Ontol про пентест и этичное хакерство: подборка лучших бесплатных курсов на YouTube
Анджелина как бы намекает, что пора стать этичным хакером.
Чтобы YouTube не банил обучающие курсы по хакерству, их назвали курсами этичного хакерства.
Этичный хакер — это добрый и пушистый, очень законопослушный высококвалифицированный специалист, который с письменного разрешения заказчика проверяет защищенность информационных систем этого же заказчика. Потом пишет отчет о выявленных уязвимостях и больше никому ничего не рассказывает, даже если очень хочется. Если хакер вдруг перестал быть этичным, его тут же ловят другие этичные хакеры, потому что сила в правде.
Есть очень дорогие курсы, есть не очень дорогие, а есть бесплатные. Вообще-то, тру хакер всё должен выучить самостоятельно по книгам, но иногда можно и на YouTube подсмотреть.
Предлагаем вашему вниманию подборку 20+ самых популярных обучающих видеокурсов на YouTube.
freeCodeCamp
4 700 000 просмотров
15 часов
2019 год
(0:00) — Course Introduction/whoami
(6:12) — Part 1: Introduction, Notekeeping, and Introductory Linux
(1:43:45) — Part 2: Python 101
(3:10:05) — Part 3: Python 102 (Building a Terrible Port Scanner)
(4:23:14) — Part 4: Passive OSINT
(5:41:41) — Part 5: Scanning Tools & Tactics
(6:56:42) — Part 6: Enumeration
(8:31:22) — Part 7: Exploitation, Shells, and Some Credential Stuffing
(9:57:15) — Part 8: Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
(11:13:20) — Part 9: NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
(12:40:46) — Part 10: MS17–010, GPP/cPasswords, and Kerberoasting
(13:32:33) — Part 11: File Transfers, Pivoting, Report Writing, and Career Advice
Изучаем основы Kali Linux: установка, командная строка, bash, инструменты и функции для этического взлома.
2 700 000 просмотров
2 часа
2019 год
Installing VMWare / Kali Linux
Kali Linux Overview
Navigating the File System
Users and Privileges
Common Network Commands
Viewing, Creating, and Editing Files
Starting and Stopping Services
Installing and Updating Tools
Scripting with Bash
1 100 000 просмотров
3 часа
2018 год
(0:00:00) Setting Up Burp Suite
(0:08:07) Spidering & DVWA
(0:19:04) Brute Force Attacks With Burp Suite
(0:32:55) Target Scope And Spidering
(0:46:32) Discovering Hidden Files With ZAP
(1:04:24) Web Application Firewall Detection with WAFW00F
(1:12:28) DirBuster
(1:25:27) XSS (Reflected, Stored & DOM)
(1:41:22) CSRF (Cross Site Request Forgery)
(2:02:42) Cookie Collection & Reverse Engineering
(2:14:17) HTTP Attributes (Cookie Stealing)
(2:27:48) SQL Injection
Создаем кейлогер на Python
255 000 просмотров
12 минут
2019 год
Все что нужно знать про Linux для пентеста и этичного хакерства и 20% от вообще всех навыков Linux.
217 000 просмотров
4,5 часа
2021 год
(0:00:00) Introduction
(0:01:56) Useful keyboard Shortcuts
(0:08:52) File Management & Manipulation
(0:32:18) File & Directory Permissions
(0:55:22) File & Directory Ownership
(0:59:35) grep & piping
(1:06:53) Finding Files With Locate
(1:14:36) Enumerating Distribution & Kernel Information
(1:23:30) Find + OverTheWire Bandit Challenge
(1:39:36) Shells & Bash Configuration
(1:49:53) Disk Usage
(1:58:41) File Compression & Archiving With tar
(2:05:45) Users And Groups & Permissions With Visudo
(2:24:52) Networking (ifconfig, netstat & netdiscover)
(2:40:46) TOR & Proxychains
(2:47:28) Service And Process Management (HTOP & systemctl)
(3:04:58) SSH And SSH Security
(3:20:56) Curl Fundamentals
(3:36:40) UFW Firewall (Uncomplicated Firewall)
(3:59:48) How To Clear Tracks & Logs On Linux
(4:17:43) SSH Brute Force Protection With Fail2Ban
Игры по кибербезопасности Capture The Flag (CTF) — идеальное место для практики и обучения.
