New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support
Educate 360
New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support
Educate 360
New Horizons New Horizons Project Management Academy Project Management Academy Six Sigma Online Six Sigma Online TCM Security TCM Security TRACOM TRACOM Velopi Velopi Watermark Learning Watermark Learning
Contact Sales Contact Support LMS Login Login
TCM-Sec-Primary-Logo
Get a Free Consultation

Practical Ethical Hacking

Learn how to hack like a pro. 20 hours of up to date practical hacking techniques with absolutely no filler.

View Membership Options

Training for a team or organization? Contact us about group access.

Practical ethical hacking course logo

Inside the Course

Scroll down to explore the skills you’ll build, the techniques you’ll master, and the requirements to get started.

Start Learning This Course Today

The All-Access Membership gives you unlimited access to this course, hands-on labs, and a complete library of cybersecurity training. Everything you need to build real-world skills is included.

View Membership Options

Questions?

If you need clarification on the course or its requirements, simply use the chat button below and our team will assist you.

Chat with Support
  • Difficulty: Beginner
  • Duration: 20h
  • Access: Included in Membership

Overview

Welcome to this course on Practical Ethical Hacking. To enjoy this course, you need nothing but a positive attitude and a desire to learn. No prior hacking knowledge is required.

In this course, you will learn the practical side of ethical hacking. Too many courses teach students tools and concepts that are never used in the real world. In this course, we will focus only on tools and topics that will make you successful as an ethical hacker. The course is incredibly hands on and will cover many foundational topics.

Live Training Available for This Topic

Looking to go deeper? This course aligns with upcoming instructor-led sessions covering real-world applications and guided labs.

Explore Instructor-Led Training

Objectives

A Day in the Life of an Ethical Hacker:

What does an ethical hacker do on a day to day basis? How much can he or she make? What type of assessments might an ethical hacker perform? These questions and more will be answered.

Effective Notekeeping:

An ethical hacker is only as good as the notes he or she keeps. We will discuss the important tools you can use to keep notes and be successful in the course and in the field.

Networking Refresher:

This section focuses on the concepts of computer networking. We will discuss common ports and protocols, the OSI model, subnetting, and even walk through a network build with using Cisco CLI.

Hacking Methodology:

This section overviews the five stages of hacking, which we will dive deeper into as the course progresses.

Reconnaissance and Information Gathering:

You’ll learn how to dig up information on a client using open source intelligence. Better yet, you’ll learn how to extract breached credentials from databases to perform credential stuffing attacks, hunt down subdomains during client engagements, and gather information with Burp Suite.

Scanning and Enumeration:

One of the most important topics in ethical hacking is the art of enumeration. You’ll learn how to hunt down open ports, research for potential vulnerabilities, and learn an assortment of tools needed to perform quality enumeration.

Exploitation Basics:

Here, you’ll exploit your first machine! We’ll learn how to use Metasploit to gain access to machines, how to perform manual exploitation using coding, perform brute force and password spraying attacks, and much more.

Active Directory:

The Active Directory portion of the course focuses on several topics. You will build out your own Active Directory lab and learn how to exploit it. Attacks include, but are not limited to: LLMNR poisoning, SMB relays, IPv6 DNS takeovers, pass-the-hash/pass-the-password, token impersonation, kerberoasting, GPP attacks, golden ticket attacks, and much more. You’ll also learn important tools like mimikatz, Bloodhound, and PowerView. This is not a section to miss!

Post Exploitation:

The fourth and fifth stages of ethical hacking are covered here. What do we do once we have exploited a machine? How do we transfer files? How do we pivot? What are the best practices for maintaining access and cleaning up?

Web Application Penetration Testing:

In this section, we revisit the art of enumeration and are introduced to several new tools that will make the process easier. You will also learn how to automate these tools utilize Bash scripting. After the enumeration section, the course dives into the OWASP Top 10. We will discuss attacks and defenses for each of the top 10 and perform walkthroughs using vulnerable web applications. Topics include: SQL Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control, Security Misconfigurations, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, and Insufficient Logging and Monitoring

Wireless Attacks:

Here, you will learn how to perform wireless attacks against WPA2 and compromise a wireless network in under 5 minutes.

