This learning path has been designed to introduce you to a number of different ethical hacking tools, covering:
- Nmap network scanner
- Netcat network utility
- Metasploit vulnerability exploitation tool
- Nikto web app scanner
- SQLmap SQL injection tool
- Burpsuite web app proxy
- Dirbuster vulnerability scanner
- Droopescan vulnerability exploitation tool
You will be guided through this learning path with a variety of video tutorials, in addition to hands-on labs and PDF resources
If you are looking to become an ethical hacker, or have an interest in security and would like to gain an understanding on how to protect your environment through different ethical hacking methods and techniques, then this learning path is for you.
To introduce you to the most popular ethical hacking tools including:
- Various types of footprinting and reconnaissance tools
- Network scanning techniques and scanning tools
- Enumeration techniques and enumeration tools
- SQL injection attacks and injection detection tools
Useful Tools for Independent learning
Here are two extra resources that will be useful for independent learning:
- Basic familiarity with Windows and Linux systems e.g. how to view a system’s IP address, command-line utilities
- Basic understanding of Network fundamentals e.g. IP addressing, knowledge of protocols such as ICMP, HTTP, and DNS
- Basic understanding of HTTP fundamentals e.g. Structure of an HTTP request, HTTP method verbs, HTTP response codes
We welcome all feedback and suggestions - please contact us at firstname.lastname@example.org if you are unsure about where to start or if you would like help getting started.
Learning Path Steps
This course introduces the Ethical Hacking learning path.
This course takes a look at the four main offenses under the Computer Misuse Act (CMA).
This course covers the basics of using Nmap, the network scanner.
This guide covers the basics of using Nmap, the network scanner
This course covers the basics of using Netcat, the Network Utility tool.
This guide covers the basics of using Netcat, the Network Utility tool
In this lab, you'll learn how to set up Hydra to perform a dictionary attack on a website.
The course covers the basics of using Metasploit, a free penetration testing tool that comes installed in Kali Linux.
The guide covers the basics of using Metasploit.
In this lab, you'll perform the Heartbleed attack using the MetaSploit Framework in order to dump the contents of a vulnerable webserver using an unpatched version of OpenSSL.
This course covers the basics of using Nikto, the web app vulnerability scanner.
This guide covers the basics of using Nikto, the web app vulnerability scanner.
This course covers the basics of using SQLmap, an open-source tool used in penetration testing to detect and exploit SQL injection flaws.
This guide covers the basics of using sqlmap.
In this lab, you'll learn how to navigate through DVWA to perform an XSS attack to retrieve a session cookie.
An introduction to the Open Web Application Security Project (OWASP) list of the top 10 most critical risks to web applications
Knowledge Check: Ethical Hacking - Cross-Site Scripting
This lab shows how to manage the security level of a DVWA application and how to perform a SQL injection to a DVWA application.
Knowledge Check: Ethical Hacking - SQL Injection
This course covers the basics of using Burp Suite, the web app proxy, an industry-standard penetration testing tool.
This guide covers the basics of using Burp Suite, the web app proxy.
This course covers the basics of using DirBuster, the directory buster.
This guide covers the basics of using DirBuster, the directory buster.
This lab shows how to manage the security level of a DVWA application and how to perform a Command Execution attack from a DVWA application.
This course covers the basics of using Droopescan, the Drupal CMS Scanner, a plugin-based scanner that is used to identify any issues in Drupal-based CMSes.
This guide covers the basics of using Droopescan
Knowledge Check: Basics of Ethical Hacking
Richard Beck is Director of Cyber Security at QA. He works with customers to build effective and successful security training solutions tailored for business needs. Richard has over 15 years' experience in senior Information Security roles. Prior to QA, Richard was Head of Information Security for an organization that underpins 20% of the UK's Critical National Infrastructure. Richard also held Security and Technical Management posts in the Defence, Financial Services, and HMG. Richard sits on a number of security advisory panels and previously chaired the Communication Industry Personnel Security Information Exchange (CPNI). Richard is also a STEM Ambassador working to engage and enthuse young people in the area of cybersecurity. Providing a unique perspective on the world of cybersecurity to teachers and encourage young people to consider a career in cybersecurity.