208 000 просмотров
5 часов
2018 год
(0:00:16) [01] General & Forensics Warmups
(0:11:54) [02] Resources & Reversing Warmups
(0:21:41) [03] Cryptography Warmups, grep & netcat
(0:34:38) [04] Here’s Johnny
(0:45:29) [05] strings, pipe & Inspect Me
(0:50:48) [06] grep2, Aca-Shell-A, Client Side is Still Bad
(1:01:53) [07] Logon & Reading Between The Eyes
(1:08:54) [08] [08] Recovering From the Snap & Admin Panel
(1:14:12) [09] Assembly 0 & Buffer Overflow 0
(1:26:07) [10] Caesar Cipher 1, ENV, & Hertz
(1:32:26) [11] [11] Hex Editor, SSH, Irish Name Repo
(1:38:57) [12] Mr. Robots, Login, & Secret Agent
(1:46:54) [13] Truly an Artist & Assembly 1
(1:53:04) [14] be-quick-or-be-dead 1 & blaise’s cipher
(2:00:47) [15] Buffer Overflow 1 & Hertz 2
(2:09:16) [16} leak me & Now You See Me
(2:15:40) [17] quackme
(2:26:01) [18] Shellcode
(2:30:28) [19] What Base Is This?
(2:39:10) [20] You Cant See Me & Buttons
(2:43:09) [21] Super Ext Magic
(2:51:09) [22] The Vault & What’s My Name
(2:56:45) [23] Absolutely Relative
(3:00:33) [24] Assembly 2
(3:08:32) [25] Buffer Overflow 2
(3:17:07) [26] Caesar Cipher 2
(3:22:44) [27] ret2libc Exploits (got 2 learn libc)
(3:38:50) [28] RSA Madlibs
(3:55:54) [29] BE QUICK OR BE DEAD 2
(4:07:37) [30] in out error
(4:11:57) [31] Artisinal Handcrafted HTTP 3
(4:19:55) [32] echooo
(4:31:47) [33] learn gdb
(4:36:34) [34] Flaskcards
Пентест веб-приложений: Burp Suite, Nikto, Dirbuster, curl, sublist3r, nmap и пр.
181 000 просмотров
5 часов
2020 год
(0:52) Episode 1 — Enumeration
(1:20:28) Episode 2 — Enumeration, XSS, and UI Bypassing
(2:19:40) Episode 3 — XSS, SQL Injection, and Broken Access Control
(3:13:30) Episode 4 — XXE, Input Validation, Broken Access Control, and More XSS
(4:13:40) Episode 5 — SQL Injections and Live Bug Bounty Hunting
Изучаем пентест. Общие инструменты и методы, используемые этичными хакерами.
141 000 просмотров
9 часов
2020 год
(3:00) Custom Lab Files For The Course
(4:10) How Enterprise Security Works
(6:45) Enterprise Networking Explained
(11:52) Setup The Enterprise Level Pentest Lab
(19:30) Hacking The Beta Server In DMZ Area
(22:04) Reconnaissance Explained
(24:20) Using WhatWeb To Study Technology Profile
(29:40) Using WPScan For Hacking/Pen-Testing WordPres
(53:40) Using Cewl To Create A Custom Password WordList
(1:01:35) Transmutation Of Passwords With A Python Script
(1:09:22) Boom! We Cracked The Password
(1:22:47) Common Student Questions — FAQs
(1:15:44) Recap — Lab Setup On Student PC — Live
*** Session 2***
(1:34:00) Metasploit Framework Explained
(1:58:00) Search, Rank & Check To Find What You Need
(2:00:58) Use, Info & Show Options To Tune The Exploit
(2:06:19) Boom! We Got The Reverse Shell
(2:13:00) Multi Handler Explained
(2:19:22) Creating Payloads Using MSFvenom
(2:25:13) Manual Exploitation Of WordPress
(2:40:20) Common Student Questions — FAQs
***Session 3***
(2:54:00) Setup For Routing & Pivoting
(3:00:22) Ping Sweep While Routing The Traffic
(3:05:40) Adding A Manual Route To Another Network
(3:08:04) Scanning On Other Network Ranges Via The Route
(3:20:10) SMB Enumeration On Windows Machine
(3:28:00) Exploiting Windows Machine Over The Pivot
(3:37:34) Boom! We Hacked The Windows Machines Too
(3:40:30) Beauty Of Meterpreter Payload
(3:45:30) Persistence Post Exploitation Module
(3:51:30) Auto Route Post Exploitation Module
(3:54:18) Common Student Questions — FAQs
***Session 4***
(3:59:50) Setup For Advance Routing & Pivoting
(4:10:39) Portforwarding Over A Pivot
(4:17:44) Nmap Through Portforwarding
(4:21:50) Pivoting Through Socks4 Proxy Server
(4:22:00) Proxchains To Use Other Tools Over Pivot
(4:34:24) Exploiting Media Server
(4:43:32) Boom! Dummy Shell Uploaded
***Session 5***
(4:45:20) Setting Pivoted Environment With New Class
(4:49:29) Metasploit Version Of ClipBucket Exploit
(5:02:30) My Partial Access Method With Respect To Limited Time
(5:11:13) Common Student Questions — FAQs
Note: Reverse port forward is not a beginner concept so it will be taught in a more advanced course later.
