White hat hacking is also known as ethical hacking. It involves the use of hacking techniques to identify and fix vulnerabilities in computers systems and networks. Organizations hire ethical hackers to secure their systems and play an important role in protecting individuals and businesses from cyber threats.
Online courses offer many benefits, including the ability to learn ethical hacking. Here are the top benefits of online courses:
- You can access online courses from any location, anytime, provided you have an internet connection. They are ideal for those who work long hours or live in remote locations.
- Affordable: Online courses can be more cost-effective than traditional in-person classes, since they don’t require students to travel and do not require accommodation.
- Updated content: Online courses are regularly updated to reflect the most recent trends and techniques in ethical hacking. Students are able to access the most current and relevant information.
- Practical skills: Many online courses offer practical exercises and projects that allow students the opportunity to put their skills and knowledge into practice. This allows students to gain practical skills that they can immediately apply in their career.
- Opportunities for networking: Many online courses offer forums and other interactive features that enable students to connect with peers and professionals in the industry. This is a great resource for building professional relationships and networking.
Online courses are available in a variety of subjects for anyone interested in ethical hacking. While some courses are focused on specific topics such as network security and web application security, others provide a comprehensive overview of the subject. Certification exams are a common feature of many courses. They can add value to your resume and show that you are committed to professional growth.
It is important to have strong ethical principles as well as technical skills. Ethical hackers must be dedicated to maintaining the highest standards in professionalism, and should act with integrity and respect for privacy and security. These important skills can be developed through online courses. They also provide a solid foundation for technical aspects of ethical hacking.
Online courses offer a cost-effective and convenient way to learn about ethical hacking, and to gain the knowledge and skills necessary to pursue a career within this field. Online courses can be tailored to your specific needs, whether you’re a beginner or a professional looking for ways to improve your skills.
There are many courses available in ethical hacking. I selected four courses I have participated in and enjoyed the content. All courses were created by MuharremAydin. His teaching style and explanations are excellent. He has been working in cyber security for more than 20 years. It is crucial that you find an instructor with many years of experience when choosing a course.
Course 1: Network Fundamentals and Network Layer Attacks
Network Fundamentals will provide an overview of the basic concepts of data networking operation. This includes IP addressing, subnetting and ethernet operation. It also covers ports and protocols and the OSI model. This course will help you understand the differences between a router or a switch, and the relationship between MAC addresses and IP addresses. After learning the theoretical background, Network & Data Link Layer Layer ( Layer 2 ), Attacks will teach you how to set up a lab to perform penetration testing on your machine. TCP dump, Wireshark and other tools are used to examine attacks and expand the sniffing area.
- MAC Address Table Overflow Attack, also known to be MAC flooding
- ARP Cache Poisoning attack, also called ARP Spoof,
- DHCP Starvation Attack and DHCP Spoof
- VLAN hop techniques.
This is the list of things you will learn at the end of the course
- Network Fundamentals
- Network Layer Attacks
- ARP Spoofing/ARP poisonning
- ARP Hands on Practices
- The “Man in the Middle” (Mitm )
- GNS3 Networks
- Kali is attached to the GNS3 Network
- Active Network Devices
- Network Sniffing
- Wireshark – Sniffing data and analysing HTTP traffic
- Using MITMf against Real Networks
- Weakness in Network Devices
- How to prepare your lab environment for hands on experiments
- Tools for penetration testing such as Ettercap and Wireshark
- Flooding of MAC
- DHCP Starvation & DHCP Spoof
- VLAN Hopping
- Network Device Penetration Testing
- Network Device Audits
Course 2: Complete penetration testing and ethical hacking
This course focuses on both the practical and theoretical sides of ethical hacking and penetration testing. Before you can start to do any Ethical Hacking or Penetration Testing, you’ll need to learn how set up a lab. This course will allow you to keep up-to date and provide you with the necessary skills for ethical hacking. This course will teach you how to detect and prevent attacks. It also provides actionable tips that you can use when you return to work. Muharrem Aydin is a field instructor and will share his 20-year experience with you.
