Description

We are in such an era where cyber security plays an important part. With systems getting smarter, we are seeing machine learning interrupting computer security. With the adoption of machine learning in upcoming security products, it is important for pentesters and security researchers to understand the working of these systems and how to breach them.

We are in an era where cyber security plays an important part and the race between attackers and defenders is tremendously growing. Companies are heavily investing to protect their data. Pentesting and privilege escalation tests prove to be a vital step to eradicate or lower down the vulnerabilities within a system, network, or application to detect weaknesses that an attacker could exploit. Throughout the course, we'll solve a number of vulnerable machines on VulnHub, TryHackMe, and HackTheBox along with the other platforms. The topic of privilege escalation will be thoroughly explained, which provides the best tools to pass a certification such as OSCP. Furthermore, we will not only focus on Linux machines but Windows machines as well. Important topics that will be covered are as follows: Advanced Linux
CTF Solutions
Linux Privilege Escalation
Windows Privilege Escalation
Kernel Exploit
SUID
Sudo
Cronjobs
Metasploit
Potato Attacks
Brute Force
Meterpreter Shells By the end of this course, you will have taken a big step to advance your cyber security career. Warning: This course aims to provide a good training for people who want to be cyber security professionals. You should not break the law in any way with the offensive penetration test techniques and you accept the responsibility by taking this course. The resource files are uploaded on the GitHub repository at https://github.com/PacktPublishing/The-Complete-Pentesting-Privilege-Escalation-Course

What You Will Learn

Explore Kernel Exploit
Learn about the Python Reverse Shell
Perform Sudo privilege escalation
Implement SUID privilege escalation
Execute Potato Attack
Perform manual privilege escalation

Audience

If you want to become a cybersecurity professional and want to deepen your knowledge in ethical hacking topics or are preparing yourself for certifications such as OSCP, then you are at the right place. This is an intermediate to advanced course.

If you want to make the most of it, you should already have a background in cybersecurity and Python. You should have a working Kali Linux or a counterpart system already; this will not be covered during the course. Due to the licensing issues, in the Windows pentest and privilege escalation sections, you will need a 'HackTheBox' membership.

Approach

This training will be completely hands-on experience but without neglecting the theory. We will cover a lot of scenarios where we solve vulnerable machines, which you will face a lot during pentests and certification exams. The course does not limit exploiting machines using Linux machines but Windows machines as well.

This will be a big step for you to advance your cybersecurity career.

Key Features

Execute privilege escalation for Linux * Execute privilege escalation for Windows * Solve CTF (Catch the Flag) solutions and move ahead in the game level

Github Repo

https://github.com/PacktPublishing/The-Complete-Pentesting-Privilege-Escalation-Course

About the Author

Codestars By Rob Percival

Rob Percival is a highly regarded web developer and Udemy instructor with over 1.7 million students. Over 500,000 of them have taken Rob's Complete Web Developer Course 2.0, as well as his Android Developer and iOS Developer courses.

Atil Samancioglu

Atil Samancioglu is a best-selling online instructor and has instructed more than 80,000 students on Ethical Hacking. Atil has trained more than 20.000 students on the following Ethical Hacking subjects: Kali Linux, Metasploit, metasploitable, social engineering, Nmap, Man-in-the-Middle attacks, MITM proxy, Beef, Wireshark, Maltego, SQL Injection, XSS, social media safety, VPN server creation, Meterpreter, Ettercap, WPA Enterprise. He currently works as eBusiness Team Leader in a multinational company.

Course Outline

1. Introduction

This video provides an overview of the tutor and about the AI sciences.

2. Course Manual

This video provides an extension and focus areas about this course in detail.

2. Bandit

1. Bandit Introduction

This video provides an introduction to the Bandit wargame. We will work together to solve and go from level 0 to level 3 of this wargame.

2. Bandit File Find Cat

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 3 to level 7 in the Bandit wargame.

3. Bandit Strings Grep

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 7 to level 9 in the Bandit wargame.

4. Bandit Base64

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 9 to level 12 in the Bandit wargame.

5. Bandit Gzip Bzip Tar

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 12 to level 15 in the Bandit wargame.

6. Bandit Nmap

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 15 to level 17 in the Bandit wargame.

7. Bandit Diff SSH

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 17 to level 19 in the Bandit wargame.

8. Bandit SUID

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 19 to level 21 in the Bandit wargame.

9. Bandit Cron

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 21 to level 23 in the Bandit wargame.

10. Bandit Cron Advanced

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 23 to level 24 in the Bandit wargame.