***Session 6***
(5:16:34) Web Hacking Learning Resources
(5:20:00) Setup SBVA — My OSCP Inspired Web App
(5:28:48) Manual SQL Injection In Detail — OSCP Level
(6:04:12) Automated SQL Injection — LPT Level
***Session 7***
(6:15:36) Directory Bursting With DirBuster
(6:27:48`) Directory Bursting With Dirb
(6:31:00) Pen Testing Web Server With Nikto
(6:41:42) NMap Scripting Engine For Remaining Auxiliaries
(6:44:24) My Experience On OpenVas In The LPT Exam
(6:51:26) HTTP Methods Using NSE
(6:58:10) Common Student Questions — FAQs
***Session 8***
(6:59:06) KnowledgeBase Server Lab Explained
(7:02:00) LPT Methodology For Scanning
(7:09:40) Real Project We Did — Inside Look
(7:12:14) Maintain A Target Database Manually
(7:18:24) Dividing Work For A Team In Real Project
(7:24:10) Managing Professional Test In MetaSploit Framework
(7:33:54) Vulnerability Assessment
(7:37:52) Tuning An Exploit
(7:40:56) Boom! We Got The Command Shell
(7:42:04) Upgrading From A Command Shell To Meterpreter Shell
(7:45:28) Public Vs Commercial Exploits In Professional Test
***Session 9***
(7:50:22) Million Dollar Advice For Pentesting Students
(7:59:10) Privilege Escalation — Resources To Learn
(8:01:41) Privilege Escalation Using Manual Exploits
(8:32:30) Privilege Escalation Using MetaSploit Framework
Gophish — это мощный фишинговый фреймворк с открытым исходным кодом, который позволяет легко проверить подверженность вашей организации фишингу. Это важный инструмент для тестировщиков на проникновение и этичных хакеров.
103 000 просмотров
1,5 часа
2019 год
SQL-инъекция — распространенный метод взлома, используемый для извлечения или уничтожения данных из базы данных без разрешения. Это считается одной из главных угроз безопасности веб-приложений.
88 000 просмотров
1,5 часа
2021 год
(0:00:00) Introduction
(0:02:33) What is SQL Injection
(0:06:56) Lab Setup
(0:11:04) Basics of SQL
(0:16:33) Classic Injection Bypass
(0:26:01) Types of SQL Injection
(0:30:21) Union Based SQL Injection
(0:41:08) Error Based SQL Injection
(0:53:27) Boolean Based SQL Injection
(1:03:04) Time-Based SQL Injection
(1:11:39) Semi-Automated SQL Injection
(1:24:02) Fully Automated SQL Injection
(1:37:11) Defending Against SQL Injections
HackerSploit
700 000 просмотров
150+ уроков по 15–20 минут
2017 год
edureka!