This is the list of things you will learn at the end of the course
Setting up The Laboratory
- Install Kali Linux on a VM
- Install Kali Linux using ISO File
- Set Up a Victim: Metasploitable Linux
- Set up a victim: OWASP Broken Web Apps
- Windows System: Set up a Victim
Penetration Test
- Types of penetration tests
- Security Audit
- Vulnerability scan
- Black Box to White Box: Penetration Test Approaches
- Phases of the Penetration Test: Reconnaissance and Reporting
- Standards for Testing Issues
Network Fundamentals
- References Models: OSI vs. TCP/IP
- Demonstration using Wireshark of OSI Layers
- Data Link Layer (Layer 2) Standards & Protocols
- Layer 2: Ethernet – Principles, Frames & Heers
- Layer 2: ARP- Address Resolution Protocol
- Layer 2: VLANs, (Virtual Local Area Networks).
- Layer 2: WLANs (Wireless Local Area Networks).
- Introduction to Network Layer (Layer 3).
- Layer 3: IP (Internet Protocol).
- Layer 3: IPv4 Addressing Systems
- Layer 3: IPv4 Subnetting
- Layer 3: Private Networks
- Layer 3: NAT, Network Address Translation
- Layer 3: IPv6
- Layer 3: DHCP – How the Mechanism Works
- Layer 3: ICMP [Internet Control Message Protocol]
- Layer 3: Traceroute
- Introduction to Transport Layer (Layer 4).
- Layer 4: TCP – Transmission Control Protocol
- Layer 4: UDP, User Datagram Protocol
- Introduction to the Application Layer (Layer 5 – 7)
- Layer 7: DNS (Domain Name System).
- Layer 7: HTTP (Hyper Text Transfer Protocol)
- Layer 7: HTTPS
Network Scan
- Types of Network Scan
- Passive scan with Wireshark
- Passive Scan using ARP Tables
- Active Scan with Hping
- Hping for another purpose: DDos
Nmap to Active Network Scan
- Ping Scan to Enumerate the Network Hosts
- Port Scan with Nmap
- SYN Scan. TCP Scan. UDP Scan
- Version & Operating System Detection
- Nmap Management of Input & Output
- Nmap Scripting Engine
- How to bypass security measures in Nmap Scans
- Additional types of scans: XMAS and ACK, etc.
- Scan for Idle (Stealth).
Vulnerability Scanning
- Introduction to Vulnerability Scans
- Introduction to the Vulnerability Scanner Nessus
- Nessus: Install, Setup & Download
- Nessus: How to create a custom policy
- First Scan of Nessus
- A Aggressive Scan
- Nessus: Report Function
Exploitation
- Exploitation Terminologies
- Exploit Databases
- Manual Exploitation
- Exploitation Frameworks
- Metasploit Framework (MSF)
- Introduction to the MSF Console
- MSF Console and How to Run an Exploit
- Introduction to Meterpreter
- Session Meterpreter
- Meterpreter Basics
- Pass the Hash: Hack Even If There Is No Vulnerability
Post-Exploitation
- Persistence: What does it mean?
- Meterpreter Persistence Module
- Remove a persistent backdoor
- Next Generation Persistence
- Meterpreter for Post-Exploitation With Extensions: Core Stdapi, Mimikatz…
- Metasploit Framework (MSF), Post Modules
- In the Post-Exploitation Phase, collect sensitive data
Password Cracking
- Windows Systems Password Haashes
- Linux Systems Password Haashes
- Password cracking is classified
- Password cracking tools in action: Hydra. Cain. Abel. John the Ripper.
