freeCodeCamp.org has posted a full 14 hour network penetration testing/ethical hacking in this full tutorial course for beginners.

This course teaches everything you need to know to get started with ethical hacking and penetration testing. You will learn the practical skills necessary to work in the field.

Throughout the course, you will develop your own Active Directory lab in Windows, make it vulnerable, hack it, and patch it. We’ll cover the red and blue sides. We’ll also cover some of the boring stuff like report writing :).

This course was originally live streamed weekly on Twitch and built from lessons learned in the previous week.

GitHub repo (for homework):
https://github.com/hmaverickadams/Beginner-Network-Pentesting

Course created by The Cyber Mentor.

Check out his YouTube channel:
https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw

Course Contents

  • (0:00) – Course Introduction/whoami
  • (6:12) – Part 1: Introduction, Notekeeping, and Introductory Linux
  • (1:43:45) – Part 2: Python 101
  • (3:10:05) – Part 3: Python 102 (Building a Terrible Port Scanner)
  • (4:23:14) – Part 4: Passive OSINT
  • (5:41:41) – Part 5: Scanning Tools & Tactics
  • (6:56:42) – Part 6: Enumeration
  • (8:31:22) – Part 7: Exploitation, Shells, and Some Credential Stuffing
  • (9:57:15) – Part 8: Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
  • (11:13:20) – Part 9: NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
  • (12:40:46) – Part 10: MS17-010, GPP/cPasswords, and Kerberoasting
  • (13:32:33) – Part 11: File Transfers, Pivoting, Report Writing, and Career Advice

Siraj Raval just posted this video on defending AI against adversarial attacks

Machine Learning technology isn’t perfect, it’s vulnerable to many different types of attacks! In this episode, I’ll explain 2 common types of attacks and 2 common types of defenses using various code demos from across the Web. There’s some really dope mathematics involved with adversarial attacks, and it was a lot of fun reading about the ‘cat and mouse’ game between new attack techniques, followed by new defense techniques. I encourage anyone new to the field who finds this stuff interesting to learn more about it. I definitely plan to. Let’s look into some math, code, and examples. Enjoy!

Slideshow for this video:
https://colab.research.google.com/drive/19N9VWTukXTPUj9eukeie55XIu3HKR5TT

Demo project:
https://github.com/jaxball/advis.js

 

In this video, Siraj Raval demonstrates how to build a CyberSecurity startup around a demo app called DharmaSecurity, a fraud detection tool for businesses.

The way it works is that once signed up, a business will paste a code snippet into their website, and then they’ll get access to a dashboard that tells them how many fraudulent accounts they have.

In case you were wondering when the worlds of CyberSecurity and AI would collide and create new threats, it’s happening.

AI fuzzing definition AI fuzzing uses machine learning and similar techniques to find vulnerabilities in an application or system. Fuzzing has been around for a while, but it’s been too hard to do and hasn’t gained much traction with enterprises. Adding AI promises to make the tools easier to […]