6 745 000 просмотров
10 часов
2019 год
0:00:00 — Introduction
0:02:57 — Cyber security and Cryptography
0:39:34 — Cyber Threats
1:01:42 — History of Ethical Hacking
3:36:26 — Fundamentals of Networking
4:16:32 — Ethical Hacking Using Kali Linux
6:20:02 — Penetration Testing
6:45:54 — Nmap
7:01:58 — XSS (Cross-Site Scripting)
7:26:51 — DDOS
7:46:52 — SQL Injection
8:28:13 — Steganography
9:10:19 — Ethical Hacker Roadmap
9:18:10 — Ethical Hacking Interview Questions
The Cyber Mentor
278 000 просмотров
50 минут
2021 год
0:00 — Introduction
0:40 — Intigriti Sponsorship
1:32 — Origin Story
2:10 — Important Notes
5:41 — Basic IT Skills
8:16 — Networking Skills
11:31 — Linux Skills
14:52 — Coding Skills
18:34 — Hacking Basics
24:40 — Active Directory Hacking
28:53 — Web Application Hacking
34:19 — Wireless Hacking
36:04 — Hacking Certifications
39:29 — Exploit Development
41:45 — Privilege Escalation
43:15 — Content Creators, Communities, and Conclusion
Simplilearn
196 000 просмотров
12 часов
2021 год
00:00:00 Introduction to Cybersecurity
00:10:15 Top Cyber Security Skills
00:22:32 Types of Cyberattacks
00:41:59 What is Cyber Security
03:02:18 Ethical Hacking
04:46:48 Cryptography
06:11:53 CompTIA Security+Cerificatios
06:23:56 CEH Certification
07:27:33 CISSP Certification
09:40:46 Cyber Security Interview Questions and answers
Aleksa Tamburkovski
370 000 просмотров
4 часа
3:00 Teaser
8:40 Install Virtual Box
13:07 Install Kali Linux — download
19:25 Install Kali Linux — setup Virtual Box
25:29 Install pycharm in kali linux
30:44 First Line in Python
[ PORT SCANNER ]
33:00 Port Scanner (pt1)
46:35 Port Scanner (pt2)
53:33 Port Scanner (pt3)
1:00:15 Port Scanner (pt4)
1:11:37 Port Scanner (pt5)
1:21:35 Port Scanner (pt6)
[ VULNERABILITY SCANNER ]
1:34:22 Vulnerability Scanner (pt1)
1:38:32 Vulnerability Scanner (pt2)
1:45:41 Vulnerability Scanner (pt3)
2:02:58 Vulnerability Scanner (pt4)
2:17:55 Vulnerability Scanner (pt5)
[ SSH BRUTE FORCE ]
2:21:41 Install Metasploit as a VM (BONUS VIDEO)
2:26:09 SSH Brute Force (pt1)
2:33:42 SSH Brute Force (pt2)
2:38:56 SSH Brute Force (pt3)
2:44:16 SSH Brute Force (pt4)
2:54:34 SSH Brute Force (pt5)
[ ARP Spoofing ]
3:01:13 ARP Spoofing (pt1)
3:09:45 ARP Spoofing (pt2)
3:23:44 ARP Spoofing (pt3)
3:33:00 ARP Spoofing (pt4)
3:43:32 ARP Spoofing (pt5)
[ Password Sniffer ]
3:46:04 Password Sniffer (pt1)
3:51:39 Password Sniffer (pt2)
3:55:50 Password Sniffer (pt3)
4:03:10 Password Sniffer (pt4)
4:09:48 Password Sniffer (pt5)
4:15:33 ENDING
Joseph Delgadillo
1 053 000 просмотров
8 часов
2018 год
00:00 Introduction and requirements
08:44 Installing VirtualBox
20:31 Installing VirtualBox on Windows
25:10 Installing Kali Linux
45:43 Finishing our Kali installation
56:08 Installing Kali in VirtualBox on Windows 10
01:14:41 Installing Virtualbox Guest Additions
01:20:15 Guest additions fix
01:25:26 Running Kali on a USB drive
01:32:27 Essential hacking terms
01:56:47 Linux terminal basics part 1
02:11:54 Linux terminal basics part 2
02:34:41 Using the apt package manager
02:52:37 Tor part 1
03:09:06 Tor part 2
03:16:09 Proxychains
03:30:00 Adding multiple links in a proxychain
03:38:12 Macchanger
03:46:40 Setting up a web server to hack
03:54:41 phpMyAdmin configuration
04:07:00 Troubleshooting MySQL permissions
04:17:14 phpMyAdmin issue resolved
04:30:14 Setting up a database
04:37:46 Coding a simple PHP app
04:53:02 Hacking our website
05:01:15 Patching our vulnerability
05:06:52 Securing strings against SQL injections
05:28:20 SQLmap options and scanning a WordPress site
05:42:10 Using nmap to scan a server
05:52:46 Testing servers for vulnerabilities using nmap
06:00:16 Brute forcing WordPress sites
06:13:06 Brute forcing SSH, SFTP and other protocols
06:21:22 Building a simple app to brute force
06:46:27 Brute forcing PHP applications
06:56:46 Phishing demonstration part 1
07:22:01 Phishing demonstration part 2
На русском
XCode
Курсы по программированию на python (Этичный хакинг)
120 уроков по 10 минут
2020 год
Codeby
8 уроков по 2 часа
2017 год
SpecialistTV
Практические приемы этичного хакинга.
22 урока по 1 часу
2019–2021 год
Elite Hack
31 урок по 1 часу
2020 год