Legal Documentation and Report Writing:

A topic that is hardly ever covered, we will dive into the legal documents you may encounter as a penetration tester, including Statements of Work, Rules of Engagement, Non-Disclosure Agreements, and Master Service Agreements. We will also discuss report writing. You will be provided a sample report as well as walked through a report from an actual client assessment.

Career Advice:

The course wraps up with career advice and tips for finding a job in the field.

At the end of this course, you will have a deep understanding of external and internal network penetration testing, wireless penetration testing, and web application penetration testing. All lessons taught are from a real-world experience and what has been encountered on actual engagements in the field.

System Requirements

  • For Mid-Course Capstone: A minimum of 12GB of RAM is suggested.
  • For Wireless Hacking: A wireless adapter that supports monitor mode (links provided in course).
  •  For Active Directory Lab Build: A minimum of 16GB of RAM is suggested. Students can still participate in the course, but may experience slow lab environments.

Prerequisites

Basic ITLinux, and Programming knowledge

Course Curriculum

  • Before We Begin
    • Special Thanks & Credits
    • PNPT Certification Path Progression
    • Section Quiz
  • Introduction
    • Course Introduction
    • Course Discord (Important)
    • A Day in the Life of an Ethical Hacker
    • Why You Shouldn’t Be An Ethical Hacker
    • Section Quiz
  • Notekeeping
    • Effective Notekeeping
    • Screenshots for the Win
    • Section Quiz
  • Networking Refresher
    • Introduction
    • IP Addresses
    • MAC Addresses
    • TCP, UDP, and the Three-Way Handshake
    • Common Ports and Protocols
    • The OSI Model
    • Subnetting Part 1
    • Subnetting Part 2
    • Section Quiz
  • Setting Up Our Lab
    • Installing VMWare / VirtualBox
    • Configuring VirtualBox
    • Installing Kali Linux
    • Section Quiz
  • Help! Linux and Python Are Missing!
    • Read Me
  • Introduction to Linux
    • Exploring Kali Linux
    • Sudo Overview
    • Navigating the File System
    • Users and Privileges
    • Common Network Commands
    • Viewing, Creating, and Editing Files
    • Starting and Stopping Services
    • Installing and Updating Tools
    • Scripting with Bash
    • Section Quiz
  • Introduction to Python
    • Introduction
    • Strings
    • Math
    • Variables and Methods
    • Functions
    • Boolean Expressions and Relational Operators
    • Conditional Statements
    • Lists
    • Tuples
    • Looping
    • Advanced Strings
    • Dictionaries
    • Importing Modules
    • Sockets
    • Building a Port Scanner
    • User Input
    • Reading and Writing Files
    • Classes and Objects
    • Building a Shoe Budget Tool
    • Section Quiz
  • The Ethical Hacker Methodology
    • The Five Stages of Ethical Hacking
    • Section Quiz
  • Information Gathering (Reconnaissance)
    • Passive Reconnaissance Overview
    • Identifying Our Target
    • Discovering Email Addresses
    • Gathering Breached Credentials with Breach-Parse
    • Hunting Breached Credentials with DeHashed
    • Hunting Subdomains Part 1
    • Hunting Subdomains Part 2
    • Identifying Website Technologies
    • Information Gathering with Burp Suite
    • Google Fu
    • Utilizing Social Media
    • Additional Learning (OSINT Fundamentals)
    • Section Quiz
  • Scanning & Enumeration
    • Installing Kioptrix
    • Scanning with Nmap
    • Enumerating HTTP and HTTPS Part 1
    • Enumerating HTTP and HTTPS Part 2
    • Enumerating SMB
    • Enumerating SSH
    • Researching Potential Vulnerabilities
    • Our Notes So Far
    • Section Quiz
  • Vulnerability Scanning with Nessus
    • Scanning with Nessus Part 1
    • Scanning with Nessus Part 2
    • Section Quiz
  • Exploitation Basics
    • Reverse Shells vs Bind Shells
    • Staged vs Non-Staged Payloads
    • Gaining Root with Metasploit
    • Manual Exploitation
    • Brute Force Attacks
    • Credential Stuffing and Password Spraying
    • Our Notes, Revisited
    • Section Quiz
  • New Capstone
    • Introduction
    • Set Up – Blue
    • Walkthrough – Blue
    • Set Up – Academy
    • Walkthrough – Academy
    • Walkthrough – Dev
    • Walkthrough – Butler
    • Walkthrough – Blackpearl
  • Introduction to Exploit Development (Buffer Overflows)
    • Required Installations
    • Buffer Overflows Explained
