Ethical Hacking -

About Course

Ethical Hacking is the practice of legally probing and testing computer systems, networks, and applications to identify vulnerabilities before malicious hackers can exploit them. This topic equips learners with the skills to protect digital assets and strengthen organizational security.

Key Points in Ethical Hacking:

Introduction to Ethical Hacking – Understanding the role of ethical hackers and legal frameworks.
Types of Hacking Techniques – Network, web application, social engineering, and system hacking.
Vulnerability Assessment – Identifying weak points in systems and networks.
Penetration Testing – Simulating attacks to test defenses and security measures.
Tools & Software – Hands-on experience with popular hacking and security tools.
Career Opportunities – Prepare for roles like ethical hacker, penetration tester, and security analyst.

Course Content

Introduction to Ethical Hacking & Legal/Professional Ethics

Definition of Ethical hacking
Definition of (red team vs Blue team)
What are the different types of hackers,
Five phases of hacking.
Laws, and ethics.
Scope of Ethical Hacking.

Installation of Ethical Hacking Environments

Linux Basics for Hackers

Master the filesystem hierarchy and navigation (/, /etc, /var, /home, pwd, cd, ls, tree) so you can quickly locate config and credential files.
Read and edit files safely (cat, less, head, tail, nano, vim) — know when to view vs modify.
Deeply understand users, groups, ownership and permissions plus special bits (SUID/SGID/sticky) — these are common privilege-escalation vectors.
Enumerate processes and services (ps aux, top, htop, systemctl) to spot unexpected or vulnerable daemons.
Perform basic networking reconnaissance and troubleshooting (ip, ifconfig, ss/netstat, ping, traceroute) to map hosts and open services.
Transfer and fetch files securely (scp, rsync, wget, curl) and manage SSH keys for passwordless access.
Use find, grep, awk, and sed together with pipes and redirection to build powerful one-liners for automated discovery.
Inspect logs and system audit trails (/var/log/*, journalctl, auth.log) for evidence of activity and misconfigurations.

Information Gathering (Reconnaissance)

Scanning & Enumeration (The “Door- Knocking” Phase)

System Hacking (Gaining Access)

System Hacking (Password Cracking& Basic Privilege Escalation)

Malware Threats

Wireless Network Hacking

Network Sniffing & MITM

Cryptography & Steganography

Social Engineering

Website Attacks

Cross-site scripting (XSS)

SQL Injection(SQLI)

Cross-Site Request Forgery (CSRF)

DOS&DDOS Attacks

IDS/IP

Revised Topic Session

Dout Clearing Sessions

Ethical Hacking

About Course

Key Points in Ethical Hacking:

What Will You Learn?

Course Content

Introduction to Ethical Hacking & Legal/Professional Ethics

Definition of Ethical hacking

Definition of (red team vs Blue team)

What are the different types of hackers,

Five phases of hacking.

Laws, and ethics.

Scope of Ethical Hacking.

Installation of Ethical Hacking Environments

ntroduction of VMs(Virtual machines).

Installation of VM.

Installation of Kali Linux on VM.

DVWA, Windows 7, windows 10 installation.

Linux Basics for Hackers

Master the filesystem hierarchy and navigation (/, /etc, /var, /home, pwd, cd, ls, tree) so you can quickly locate config and credential files.

Read and edit files safely (cat, less, head, tail, nano, vim) — know when to view vs modify.

Deeply understand users, groups, ownership and permissions plus special bits (SUID/SGID/sticky) — these are common privilege-escalation vectors.

Enumerate processes and services (ps aux, top, htop, systemctl) to spot unexpected or vulnerable daemons.

Perform basic networking reconnaissance and troubleshooting (ip, ifconfig, ss/netstat, ping, traceroute) to map hosts and open services.

Transfer and fetch files securely (scp, rsync, wget, curl) and manage SSH keys for passwordless access.

Use find, grep, awk, and sed together with pipes and redirection to build powerful one-liners for automated discovery.

Inspect logs and system audit trails (/var/log/*, journalctl, auth.log) for evidence of activity and misconfigurations.

Information Gathering (Reconnaissance)

Passive Reconnaissance: Gathering information without touching the target system.

Active Reconnaissance: Interacting directly with the target.

Scanning & Enumeration (The “Door- Knocking” Phase)

Understanding TCP/IP protocols and the 3-way handshake

Ping Sweeps to find live hosts.

Port Scanning: Mastering Nmap (Network Mapper).

Network Enumeration: Discovering network shares and SNMP information.

Theory: What is a vulnerability?

Using automated tools to find known weaknesses

Introduction to tools like:

System Hacking (Gaining Access)

Introduction to Metasploit Framework.

Understanding Metasploit modules (Exploits, Payloads, Auxiliaries).

The workflow: use exploit -> set payload -> set options -> exploit.

Introduction to Exploits & Payloads.

Exploit MS17-010 Vulnerability (Tryhackme lab Blue)

System Hacking (Password Cracking& Basic Privilege Escalation)

Techniques: Dictionary, Brute-Force, Rainbow Tables.

Privilege Escalation

Solving Labs on (Vulnhub , tryhackme ,Hack the Box)

Malware Threats

Creating and deploying Trojans and Backdoors

Understanding Viruses, Worms, and Ransomware (for defense purposes).

Using Msfvenom to create payloads.

Basics of Antivirus evasion techniques.

Wireless Network Hacking

Introduction to Wireless Networks

Types of Wireless Security Protocols ( WEP, WPA, WPA2).

Attacks on Wireless Networks

Network Sniffing & MITM

introduction to Network Sniffing.

Passive vs. Active Sniffing

Common Network Sniffing Tools

Man-in-the-Middle (MITM) Attacks and Techniques

Cryptography & Steganography

Introduction to Cryptography – fundamentals, importance in cybersecurity, common real-world applications.

Symmetric vs. Asymmetric Encryption – working principles, algorithms (AES, DES, RSA, ECC), advantages & limitations

Hashing & Digital Signatures – integrity verification, password hashing, message authentication, PKI basics.

Cryptanalysis & Attacks – brute force, dictionary, replay, man-in-the-middle, weaknesses in outdated algorithms.

Steganography & Steganalysis – hiding data in images, audio, video, network protocols, and techniques to detect them.

Social Engineering

Foundations of Social Engineering — psychology behind influence and persuasion (reciprocity, authority, scarcity, social proof), attacker goals, and ethical/legal boundaries.

Common Attack Techniques — phishing (email), spear-phishing, vishing (voice), smishing (SMS), pretexting, baiting, and tailgating — how each works and real-world examples

Reconnaissance & Profiling — open-source intelligence (OSINT) methods to gather target info (LinkedIn, social media, WHOIS), building believable pretexts

Reconnaissance & Profiling — open-source intelligence (OSINT) methods to gather target info (LinkedIn, social media, WHOIS), building believable pretexts

Website Attacks

Introduction to Website Attacks

How Website Attacks Work

Types of Vulnerabilities Exploited

Enumeration Techniques

OWASP Top 10

Cross-site scripting (XSS)

Introduction to Cross-Site Scripting (XSS).