32)
-
Medium 2 - BLUNDER (CSRF/Anti-Bruteforce Bypass with Python Scripting) - Part 3 (16:21)
-
Medium 3 - SNIPER (SMB Enum, LFI RFI, Gain Rev Shell) - Part 1 (17:18)
-
Medium 3 - SNIPER (RFI RCE, Local Enum, Priv Esc, CHM Weaponization) - Part 2 (19:16)
-
Medium 3 - SNIPER (CrackMapExec, Impacket, Cookie Poisoning) - Part 3 (19:16)
-
Medium 4 - MANGO (Recon, NoSQL MongoDB Injection) - Part 1 (18:40)
-
Medium 4 - MANGO (Write NoSQL Injector with Python) - Part 2 (16:03)
-
Medium 4 - MANGO (Write NoSQL Injector with Python) - Part 3 (20:43)
-
Medium 4 - MANGO (LinPEAS, GTFOBins Priv. Esc. Attack Vectors) - Part 4 (13:15)
-
Hard 1 - CONTROL (Manual SQL Injection, SQLmap) - Part 1 (19:18)
-
Hard 1 - CONTROL (Read & Write Webshells with SQLMap, winPEAS) - Part 2 (20:08)
-
Hard 1 - CONTROL (Windows Priv. Esc Abusing SDDL Perms, Service Exec) - Part 3 (20:16)
Security Standards and Methodologies
Cobalt Strike: Operations & Development
-
Introduction to Red Teaming - Part 1 (19:12)
-
Introduction to Red Teaming - Part 2 (20:03)
-
Red Teaming Operations - Part 1 (18:46)
-
Red Teaming Operations - Part 2 (21:50)
-
Red Teaming Infrastructure - Part 1 (16:15)
-
Red Teaming Infrastructure - Part 2 (12:01)
-
Red Teaming Infrastructure - Part 3 (11:15)
-
Red Teaming Command and Control (C&C) - Part 1 (18:54)
-
Red Teaming Command and Control (C&C) - Part 2 (18:43)
-
Red Teaming Command and Control (C&C) - Part 3 (18:06)
-
Red Teaming Command and Control (C&C) - Part 4 (17:57)
-
Red Teaming Command and Control (C&C) - Part 5 (22:17)
-
Red Teaming Weaponization (DDE & Micro Attacks) - Part 1 (16:12)
-
Red Teaming Weaponization (HTA Attack, Droppers, File Format Exploits) - Part 2 (10:44)
-
Red Teaming Initial Access Attack Scenarios (12:53)
-
Red Teaming Post Exploit (Proc Injection & Bypass UAC, Token Tampering) - Part 1 (16:10)
-
Red Teaming Post Exploit (Keylogger, Screen Spy, Cobalt Strike Ops) - Part 2 (15:59)
-
Red Teaming Post Exploit (Pivoting, Session Passing, RDP Tunnel) - Part 3 (12:25)
Active Directory Attacks in Depth
-
Active Directory Attacks Concepts - Part 1 (19:17)
-
Active Directory Attacks Concepts - Part 2 (16:42)
-
Active Directory Attacks Concepts - Part 3 (18:08)
-
Active Directory Setup on Metasploitable VM (18:35)
-
Vulnerable AD Lab Preparation (17:16)
-
AD Enumeration, Credentials Replay Attacks, Over-PTH, Secretsdump and Evil-WinRM (17:35)
-
AS-REP Roast, Hashcat, Pass The Ticket Attacks (21:37)
-
Golden Tickets, Kerberoasting against User SPNs and Mimikatz Attacks (19:39)
MITRE ATT&CK Framework
-
Introduction to MITRE ATT&CK - Part 1 (13:31)
-
Introduction to MITRE ATT&CK - Part 2 (12:23)
-
Reconnaissance (8:40)
-
Resource Development (6:29)
-
Initial Access (11:35)
-
Execution (5:43)
-
Persistence (9:35)
-
Privilege Escalation (6:50)
-
Defense Evasion (14:50)
-
Credential Access (8:03)
-
Discovery (7:57)
-
Lateral Movement (4:07)
-
Collection (5:17)
-
Command and Control (7:15)
-
Exfiltration (4:09)
-
Impact (7:09)
Introduction to Defensive Security
-
SIEM vs. SOC (5:55)
-
How SIEM works (4:25)
-
What are SIEM Use-Cases and Common Mistakes? (8:24)
-
Threat Intelligence & OSSIM Open Threat Exchange (OTX) P1 (9:00)
-
Threat Intelligence & OSSIM Open Threat Exchange (OTX) P2 (5:43)
-
SIEM vs. SOAR vs. UEBA (4:12)
-
How secure is secure enough? (3:55)
-
Defense-in-Depth Architecture Part 1 (6:38)
-
Defense-in-Depth Architecture Part 2 (6:00)
Setting Up Our SIEM with Elastic-Stack & Wazuh Manager
Integrating Endpoints in Elastic-Stack & Wazuh Manager
-
Integrating Windows Endpoint in Wazuh Manager (4:53)
-
Automated Roll-out of Wazuh Agent on a Network of Windows Workstations (16:40)
-
Integrating Linux Endpoint in Wazuh Manager (3:58)
-
Integrating Fortigate Firewall in Wazuh Manager using Syslog (13:02)
-
Changing Password of the Read-Only Admin Account (7:32)
Index Life-Cycle Management (ILM) in Elasticsearch & Wazuh Manager
Applying Wazuh Capabilities for Security Monitoring
-
File Integrity Monitoring (FIM): Alert when Critical Files Touched (11:21)
-
Linux System Calls Monitoring: Alert when Auditctl Rules are met (7:05)
-
Continuous Enterprise Vulnerability Monitoring (11:51)
-
CIS Hardening Monitoring with Wazuh SCA (Less is More Principle) (9:20)
-
Windows Defender in Wazuh: Centrally Monitor Malware & Actions across Endpoints (6:18)
-
Use Sysinternals Sysmon with Wazuh: The Swiss Army Knife for Windows Monitoring (9:34)
Programming Rulesets (Decoders & Rules) in Wazuh
Practical Attacks & Threat Hunting IoC Use-Cases with Wazuh
-
Run & Detect SSH & RDP Brute Force Attack - Parrot OS & Windows Endpoint (7:45)
-
Run & Detect Shellshock Attack - Linux Endpoint (5:22)
-
Run & Detect MSHTA Session initiation Attack (6:35)
-
Run & Detect Spawn Session and Process Injection (4:49)
-
Run & Detect Priv Esc, Lateral Mov. & Exec using PSExec WMIC (Windows Endpoint) (6:24)
-
Run & Detect Mimikatz & Pass The Hash Attacks (4:21)
-
Run & Detect Log Tampering IoC (Someone is deleting his traces) (4:34)
