Ethical hacking fundamentals are consistent across exams, focusing on tools like Nmap, specific commands, pentesting frameworks, and the OWASP Top 10 vulnerabilities. Understanding scoping assessments, documentation purposes, and executive summaries is essential.
Pentesting Fundamentals for Beginners
Recommended experience
What you'll learn
Recall common security tools, ethical hacking techniques, and web application vulnerabilities.
Explain the process of correct reporting procedures in ethical hacking and describe threats and vulnerabilities in this context.
Apply knowledge to identify and exploit appropriate vulnerabilities in web applications.
Analyze threats and vulnerabilities to prioritize risks during penetration testing.
Skills you'll gain
Details to know
Add to your LinkedIn profile
September 2024
5 assignments
See how employees at top companies are mastering in-demand skills
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 13 modules in this course
In this module, we will provide a comprehensive overview of what the course entails. You will learn about the key topics, objectives, and structure, setting the stage for the in-depth content to follow.
What's included
1 video1 reading
In this module, we will delve into setting up a virtual lab environment. You will learn to install and configure Kali Linux, Windows 10, Metasploitable2 and Metasploitable3, and OWASP virtual machines. Additionally, we'll cover how to take snapshots of your current configurations.
What's included
6 videos1 reading
In this module, we will explore the crucial aspect of documentation in penetration testing. You'll understand the importance of scoping engagements, creating Statements of Work, Rules of Engagement, Master Service Agreements, and NDAs, as well as compiling a comprehensive Pentesting Final Report.
What's included
5 videos
In this module, we will cover key penetration testing frameworks. You'll gain high-level insights into the MITRE ATT&CK, NIST, and PTES frameworks, learning how to apply their principles to real-world penetration testing activities.
What's included
3 videos1 assignment
In this module, we will focus on Nmap, a powerful tool for network discovery. You'll learn to conduct various scans, including service and version detection, OS detection, and host discovery. Additionally, we'll explore the Nmap Scripting Engine and how to analyze scan results.
What's included
7 videos
In this module, we will introduce you to OpenVAS, a comprehensive vulnerability scanner. You will learn how to perform vulnerability scans, interpret the results, and understand the scanner's capabilities for various testing scenarios.
What's included
1 video
In this module, we will cover techniques for information gathering. You'll learn about banner grabbing and using tools like WinPEAS for automated enumeration, aiding in the reconnaissance phase of penetration testing.
What's included
2 videos1 assignment
In this module, we will explore reverse shells and persistent connections. You will learn to create persistent backdoors, reverse shells using PowerShell, and launch graphical console windows using SSH and XTERM for remote system management.
What's included
3 videos
In this module, we will examine privilege escalation techniques. You'll learn to identify vulnerabilities like Unquoted Service Path and perform privilege escalation on Windows 7 and 10 using UAC bypass methods.
What's included
3 videos
In this module, we will cover the OWASP Top 10 web application vulnerabilities. You'll learn to mitigate these vulnerabilities using various tools and techniques, including assembling fake TCP/IP packets with Hping3 and conducting scans with OWASP ZAP.
What's included
4 videos1 assignment
In this module, we will focus on testing web applications. You'll learn to configure BurpSuite, perform SQL injection attacks using SQLmap, detect web application firewalls with WAFW00F, and exploit vulnerabilities like HTTP PUT method and brute-forcing WordPress passwords.
What's included
6 videos
In this module, we will teach you how to compile exploit code for Linux and Windows. You will also learn to prepare a Windows OVA file for your virtual lab and cross-compile exploits using tools like Mingw-w64.
What's included
3 videos
In this module, we will cover scripting techniques for penetration testing. You'll learn to use Kali web shells, transfer files using HTTP and PowerShell's WebClient, and perform tasks like string slicing in Python and disabling Windows 10 UAC using PowerShell.
What's included
5 videos2 assignments
Why people choose Coursera for their career
New to Networking? Start here.
Open new doors with Coursera Plus
Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
Yes, you can preview the first video and view the syllabus before you enroll. You must purchase the course to access content not included in the preview.
If you decide to enroll in the course before the session start date, you will have access to all of the lecture videos and readings for the course. You’ll be able to submit assignments once the session starts.
Once you enroll and your session begins, you will have access to all videos and other resources, including reading items and the course discussion forum. You’ll be able to view and submit practice assessments, and complete required graded assignments to earn a grade and a Course Certificate.