    • Spiking
    • Fuzzing
    • Finding the Offset
    • Overwriting the EIP
    • Finding Bad Characters
    • Finding the Right Module
    • Generating Shellcode and Gaining Root
    • Exploit Development Using Python3 and Mona
    • Section Quiz
  • Active Directory Overview
    • Active Directory Overview
    • Physical Active Directory Components
    • Logical Active Directory Components
    • Section Quiz
  • Active Directory Lab Build
    • Lab Overview and Requirements
    • Lab Build – (Cloud Alternative)
    • Downloading Necessary ISOs
    • Setting Up the Domain Controller
    • Setting Up the User Machines
    • Setting Up Users, Groups, and Policies
    • Joining Our Machines to the Domain
  • Attacking Active Directory: Initial Attack Vectors
    • Introduction
    • LLMNR Poisoning Overview
    • Capturing Hashes with Responder
    • Cracking Our Captured Hashes
    • LLMNR Poisoning Mitigation
    • SMB Relay Attacks Overview
    • SMB Relay Attacks Lab
    • SMB Relay Attack Defenses
    • Gaining Shell Access
    • IPv6 Attacks Overview
    • IPv6 DNS Takeover via mitm6
    • IPv6 Attack Defenses
    • Passback Attacks
    • Initial Internal Attack Strategy
    • Section Quiz
  • Attacking Active Directory: Post-Compromise Enumeration
    • Introduction
    • Domain Enumeration with ldapdomaindump
    • Domain Enumeration with Bloodhound
    • Domain Enumeration with Plumhound
    • Domain Enumeration with PingCastle
    • Section Quiz
  • Attacking Active Directory: Post-Compromise Attacks
    • Introduction
    • Pass Attacks Overview
    • Pass Attacks
    • Dumping and Cracking Hashes
    • Pass Attack Mitigations
    • Kerberoasting Overview
    • Kerberoasting Walkthrough
    • Kerberoasting Mitigation
    • Token Impersonation Overview
    • Token Impersonation Walkthrough
    • Token Impersonation Mitigation
    • LNK File Attacks
    • GPP / cPassword Attacks and Mitigations
    • Mimikatz Overview
    • Credential Dumping with Mimikatz
    • Post-Compromise Attack Strategy
    • Section Quiz
  • We’ve Compromised the Domain – Now What?
    • Post-Domain Compromise Attack Strategy
    • Dumping the NTDS.dit
    • Golden Ticket Attacks Overview
    • Golden Ticket Attacks
  • Additional Active Directory Attacks
    • Section Overview
    • Abusing ZeroLogon
    • PrintNightmare (CVE-2021-1675) Walkthrough
    • Section Quiz
  • Active Directory Case Studies
    • AD Case Study #1
    • AD Case Study #2
    • AD Case Study #3
  • Post Exploitation
    • Introduction
    • File Transfers Review
    • Maintaining Access Overview
    • Pivoting Overview
    • Pivoting Walkthrough
    • Cleaning Up
    • Section Quiz
  • Web Application Enumeration, Revisited
    • Introduction
    • Installing Go
    • Finding Subdomains with Assetfinder
    • Finding Subdomains with Amass
    • Finding Alive Domains with Httprobe
    • Screenshotting Websites with GoWitness
    • Automating the Enumeration Process
    • Additional Resources
    • Section Quiz
  • Find & Exploit Common Web Vulnerabilities
    • Introduction
    • Lab Setup (full text instructions included in course notes)
    • SQL Injection – Introduction
    • SQL Injection – UNION
    • SQL Injection – Blind Part 1
    • SQL Injection – Blind Part 2
    • SQL Injection – Challenge Waklthrough
    • XSS – Introduction
    • XSS – DOM Lab
    • XSS – Stored Lab
    • XSS – Challenge Walkthrough
    • Command Injection – Introduction
    • Command Injection – Basics
    • Command Injection – Blind / Out-of-Band
    • Command Injection – Challenge Walkthrough
    • Insecure File Upload – Introduction
    • Insecure File Upload – Basic Bypass
    • Insecure File Upload – Magic Bytes
    • Insecure File Upload – Challenge Walkthrough
    • Attacking Authentication – Intro
    • Attacking Authentication – Brute Force
    • Attacking Authentication – MFA
    • Attacking Authentication – Challenge Walkthrough
    • XXE – External Entities Injection
    • IDOR – Insecure Direct Object Reference
    • Capstone – Introduction
    • Capstone – Solution
    • Section Quiz
  • Wireless Penetration Testing
    • Wireless Penetration Testing Overview
    • WPA PS2 Exploit Walkthrough
    • Section Quiz
  • Legal Documents and Report Writing
    • Common Legal Documents
    • Pentest Report Writing
    • Reviewing a Real Pentest Report
    • Section Quiz
  • Career Advice
    • Career Advice
    • Next Steps: Try a Certification!

