Offensive Security Certified Professional (arabic)

In this course we will start our journey with OSCP in Arabic

Ratings 4.48 / 5.00
Offensive Security Certified Professional (arabic)

What You Will Learn!

  • Offensive Security Certified Professional (OSCP) video series by salama:
  • Practical Hands on Offensive Penetration Testing OSCP - Beginner to Advance -
  • In this course we will start our journey with OSCP in Arabic
  • Learn in a professional and different way, in detail that is not boring, the steps of penetration testing, practical and theoretical, and practice

Description

Explaining the oscp certificate in a professional and easy way, you will study in the next course:

  • 1. General Course Information

    1.1.Overall Strategies for Approaching the

    Course

    1.1.1. Course Materials2.4.2. HTTP Service

    1.1.2. Course Exercises2.4.3. Exercises

    1.1.3. Course Labs2.5. Searching, Installing, and

    1.2. About Penetration TestingRemoving Tools

    1.3. Setup Labs2.5.1. apt update

    1.3.1. Virtualization2.5.2. apt upgrade

    1.3.1.1. Kali Virtual Machines2.5.3. apt-cache search and

    v

    1.3.1.2. Linux Virtual Machinesapt show

    1.3.1.3. Windows Virtual Machines2.5.4. apt install

    1.3.1.4. Virtual Networks and Labs Deployment 2.5.5. apt remove -purge

    2.5.6. dpkg

    2. Getting Comfortable with Kali Linux

    2.1. Booting Up Kali Linux3.Linux Command Line

    2.2. The Kali Menu3.1. The Bash Environment

    2.3. Finding Your Way Around Kali3.1.1. Environment Variables

    2.3.1. The Linux Filesystem3.1.2. Tab Completion

    2.3.2. Basic Linux Commands3.1.3. Bash History

    2.3.3. Finding Files in Kali Linux3.2. Piping and Redirection

    2.4. Managing Kali Linux Services

    2.4.1. SSH Service

    13.2.1. Redirecting to New File

    3.2.2. Redirecting to an Existing File

    3.6. Backgrounding Processes (bg)

    3.2.3. Redirecting from a File

    3.6.1. Jobs Control: jobs and fg

    3.2.4. Redirecting STDERR

    3.6.2. Process Control: ps and kill

    3.2.5. Piping

    3.7. File and Command Monitoring

    3.3. Text Searching and

    3.7.1. tail

    Manipulation

    3.7.2. watch

    3.3.1. grep

    3.8. Downloading Files

    3.3.2. sed

    3.8.1. wget

    3.3.3. cut

    3.8.2. curl

    3.3.4. awk

    3.8.3. axel

    3.3.5. Practical Example

    3.9. Customizing the Bash Environmen

    3.4. Editing Files from the

    3.9.1. Bash History Customization

    Command Line

    3.9.2. Alias

    3.4.1. nano

    3.9.3. Persistent Bash Customization

    3.4.2. vi

    4. Practical Tools

    3.5. Comparing Files

    4.1. Netcat

    3.5.1. comm

    Cat

    3.5.2. diff

    4.1.1. Connecting to a

    3.5.3. vimdiff

    TCP/UDP Port

    3.5.4. Managing Processes

    24.1.2. Listening on a TCP/UDP Port

    4.1.3. Transferring Files with Net

    4.1.4. Remote Administration with Netcat

    4.4.4. Display Filters

    4.2. Socat

    4.4.5. Following TCP Streams

    4.2.1. Netcat vs Socat

    4.5. Tcpdump

    4.2.2. Socat File Transfers

    4.5.1. Filtering Traffic

    4.2.3. Socat Reverse Shells

    4.5.2. Advanced Header Filtering

    4.2.4. Socat Encrypted Bind Shells

    5. Bash Scripting

    4.3. PowerShell and Powercat

    5.1. Intro to Bash Scripting

    4.3.1. PowerShell File Transfers

    5.2. Variables

    4.3.2. PowerShell Reverse Shells

    5.2.1. Arguments

    4.3.3. PowerShell Bind Shells

    5.2.2. Reading User Input

    4.3.4. Powercat

    5.3. If, Else, Elif Statements

    4.3.5. Powercat File Transfers

    5.4. Boolean Logical Operations

    4.3.6. Powercat Reverse Shells

    5.5. Loops

    4.3.7. Powercat Bind Shells

    5.5.1. For loops

    4.3.8. Powercat Stand-Alone Payloads

    5.5.2. While Loops

    4.4. Wireshark

    5.6. Functions

    4.4.1. Wireshark Basics

    5.7. Practical Examples

