The course that i am following is from TCM Academy
Here is the course structure which you can also see in TCM-Sec Website The Cyber Mentor Youtube and also on before enrolling. I am going to skip to The Ethical Hacker Methodology.
-
Special Thanks & Credits
-
PNPT Certification Path Progression (2:32)
Introduction
-
Course Introduction (7:24)
-
Course Discord (Important) (2:45)
-
A Day in the Life of an Ethical Hacker (20:55)
-
Why You Shouldn’t Be An Ethical Hacker
Notekeeping
-
Effective Notekeeping (6:39)
-
Important Tools (5:20)
Networking Refresher
-
Introduction (1:11)
-
IP Addresses (13:06)
-
MAC Addresses (3:13)
-
TCP, UDP, and the Three-Way Handshake (5:12)
-
Common Ports and Protocols (6:09)
-
The OSI Model (5:30)
-
Subnetting Part 1 (26:59)
-
Subnetting Part 2 (4:13)
Setting Up Our Lab
-
Installing VMWare / VirtualBox (6:15)
-
Configuring VirtualBox (3:16)
-
Installing Kali Linux (5:32)
Introduction to Linux
-
Exploring Kali Linux (3:28)
-
Sudo Overview (5:12)
-
Navigating the File System (18:12)
-
Users and Privileges (16:54)
-
Common Network Commands (8:26)
-
Viewing, Creating, and Editing Files (6:21)
-
Starting and Stopping Services (6:17)
-
Installing and Updating Tools (11:53)
-
Scripting with Bash (22:34)
Introduction to Python
-
Introduction (2:19)
-
Strings (7:24)
-
Math (5:44)
-
Variables and Methods (10:20)
-
Functions (8:58)
-
Boolean Expressions and Relational Operators (8:33)
-
Conditional Statements (6:58)
-
Lists (12:12)
-
Tuples (2:11)
-
Looping (4:29)
-
Advanced Strings (12:39)
-
Dictionaries (6:24)
-
Importing Modules (5:58)
-
Sockets (7:39)
-
Building a Port Scanner (18:33)
-
User Input (8:38)
-
Reading and Writing Files (9:56)
-
Classes and Objects (7:51)
-
Building a Shoe Budget Tool (14:19)
The Ethical Hacker Methodology
- The Five Stages of Ethical Hacking (5:16)
Information Gathering (Reconnaissance)
-
Passive Reconnaissance Overview (7:32)
-
Identifying Our Target (3:33)
-
Discovering Email Addresses (15:48)
-
Gathering Breached Credentials with Breach-Parse (7:17)
-
Hunting Breached Credentials with DeHashed (11:55)
-
Hunting Subdomains Part 1 (5:31)
-
Hunting Subdomains Part 2 (4:48)
-
Identifying Website Technologies (7:06)
-
Information Gathering with Burp Suite (8:48)
-
Google Fu (5:31)
-
Utilizing Social Media (5:37)
-
Additional Learning (OSINT Fundamentals) (0:48)
Scanning & Enumeration
-
Installing Kioptrix (6:17)
-
Scanning with Nmap (19:46)
-
Enumerating HTTP and HTTPS Part 1 (15:01)
-
Enumerating HTTP and HTTPS Part 2 (15:08)
-
Enumerating SMB (14:19)
-
Enumerating SSH (4:09)
-
Researching Potential Vulnerabilities (14:49)
-
Our Notes So Far (3:06)
Vulnerability Scanning with Nessus
-
Scanning with Nessus Part 1 (10:34)
-
Scanning with Nessus Part 2 (6:09)
Exploitation Basics
-
Reverse Shells vs Bind Shells (7:00)
-
Staged vs Non-Staged Payloads (3:21)
-
Gaining Root with Metasploit (7:40)
-
Manual Exploitation (12:40)
-
Brute Force Attacks (7:49)
-
Credential Stuffing and Password Spraying (14:02)
-
Our Notes, Revisited (3:03)
New Capstone
-
Introduction (5:42)
-
Set Up - Blue (3:56)
-
Walkthrough - Blue (17:00)
-
Set Up - Academy (2:24)
-
Walkthrough - Academy (44:19)
-
Walkthrough - Dev (25:20)
-
Walkthrough - Butler (36:18)
-
Walkthrough - Blackpearl (23:30)
Introduction to Exploit Development (Buffer Overflows)
-
Required Installations (6:16)
-
Buffer Overflows Explained (4:08)
-
Spiking (10:11)
-
Fuzzing (6:09)
-
Finding the Offset (5:19)
-
Overwriting the EIP (3:24)
-
Finding Bad Characters (7:51)
-
Finding the Right Module (8:26)
-
Generating Shellcode and Gaining Root (5:56)
-
Exploit Development Using Python3 and Mona (13:39)
Active Directory Overview
-
Active Directory Overview (5:13)
-
Physical Active Directory Components (5:45)
-
Logical Active Directory Components (7:28)
Active Directory Lab Build
-
Lab Overview and Requirements (3:01)
-
Downloading Necessary ISOs (2:47)
-
Setting Up the Domain Controllers (13:39)
-
Setting Up the User Machines (7:52)
