Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Ethical Hacking Foundation
Let's Start
ETH 101 Overview (2:50)
Meet Majd Dhainy (1:40)
Extremely Important Instructions ⚠️
💻Live #1 Kickoff Session | 14 October
➡️Join The Session (14 October)
Chapter 1: Introduction To Cybersecurity
Getting Started (0:54)
Demystifying Hacking (1:41)
Red Team vs. Blue Team (2:59)
Black, White, and Gray Hat Hackers (2:00)
Penetration Testing (2:34)
Penetration Testing vs. Bug Bounty Hunting (3:31)
Setting Up The Lab (16:16)
Kali Linux (4:27)
Linux Commands: Part 1 (4:09)
Linux Commands: Part 2 (5:02)
Linux Commands: Part 3 (5:52)
Linux Commands: Part 4 (7:03)
Linux Commands: Part 5 (8:54)
Protocols, IP & MAC Addresses (7:55)
Port, TCP and UDP Protocols (3:19)
Router (2:19)
Server (3:16)
HTTP & DNS (5:15)
Cryptography (2:17)
Caesar Cipher (3:50)
Cryptography Challenge (1:32)
Hashing (5:38)
Recommended Books & Articles
External Resource: Public Key Cryptography
External Resource: Learn the 50 most popular Linux commands
Chapter 2: Network Security
Getting Started (1:15)
Network Adapter: Hardware Specifications (3:54)
Important Notes About The Wireless Adapter
Configuring the Wireless Adapter (4:23)
De-authentication Attack: Theoretical (4:20)
De-authentication Attack: Practical (7:46)
WEP Hacking: Theoretical (6:27)
WEP Hacking: Practical (9:46)
WPA/WPA2 Hacking: Theoretical (3:39)
WPA/WPA2 Hacking: Practical - Part 1 (5:50)
WPA/WPA2 Hacking: Practical - Part 2 (3:31)
WPA/WPA2 Hacking: Building Your Own Wordlist (5:01)
Network Exploitation (1:01)
ARP Protocol (3:05)
Exploit ARP Protocol (3:00)
Man In The Middle Attack (7:34)
Gathering Information with Nmap (7:45)
The Power of Network Pentesting (3:29)
Am I a Pro Network Hacker Now? (2:04)
Recommended Books & Articles
External Resource: Network Stacks and the Internet
External Resource: Hacking a Professional Drone
💻Live #2 Introduction & Wi-Fi/Network Pen Testing | 13 October
➡️Join The Session (13 October)
Chapter 3: Web Application Penetration Testing
Getting Started (1:08)
Web Application Pentesting: Introduction (6:17)
URL (1:46)
Client/Server Architecture (1:06)
HTTP Request (5:00)
HTTP Response (2:56)
Cookies (2:20)
Encoding and Decoding (3:18)
SOP and CORS (3:07)
Google Dorking (5:09)
Subdomains Enumeration (3:24)
Directory Brute Forcing (2:48)
ToolKit: What is Proxy? (1:37)
ToolKit: Setting Up Burpsuite (5:37)
Logical Vulnerabilities: Theoretical (5:10)
Logical Vulnerabilities LAB 1: Excessive Trust in Client-Side Controls (9:09)
Logical Vulnerabilities LAB 1: Alternative Possible Scenario - Part 1 (4:29)
Logical Vulnerabilities LAB 1: Alternative Possible Scenario - Part 2 (2:06)
Logical Vulnerabilities LAB 1: Alternative Possible Scenario - Part 3 (6:16)
Logical Vulnerabilities LAB 2: 2FA Broken Logic - Part 1 (9:30)
Logical Vulnerabilities LAB 2: 2FA Broken Logic - Part 2 (9:48)
Real World Example: Break The Saved Tab (12:59)
Real World Example: Bypassing Break Saved Tab Mitigation (6:39)
Mitigating Logical Vulnerabilities (1:06)
Access Controls Vulnerabilities: Access Controls (4:41)
Access Controls Vulnerabilities: IDOR (5:12)
Retrieving Object IDs (5:19)
Access Controls Vulnerabilities LAB 1: Insecure Direct Object References (12:29)
Real World Example 1: Delete any comment on Facebook (5:33)
Real World Example 2: Editing Instagram Reels Thumbnail (4:58)
Mitigating IDOR Vulnerability (3:51)