This Course Is Included in Your All-Access Membership

One membership gives you ongoing access to Practical Ethical Hacking, every other paid Academy course, and an active community of learners and mentors in Discord.

Start Learning with All-Access

INSTRUCTORS

Meet Your Instructor

Learn from industry experts with real-world cybersecurity experience.

Instructor Heath Adams

Heath Adams

Hi everyone! My name is Heath Adams, but I also go by “The Cyber Mentor” on social media. I am the founder and CEO of TCM Security, an ethical hacking and cybersecurity consulting company. While I am an ethical hacker by trade, I love to teach! I have taught courses to over 170,000 students on multiple platforms, including Udemy, YouTube, Twitch, and INE.

I am currently OSCP, OSWP, eCPPTX, eWPT, CEH, Pentest+, CCNA, Linux+, Security+, Network+, and A+ certified.

I’m also a husband, animal dad, tinkerer, and military veteran. I hope you enjoy my courses.

Prepare for the Practical Junior Penetration Tester (PJPT) Exam

The PJPT certification will assess a student’s ability to perform an internal network penetration test at an associate level


Pair the Practical Ethical Hacking course with the PJPT exam to validate your skills with a recognized credential.

PWPA
Learn About the PJPT Certification

FAQS

Common Questions

Here are a couple of our most commonly asked questions, contact us if you don’t find an answer!

Can I get a refund if I'm unhappy with my purchase?
2
3

Yes. All courses come with a 24-hour money-back guarantee.

Will I receive a certificate of completion when I finish a course?
2
3

Yes. All courses come with a certificate of completion.

Do the courses count as Continuing Education Units (CEUs)?
2
3

Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.

What is the All-Access Membership?
2
3

As of July 1st, 2023 TCM Academy transitioned to a monthly subscription model, where you now receive full access to all of the courses on our platform for as long as your subscription remains active.

What if you already own courses on TCM Academy?
2
3

If you already own a course on our platform, you will continue to own that course. Previously owned courses will not be affected by this change.

I can see the course, but it won’t load or play. What should I do?
2
3

We use Cloudflare to protect our course platform and unfortunately, it does not play nice with VPNs. If you are experiencing issues, turn off your VPN and try again. If that does not solve the issue, please contact our support team at support@tcm-sec.com and we will help you out.

This course is included in our All-Access Membership, starting at $29.99/month.

Get full access to this course and our full course catalog when you enroll in our All-Access Membership.

Practical Ethical Hacking
Choose Your Membership Plan

RELATED COURSES

Continue Your Learning Path

Explore related courses that expand on the skills covered here.

See the Full Course Catalog

Ready to level up your Cybersecurity Career?

Get unlimited access to every TCM Security Academy course, hands-on lab, and certification pathway with an All-Access Membership. Learn at your own pace, build real-world skills, and take the next step toward a career in cybersecurity.

Get Started for Free
PWPA