    4.4.2. Launching Wireshark

    4.4.3. Capture Filters

    36. Passive Information Gathering

    6.1. Taking Notes

    6.2. Website Recon

    6.3. Whois Enumeration

    6.4. Google Hacking

    6.5. Netcraft

    6.6. Recon-ng

    6.7. Open-Source Code

    6.8. Shodan

    6.9. Security Headers Scanner

    6.10. SSL Server Test

    6.11. Pastebin

    6.12. User Information Gathering

    6.12.1. Email Harvesting

    6.12.2. Passwords Dumps

    6.13. Social Media Tools

    6.13.1. Site-Specific Tools

    6.14. Stack Oveflow

    6.15.InformationGathering

    Frameworks

    6.15.1. OSINT Framework

    6.15.2. Maltego

    7. Active Information Gathering

    7.1. DNS Enumeration

    7.1.1. Interacting with a DNS Server

    7.1.2. Automating Lookups

    7.1.3. Forward Lookup Brute Force

    7.1.4. Reverse Lookup Brute Force

    7.1.5. DNS Zone Transfers

    7.1.6. Relevant Tools in Kali Linux

    7.2. Port Scanning

    7.2.1. TCP / UDP Scanning

    7.2.2. Port Scanning with Nmap

    7.2.3. Masscan

    7.3. SMB Enumeration

    7.3.1. Scanning for the NetBIOS Service

    7.3.2. Nmap SMB NSE Scripts

    7.4. NFS Enumeration

    7.4.1. Scanning for NFS Shares

    7.4.2. Nmap NFS NSE Scripts

    7.5. SMTP Enumeration

    7.6. SNMP Enumeration

    47.6.1. The SNMP MIB Tree

    7.6.2. Scanning for SNMP

    7.6.3. Windows SNMP Enumeration9. Web Application Attacks

    Example9.1. Web Application Assessment

    8. Vulnerability ScanningMethodology

    8.1. Vulnerability Scanning Overview and9.2. Web Application Enumeration

    Considerations9.2.1. Inspecting URLs

    8.1.1. How Vulnerability Scanners Work9.2.2. Inspecting Page Content

    8.1.2. Manual vs. Automated Scanning9.2.3. Viewing Response Headers

    8.1.3. Internet Scanning vs Internal9.2.4. Inspecting Sitemaps

    Scanning9.2.5. Locating Administration Consoles

    8.1.4. Authenticated vs Unauthenticated9.3. Web Application Assessment Tools

    Scanning9.3.1. DIRB

    8.2. Vulnerability Scanning with Nessus9.3.2. Burp Suite

    8.2.1. Installing Nessus9.3.3. Nikto

    8.2.2. Defining Targets9.4. Exploiting Web-based

    8.2.3. Configuring Scan DefinitionsVulnerabilities

    8.2.4. Unauthenticated Scanning with9.4.1. Exploiting Admin Consoles

    Nessus9.4.2. Cross-Site Scripting (XSS)

    8.2.5. Authenticated Scanning with Nessus9.4.3. Directory Traversal

    8.2.6. Scanning with Individual NessusVulnerabilities

    Plugins9.4.4. File Inclusion Vulnerabilities

    8.3. Vulnerability Scanning with Nmap9.4.5. SQL Injection

    510.Introduction to Buffer Overflows

    10.1. Introduction to the x Architecture

    10.1.1. Program Memory

    10.1.2. CPU Registers

    10.2. Buffer Overflow Walkthrough

    10.2.1. Sample Vulnerable Code

    10.2.2. Introducing the Immunity Debugger

    10.2.3. Navigating Code

    10.2.4. Overflowing the Buffer

    11. Windows Buffer Overflows

    11.1. Discovering the Vulnerability

    11.1.1. Fuzzing the HTTP Protocol

    11.2. Win Buffer Overflow Exploitation

    11.2.1. A Word About DEP, ASLR, and CFG

    11.2.2. Replicating the Crash

    11.2.3. Controlling EIP

    11.2.4. Locating Space for Our Shellcode

    11.2.5. Checking for Bad Characters

    11.2.6. Redirecting the Execution Flow

    11.2.7. Finding a Return Address

    11.2.8. Generating Shellcode with Metasploit

    11.2.10. Improving the Exploit

    12. Linux Buffer Overflows

    12.1. About DEP, ASLR, and Canaries

    12.2. Replicating the Crash

    12.3. Controlling EIP

    12.4. Locating Space for Our Shellcode

    12.5. Checking for Bad Characters

    12.6. Finding a Return Address

    12.7. Getting a Shell

    13. Attacking Wi-Fi Networks

    13.1. WEP

    13.1.1. Overview and Setup

    13.1.2. Deauthentication attack

    13.1.3. ARP Replay Attack

    13.1.4.