OSINT (Open Source Intelligent). Information Gathering over the Internet
- Introduction to Information Gathering
- Use search engines to find information
- Search Engine Tools: SiteDigger & SearchDiggity
- Shodan
- Gathering information about the people
- Web Archives
- FOCA – Fingerprinting Organizations with Collected Archives
- The Harvester and Recon NG are two fingerprinting tools
- Maltego – Visual Link Analysis Tool
Hacking Web Applications
- Terms and Standards
- Burp Suite allows you to intercept HTTP and HTTPS traffics
- Zed Attack Proxy (ZAP), an Automated Tool, in Details
- Information Gathering and Configuration Flaws
- Manipulation of Input and Output
- Cross Site Scripting (“XSS”)
- Reflected XSS (Stored XSS), DOM-Based and DOM-Based
- BeEF – The Browser Exploitation Foundation
- SQL Injection
- Authentication Flaws
- Online Password Cracking
- Flaws in Authorisation
- Path Traversal Attack
- Session Management
- Attack on Session Fixation
- Cross-Site Request Forgery
Social Engineering & Phishing Attacks
- Social Engineering Terminologies
- Terminologies for Creating Malware
- MSF Venom
- Veil to create custom payloads
- TheFatRat Installation and Creation of Custom Malware
- Embedding Malware in PDF Files
- Word Documents: Malware Embedded
- Firefox Add-ons: Embedding Malware
- Empire Project in Action
- Exploiting Java Vulnerabilities
- Social Engineering Toolkit (SET), for Phishing
- Phishing by sending fake emails
- Vishing via Voice Phishing
Network Layer & Layer-2 Attacks
- Create a Network with GNS3
- Network Sniffing: The Man in the Middle (MitM).
- Network Sniffing: TCPDump
- Wireshark: Network sniffing
- Active Network Devices: Hub, Switch, Router
- MAC Flood Using Macof
- ARP Spoof
- ARP Cache Poisoning using Ettercap
- DHCP Starvation & DHCP Spoofing
- VLAN Hopping – Switch Spoofing, Double Tagging
- Reconnaissance on Network Devices
- Cracking the Passwords of Network Device Services
- Compromising SNMP – Finding Community Names using NMAP Scripts
- Compromise SNMP: Use SNMP-Check to Perform Access Checks
- Compromising SNMP: Grabbing SNMP Configuration Using Metasploit
- Weaknesses in the Network Devices
- Cisco Routers Password Creation Methods
- Identity Management for Network Devices
- ACLs (Access Control Listes) for Cisco Switches and Routers
- SNMP Security (Simple Network Management Protocol).
Course 3: Network Scan with Nmap & Nessus
This course will teach you the secrets to ethical hacking and network discovery using Nmap. Nmap is the most widely used network scanning tool. You will learn how to download and install Nmap using hands-on lessons. In further lessons, you’ll scan for vulnerabilities in the network that Nessus has discovered. Nessus, the most well-known vulnerability scanner, is third in the list of most used cyber security tools.
This is the list of things you will learn at the end of the course
- Learn the basics of Network Scanning.
- Use Nmap with all your knowledge and experience
- How to scan a network looking for scripts
- Learn more about network scan types
- Learn how to use Hping
Course 4: Metasploit Penetration Testing
This course will teach you how to ethically hack with Kali (the best ethical hacking distribution Kali) and Metasploit (the tool). This course is not for those who want to do a Penetration Testing course, but complete Penetration Testing with the Metasploit. This course will teach you how to perform a penetration test using the Metasploit Framework. It is not necessary to have any prior knowledge. The course will help you move from an intermediate level to an advanced level by providing hands-on examples.
This is the list of things you will learn at the end of the course
- Penetration Testing using Metasploit
- The Metasploit Framework: Why? MSF aka: Metasploit Framework
- Metasploit Filesystem & Libraries
- Enumeration
- Vulnerability scanning
- Exploitation and Gaining access
- Post-exploitation-Meterpreter
- Antivirus Evasion and Cleaning