-
Setting Up Users, Groups, and Policies (15:46)
-
Joining Our Machines to the Domain (8:48)
-
Lab Build - (Cloud Alternative) (2:04)
Attacking Active Directory: Initial Attack Vectors
-
Introduction (3:55)
-
LLMNR Poisoning Overview (7:26)
-
Capturing NTLMv2 Hashes with Responder (4:46)
-
Password Cracking with Hashcat (11:31)
-
LLMNR Poisoning Defense (2:48)
-
SMB Relay Attacks Overview (5:23)
-
Quick Lab Update (0:58)
-
Discovering Hosts with SMB Signing Disabled (3:36)
-
SMB Relay Attack Demonstration Part 1 (4:54)
-
SMB Relay Attack Demonstration Part 2 (4:07)
-
SMB Relay Attack Defenses (2:33)
-
Gaining Shell Access (7:46)
-
IPv6 Attacks Overview (4:00)
-
Installing mitm6 (1:18)
-
Setting Up LDAPS (2:24)
-
IPv6 DNS Takeover via mitm6 (7:43)
-
IPv6 Attack Defenses (3:00)
-
Passback Attacks (5:16)
-
Other Attack Vectors and Strategies (8:43)
Attacking Active Directory: Post-Compromise Enumeration
-
Introduction (2:01)
-
PowerView Overview (2:13)
-
Domain Enumeration with PowerView (15:17)
-
Bloodhound Overview and Setup (3:32)
-
Grabbing Data with Invoke-Bloodhound (3:11)
-
Enumerating Domain Data with Bloodhound (7:34)
Attacking Active Directory: Post-Compromise Attacks
-
Introduction (1:03)
-
Pass the Hash / Password Overview (3:04)
-
Installing crackmapexec (0:38)
-
Pass the Password Attacks (7:07)
-
Dumping Hashes with secretsdump.py (3:11)
-
Cracking NTLM Hashes with Hashcat (3:06)
-
Pass the Hash Attacks (6:25)
-
Pass Attack Mitigations (2:42)
-
Token Impersonation Overview (3:48)
-
Token Impersonation with Incognito (7:03)
-
Token Impersonation Mitigation (2:43)
-
Kerberoasting Overview (5:11)
-
Kerberoasting Walkthrough (3:51)
-
Kerberoasting Mitigation (1:09)
-
GPP / cPassword Attacks Overview (3:22)
-
Abusing GPP: Part 1 (8:46)
-
Abusing GPP: Part 2 (4:12)
-
URL File Attacks (5:35)
-
PrintNightmare (CVE-2021-1675) Walkthrough (12:05)
-
Mimikatz Overview (5:36)
-
Credential Dumping with Mimikatz (9:20)
-
Golden Ticket Attacks (7:18)
-
Conclusion and Additional Resources (6:24)
Additional Active Directory Attacks
- Abusing ZeroLogon (9:02)
Post Exploitation
-
Introduction (1:49)
-
File Transfers Review (2:32)
-
Maintaining Access Overview (3:32)
-
Pivoting Lab Setup (6:30)
-
Pivoting Walkthrough (6:07)
-
Cleaning Up (2:48)
Web Application Enumeration, Revisited
-
Introduction (1:49)
-
Installing Go (1:19)
-
Finding Subdomains with Assetfinder (7:43)
-
Finding Subdomains with Amass (5:27)
-
Finding Alive Domains with Httprobe (7:14)
-
Screenshotting Websites with GoWitness (4:10)
-
Automating the Enumeration Process (5:46)
-
Additional Resources (2:18)
Testing the Top 10 Web Application Vulnerabilities
-
Introduction (1:36)
-
The OWASP Top 10 and OWASP Testing Checklist (10:26)
-
Installing OWASP Juice Shop (6:48)
-
Installing Foxy Proxy (2:13)
-
Exploring Burp Suite (11:28)
-
Introducing the Score Board (2:50)
-
SQL Injection Attacks Overview (5:12)
-
SQL Injection Walkthrough (10:06)
-
SQL Injection Defenses (2:49)
-
Broken Authentication Overview and Defenses (5:43)
-
Testing for Broken Authentication (7:39)
-
Sensitive Data Exposure Overview and Defenses (4:53)
-
Testing for Sensitive Data Exposure (8:01)
-
XML External Entities (XXE) Overview (9:54)
-
XXE Attack and Defense (8:03)
-
Broken Access Control Overview (3:29)
-
Broken Access Control Walkthrough (4:28)
-
Security Misconfiguration Attacks and Defenses (4:58)
-
Cross-Site Scripting (XSS) Overview (10:33)
-
Reflected XSS Walkthrough (6:22)
-
Stored XSS Walkthrough (6:16)
-
Preventing XSS (3:48)
-
Insecure Deserialization (4:33)
-
Using Components with Known Vulnerabilities (4:38)
-
Insufficient Logging and Monitoring (3:12)
Wireless Penetration Testing
-
001_Wireless_Penetration_Testing_Overview (10:26)
-
002_WPA_PS2_Exploit_Walkthrough (13:12)
Legal Documents and Report Writing
- 001_Common_Legal_Documents (7:17)
- 002_Pentest_Report_Writing (11:16)
- 003_Reviewing_a_Real_Pentest_Report (19:34)
Career Advice
- 001_Career_Advice (11:10)