11. Bandit NCat Python

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 24 to level 25 in the Bandit wargame.

12. Bandit Vim More

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 25 to level 27 in the Bandit wargame.

13. Bandit Git

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 27 to level 32 in the Bandit wargame.

14. Bandit Shell

In this video, we will continue with the CTF (Capture the Flag) series; you will advance from level 32 to level 33 in the Bandit wargame.

3. Wakanda

1. Wakanda Setup

This video shows the way to set up for the Wakanda CTF (Catch the Flag) series.

2. Web Service

This video will help you analyze the Nmap scan results and try and find the vulnerable service in order to hack the machine.

3. Gathering More Information

This video explains how to gather more information post breaking through the vulnerable machine.

4. Python Reverse Shell

In this video, we will try to change the name of the user from "mamadou" to "devops", which we have hacked.

5. Sudo Privilege Escalation

In this video, we are going to escalate our privilege one more time in the hacked machine.

4. Mr. Robot

1. Mr. Robot Setup

This video shows the way to set up for the "Mr. Robot" CTF (Catch the Flag) series.

2. Username Brute Force

This video will help you move ahead with getting the username of the vulnerable machine to solve the puzzle of "Mr. Robot".

3. Password Brute Force

This video will help you move ahead with getting the password of the vulnerable machine to solve the puzzle of "Mr. Robot".

4. Hacking WordPress

This video will be further escalating the CTFs by updating the file in the hacked website's library.

5. Changing User

In this video, we are going to escalate our privilege one more time in the hacked machine.

6. SUID Privilege Escalation

In this video, we are going to escalate our privilege to become root.

5. FristiLeaks

1. FristiLeaks Setup

This video shows the way to set up for the "FristiLeaks" CTF (Catch the Flag) series.

2. Hacking the Server

This video shows how to log in to the server.

3. Switching to Admin

This video explains how to switch the admin in the vulnerable machine.

4. Cryptology

This video shows if we can become root using the admin user access.

5. Root

This video finally helps you get root access to the vulnerable machine.

6. Linux Privilege Escalation

1. TryHackMe Setup

This video shows the way to set up to hack the vulnerable machine from the "TryHackMe" server on Linux.

2. Enumeration

This video explains what our first step of action should be after hacking any vulnerable system.

3. Kernel Exploit

This video explores kernel exploits.

4. More Password Enumeration

This video demonstrates more password enumeration.

5. Sudo List

This video focuses on the sudo list.

6. Shadow

This video explores sudo list and shadow further.

7. Preload

This video explains about the preload command.

8. What is SUID?

This video explains about SUID.

9. SUID Privilege Escalation

This video explores SUID and its use for privilege escalations.

10. Path

This video explains working on the SUID files and looking at path.

11. Environment Variables

This video shows exploiting environmental variables with path.

12. Crontab

This video explains about the cron.d and crontab in order to escalate the privilege further.

13. Sudo Vulnerability

This video explains new concepts to escalate our privilege in Linux.

7. Windows Privilege Escalation

1. HackTheBox Setup

This video shows the way to set up to hack the vulnerable machine from the "HackTheBox" server on Windows.

2. HackTheBox VPN

This video shows the way to set up "HackTheBox" account and VPN.

3. First Machine Setup

This video shows how to set up the machine in order to reach the "Devel" machine, which is vulnerable machine in our case.

4. Hacking Windows

This video explores ways to hack the Windows machine.

5. Windows Command Prompt

In this video, we will dive deep into the Windows commands so that we can move ahead with further escalation.

6. Exploit Suggester

In this video, we will turn the information into valuable suggestion or escalation tips. The focus will be on the escalator suggester.

7. Other Tools

This video talks about the other tools apart from the exploit suggester.

8. Admin

This video explains how to become an administrator for the hacked Windows machine.

9. Potato Attack

This video explores further vulnerabilities in the "Devel" machine and looks at potato attack.

10. Manual Privilege Escalation

This video explores ways to do privilege escalations using manual action.

8. Arctic

1. Arctic Setup

This video shows the way to set up to hack the vulnerable machine, "Arctic".

2. Admin Dashboard

In this video, we will try to log in to the administration dashboard of "ColdFusion".

3. ColdFusion

In this video, we are going to upload the shell to the ColdFusion administrator panel.

4. Schelevator

This video explains about the Schelevator module to exploit vulnerable machine.

9. Closing

1. Closing

This video demonstrates the further learning guide and it's also a thank you video.

Course Images

The Complete Pentesting and Privilege Escalation Course

By Packt

Booking options

Highlights

Description

Course Content

About The Provider

Tags

Reviews