Client Side Vulnerabilities: Introduction (0:22)
Cross-Site Request Forgery (CSRF) (6:10)
CSRF Exploit Scenario (7:23)
CSRF LAB 1: No Defenses (14:42)
CSRF LAB 2: Token Presence Validation (9:35)
CSRF LAB 3: Token and User Session (13:54)
Real World Example: CSRF in Facebook Subdomain (2:26)
Mitigating CSRF Vulnerability (1:15)
Clickjacking (4:01)
Clickjacking vs CSRF (1:31)
Clickjacking LAB 1: Clickjacking & CSRF Presence (9:38)
Real World Example: Clickjacking in Google Play (2:56)
Mitigating Clickjacking (3:27)
Cross Site Scripting (XSS) (3:56)
Reflected XSS (10:43)
Reflected XSS LAB 1: HTML Context With Nothing Encoded (13:51)
Reflected XSS LAB 2: Attribute With Angle Brackets (12:47)
Reflected XSS LAB 3: JS String With Angle Brackets (17:54)
Reflected XSS LAB 4: JS String With Single Quote & Backslash Escaped (10:35)
Stored XSS (4:41)
Stored XSS LAB 1: HTML Context (6:10)
Stored XSS LAB 2: Anchor href Attribute (8:01)
Stored XSS LAB 3: Onclick Event (12:45)
Stored XSS LAB 4: Capture Passwords (16:32)
Real World Example: Stored XSS in TikTok (2:28)
Mitigating XSS Vulnerability (2:46)
Server Side Vulnerabilities: Attacking Data Storage (2:19)
Login Example (3:36)
Bypassing Login using SQLI (5:18)
SQLI Pre - LAB 1 (4:52)
SQLI LAB 1: Login Bypass - Part 1 (3:52)
SQLI LAB 1: Login Bypass - Part 2 (3:59)
SQLI Example: Retreive Hidden Courses (6:09)
SQLI Pre - LAB 2 (3:02)
SQLI LAB 2: Retrieve Hidden Data (4:32)
SQLI Into Different Statements Types (7:18)
Union Based SQLI (6:26)
Union Based SQLI: Methodology (4:39)
SQLI LAB 3: Determining Columns Numbers (4:01)
SQLI LAB 4: Finding a Column Containing Text (4:43)
SQLI LAB 5: Retrieving Data From Other Tables (7:57)
SQLI LAB 5: Using SQLMAP (6:52)
Boolean Based SQLI (Blind SQLI) (12:48)
SQLI LAB 6: Blind SQLI With Conditional Responses (10:59)
Mitigating SQLI Vulnerability (2:42)
Denial of Service Attack (DoS) (3:19)
Network Based DoS (2:37)
DoS vs DDoS (2:44)
Web Vulnerability Based DoS (2:56)
Web App DoS Exploit Scenario (2:45)
Real World Example: Instagram Livestream Crash (6:15)
Mitigating DoS (2:10)
Recommended Books & Articles
💻Live #3 Web Application Pen Testing Module - (I) | 18 October
➡️Join The Session (18 October)
💻Live #4 Web Application Pen Testing Module - (II) | 20 October
➡️Join The Session (20 October)
Chapter 4: Bug Bounty Hunting
Getting Started (0:34)
Bug Bounty Definition (6:12)
Get Started (6:31)
Reporting First Valid Bug (4:49)
Real World Example: Facebook Chat Members (4:41)
Real World Example: Instagram Posts Description (4:50)
Real World Example: Messenger Private Attachements (5:29)
Bug Bounty Advice & Resources (3:46)
Recommended Books & Articles
Chapter 5: Execlusive Podcast With Experts
Getting Started (0:47)
Kassem Bazzoun: Being on Meta White Hat list since 2015 (56:22)
Hassan Saayed: When age is not a barrier to starting ethical hacking (38:19)
Ali Chehab & Ali Kalout: Specializing in hacking GitHub and GitLab (42:47)
Bassem Bazzoun: Regarding bounties in tens of thousands of dollars (47:36)
Ali Ayoub: The secrets of mobile app penetration testing (74:46)
Mohamad Atwi: Hacking the U.S. Department of Health (73:40)
Hussein Daher: Meet one of the top Lebanese hackers (42:29)
Ending & What's Next!?
Ending & What is next & Tips and Tricks (5:45)
Taking Revenge: Hacking into Majd's Device (4:03)
Generate Certificate
Meet Majd Dhainy
Complete and Continue