    Cracking

    the

    Key

    with

    Aircrack-ng

    13.1.4.1. Running PTW Attack with

    Aircrack-ng

    13.1.4.2. KoreK Attack

    13.1.5. Clientless WEP Cracking

    11.2.9. Getting a Shell

    613.1.6. Bypassing Shared Key Authentication

    13.1.7. Attacking the Client14.2. Sniffing in action

    13.1.7.1. Caffe-Latte Overview14.2.1. Passive Sniffing

    13.1.7.2. Practical Caffe-Latte Attack14.2.2. Active Sniffing

    13.2. WPA and WPA214.2.2.1. MAC Flooding

    13.2.1. The Four-Way Handshake14.2.2.2. ARP Poisoning

    13.2.2. Capture the Handshake14.3. Basic of ARP

    13.2.3. Using Aircrack-ng Against the14.3.1. Gratuitous ARP

    Handshake14.3.2. ARP Poisoning

    13.2.3.1. Build a Wordlist with Crunch14.3.3. Host poisoning

    13.2.3.2. A Note on Cracking Speed14.3.4. Gateway poisoning

    13.2.4. Exploit the GPU power14.4. Sniffing Tools

    13.2.4.1. oclHashCat14.4.1. Dsniff

    13.2.5. Cracking as a Service14.4.2. Wireshark

    13.2.5.1. CloudCracker14.4.3. TCPDump

    13.2.6. Space-time Tradeoff14.4.4. WinDump

    13.2.6.1. Pyrit14.5.Man-in-the-Middle(MITM) Attacks

    13.2.6.2. Pre-built Hash Files14.5.1. What they are

    13.3. WPS14.5.2. ARP Poisoning for MITM

    14. Sniffing & MITM14.5.3. Local to Remote MITM

    14.1. What sniffing meansoofing

    14.1.1. Why it is Possible

    7

    14.5.6.1. Responder/MultiRelay14.5.4. DHCP Spoofing

    14.5.5. MITM in Public Key Exchange

    15.2.2. HTA Attack in Action

    14.5.6.LLMNR and NBT-NS

    15.3. Exploiting Microsoft Office

    Spoofing/Poisoning

    15.3.1. Installing Microsoft Office

    14.5.6.1. Responder/MultiRelay

    15.3.2. Microsoft Word Macro

    14.6. Attacking Tools

    15.3.3. Object Linking and Embedding

    14.6.1. Ettercap: Sniffing and MITM Attacks

    15.3.4. Evading Protected View

    14.6.1.1. SSL Traffic Sniffing

    16. Locating Public Exploits

    14.6.2. Cain&Abel: Sniffing and MITM

    16.1. A Word of Caution

    Attacks

    16.2.1. Online Exploit Resources

    14.6.3. Macof

    16.2.2. Offline Exploit Resources

    14.6.4. Arpspoof

    16.3. Putting It All Together

    14.6.5. Bettercap

    17. Fixing Exploits

    14.7. Intercepting SSL traffic

    17.1. Fixing Memory Corruption

    14.7.1. SSLStrip

    Exploits

    14.7.2. HSTS Bypass

    17.1.1. Overview and Considerations

    15. client-Side Attacks

    17.1.2. Importing and Examining the

    15.1. Know Your Target

    Exploit

    15.1.1. Passive Client Information Gathering

    17.1.3. Cross-Compiling Exploit Code

    15.1.2. Active Client Information Gathering

    17.1.4. Changing the Socket

    15.2. Leveraging HTML Applications

    Information

    15.2.1. Exploring HTML Applications

    817.1.5. Changing the Return Address

    17.1.6. Changing the Payload

    18.2.5. Uploading Files with TFTP

    17.1.7. Changing the Overflow Buffer

    19. Antivirus Evasion

    17.2. Fixing Web Exploits

    19.1. What is Antivirus Software

    17.2.1. Considerations and Overview

    19.2. Methods of Detecting

    17.2.2. Selecting the Vulnerability

    Malicious Code

    17.2.3. Changing Connectivity Information

    19.2.1. Signature-Based Detection

    17.2.4. Troubleshooting the “index out of

    19.2.2. Heuristic and

    range” Error

    Behavioral-Based Detection

    18. File Transfers

    19.3. Bypassing Antivirus Detection

    18.1. Considerations and Preparations

    19.4. On-Disk Evasion

    18.1.1. Dangers of Transferring Attack

    19.5. In-Memory Evasion

    Tools

    19.6. AV Evasion: Practical

    18.1.2. Installing Pure-FTPd

    Example

    18.1.3. The Non-Interactive Shell

    20. Privilege Escalation

    18.2. Transferring Files with Windows

    20.1. Information Gathering

    Hosts

    20.1.1. Manual Enumeration

    18.2.1. Non-Interactive FTP Download

    20.1.2. Automated Enumeration

    18.2.2. Windows Downloads Using

    20.2. Windows Privilege Escalation

    Scripting Languages

    Examples

    18.2.3. Windows Downloads with exe2hex

    and PowerShell

    920.2.1. Understanding Windows Privileges

    and Integrity Levels

    21.1. Wordlists

    20.2.2. Introduction to User Account Control

    21.1.1. Standard Wordlists

    (UAC)

    21.2. Brute Force Wordlists

    20.2.3. User Account Control (UAC) Bypass:

    21.3. Common Network Service

    fodhelper.exe Case Study

    Attack Methods

    20.2.4. Insecure File Permissions: Serviio

    21.3.1. HTTP htaccess Attack with

    Case Study

    Medusa

    20.2.5. Leveraging Unquoted Service Paths

    21.3.2. Remote Desktop Protocol

    20.2.6. Windows Kernel Vulnerabilities:

    Attack with Crowbar

    USBPcap Case Study

    21.3.3. SSH Attack with THC-Hydra

    20.3. Linux Privilege Escalation Examples

    21.3.4. HTTP POST Attack with

    20.3.1. Understanding Linux Privileges

    THC-Hydra

    20.3.2. Insecure File Permissions: Cron Case

    21.4. Leveraging Password Hashes

    Study

    21.4.1. Retrieving Password Hashes

    20.3.3. Insecure File Permissions: /etc/passwd

    21.4.2. Passing the Hash in Windows

    Case Study

    21.4.3. Password Cracking

    20.3.4. Kernel Vulnerabilities: CVE-7-2 Case

    22. Port Redirection and Tunneling

    Study

    21. Password Attacks

    1022.1. Port Forwarding

    22.1.1. RINETD

    23.3.2. Kerberos Authentication

    22.2. SSH Tunneling

    23.3.3. Cached Credential Storage and

    22.2.1. SSH Local Port Forwarding

    Retrieval

    22.2.2. SSH Remote Port Forwarding

    23.3.4. Service Account Attacks

    22.2.3. SSH Dynamic Port Forwarding

    23.3.5. Low and Slow Password Guessing

    22.3. PLINK.exe

    23.4. Active Directory Lateral

    22.4. NETSH

    Movement

    22.5. HTTPTunnel-ing Through Deep Packet

    23.4.1. Pass the Hash

    Inspection

    23.4.2. Overpass the Hash

    23. Active Directory Attacks

    23.4.3. Pass the Ticket

    23.1. Active Directory Theory

    23.4.4. Distributed Component

    23.2. Active Directory Enumeration

    Object Model

    23.2.1. Traditional Approach

    23.5. Active Directory Persistence

    23.2.2. A Modern Approach

    23.5.1. Golden Tickets

    23.2.3. Resolving Nested Groups

    23.5.2. Domain Controller

    23.2.4. Currently Logged on Users

    Synchronization

    23.2.5. Enumeration Through Service

    24. The Metasploit Framework

    Principal Names

    24.1. Metasploit User Interfaces and

    23.3. Active Directory Authentication

    Setup

    23.3.1. NTLM Authentication

    1124.1.1. Getting Familiar with MSF

    Syntax24.5.1. Core Post-Exploitation

    24.1.2. Metasploit Database AccessFeatures

    24.1.3. Auxiliary Modules24.5.2. Migrating Processes

    24.2. Exploit Modules24.5.3. Post-Exploitation Modules

    24.2.1. SyncBreeze Enterprise24.5.4. Pivoting with the Metasploit

    24.3. Metasploit PayloadsFramework

    24.3.1. Staged vs Non-Staged24.6. Metasploit Automation

    Payloads25. PowerShell Empire

    24.3.2. Meterpreter Payloads25.1. Installation, Setup, and Usage

    24.3.3. Experimenting with25.1.1. PowerShell Empire Syntax

    Meterpreter25.1.2. Listeners and Stagers

    24.3.4. Executable Payloads25.1.3. The Empire Agent

    24.3.5. Metasploit Exploit Multi25.2. PowerShell Modules

    Handler25.2.1. Situational Awareness

    24.3.6. Client-Side Attacks25.2.2.

    24.3.7. Advanced Features andEscalation

    Transports25.2.3. Lateral Movement

    24.4. Building Our Own MSF Module25.3. Switching Between Empire and

    24.5. Post-Exploitation withMetasploit

    Metasploit

    12

    Credentials

    and

    Privilege14

Who Should Attend!

  • this course for beginners in field of cyber security

TAKE THIS COURSE

Tags

  • Cyber Security

Subscribers

1321

Lectures

19

TAKE THIS COURSE



Related Courses