Just updated with all modern ethical hacking tools and best practices! Join a live online community of over 900,000+ students and a course taught by industry experts. This course will take you from absolute beginning of setting up your own hacking lab (like Kali Linux) on your machine, all the way to becoming a security expert that is able to use all the hacking techniques used by hackers and defend against them!
刚刚更新了所有现代道德黑客工具和最佳实践！加入由超过 900,000+ 名学生组成的实时在线社区和由行业专家教授的课程。本课程将带您从在机器上建立自己的黑客实验室（如 Kali Linux）开始，一直到成为能够使用黑客使用的所有黑客技术并防御它们的安全专家！

Whether you are a complete beginner looking to become an ethical hacker, or you’re a student looking to learn about securing computer systems, or you are a programmer who is looking to improve their security online and prevent attacks from hackers on your website, this course will dive you into the world of hacking and penetration testing. We even teach you Python programming from scratch for those that want to learn to program their own tools for hacking and penetration testing.
无论您是希望成为道德黑客的完全初学者，还是希望学习保护计算机系统的学生，或者您是希望提高在线安全性并防止黑客攻击您网站的程序员，本课程都将带您进入黑客和渗透测试的世界。我们甚至为那些想要学习编写自己的黑客和渗透测试工具的人从头开始教您 Python 编程。

This course is focused on learning by doing. We are going to teach you how hacking works by actually practicing the techniques and methods used by hackers today. We will start off by creating our hacking lab to make sure we keep your computers safe throughout the course, as well as doing things legally, and once we have our computers set up for ethical hacking, then we dive into topics like
本课程的重点是边做边学。我们将通过实际练习当今黑客使用的技术和方法来教您黑客是如何工作的。我们将从创建我们的黑客实验室开始，以确保我们在整个课程中确保您的计算机安全，以及合法地做事，一旦我们将计算机设置为道德黑客，那么我们将深入研究以下主题

1. HACKING LAB – In this section we are building our own lab where we can perform our attacks. What this lab essentially is, is a virtual machine that we will use for hacking and throughout the course we also create additional virtual vulnerable machines that we can practice our attacks on. The reason we use virtual machines is because we are not allowed to test our attacks on real life websites and networks so we create our own environment to do that.
1. 黑客实验室 – 在本节中，我们将构建自己的实验室，在那里我们可以执行攻击。这个实验室本质上是一个虚拟机，我们将使用它进行黑客攻击，在整个课程中，我们还创建了额外的虚拟易受攻击的机器，我们可以练习攻击。我们之所以使用虚拟机，是因为我们不允许在现实生活中的网站和网络上测试我们的攻击，因此我们创建了自己的环境来做到这一点。

• Downloading Virtual Box and Kali Linux
  下载 Virtual Box 和 Kali Linux

• Creating Our First Virtual Machine
  创建我们的第一个虚拟机

• Installing Kali Linux Operating System
  安装 Kali Linux 操作系统

• 5 Stages Of A Penetration Test
  渗透测试的 5 个阶段

• Navigating Through Kali Linux System
  浏览 Kali Linux 系统

• Creating Files and Managing Directories
  创建文件和管理目录

• Network Commands and Sudo Privileges In Kali
  Kali 中的网络命令和 sudo 权限

2. OPTIONAL: PYTHON 101 – Learn python 3 programming from scratch. This section is not mandatory and is optional for those that want to learn to programming so you are able to build your own ethical hacking tools
2. 可选：PYTHON 101 – 从头开始学习 python 3 编程。本节不是强制性的，对于那些想要学习编程的人来说是可选的，这样你就可以构建自己的道德黑客工具

• Learn Python Basics 学习 Python 基础知识

• Learn Python Intermediate
  学习 Python 中级

• Learn Python: Error Handling
  学习 Python：错误处理

• Learn Python: File I/O 学习 Python：文件 I/O

3. RECONNAISSANCE  – Here we learn what we call Footprinting, or in other words, Information Gathering. Once we choose our target, our first task is to gain as much information about the target as possible.
3. 侦察 – 在这里，我们学习所谓的足迹，或者换句话说，信息收集。一旦我们选择了目标，我们的首要任务就是尽可能多地获得有关目标的信息。

• What is Information Gathering
  什么是信息收集

• Obtaining IP Address, Physical Address Using Whois Tool
  使用 Whois 工具获取 IP 地址、物理地址

• Whatweb Stealthy Scan Whatweb 隐身扫描

• Aggressive Website Technology Discovering on IP Range
  积极进取的网站技术发现 IP 范围

• Gathering Emails Using theHarvester and Hunterio
  使用 theHarvester 和 Hunterio 收集电子邮件

• How To Download Tools Online
  如何在线下载工具

• Finding Usernames With Sherlock
  使用 Sherlock 查找用户名

• Bonus Email Scraper Tool In Python 3
  Python 3 中的奖励电子邮件抓取工具

• More About Information Gathering
  有关信息收集的更多信息

4. SCANNING – This is where things get real. In this section, we also gather information but we try to gather only technical information
4. 扫描 – 这是事情变得真实的地方。在本节中，我们也收集信息，但我们尝试只收集技术信息

• Theory Behind Scanning 扫描背后的理论

• TCP & UDP TCP 和 UDP

• Installing Vulnerable Virtual Machine
  安装易受攻击的虚拟机

• Netdiscover 网络发现

• Performing First Nmap Scan
  执行第一次 Nmap 扫描

• Different Nmap Scan Types
  不同的 Nmap 扫描类型

• Discovering Target Operating System
  发现目标操作系统

• Detecting Version Of Service Running On An Open Port
  检测在开放端口上运行的服务版本

• Filtering Port Range and Output Of Scan Results
  过滤端口范围和扫描结果输出

• What is a Firewall & IDS
  什么是防火墙和IDS

• Using Decoys and Packet Fragmentation
  使用诱饵和数据包分段

• Security Evasion Nmap Options
  安全规避 Nmap 选项

• Note: Time To Switch Things Up!
  注意：是时候改变事情了！

• Python Coding Project: Port Scanner
  Python 编码项目：端口扫描程序

5. VULNERABILITY ANALYSIS – In this section we use the information that we gathered from scanning (such as softwares that the target has running on open ports) and with this information, we try to determine whether there is any known vulnerabilities.
5. 漏洞分析 – 在本节中，我们使用从扫描中收集的信息（例如目标在开放端口上运行的软件），并利用这些信息，我们尝试确定是否存在任何已知漏洞。

• Finding First Vulnerability & Nmap Scripts
  发现第一个漏洞和 Nmap 脚本

• Manual Vulnerability Analysis and Searchsploit
  手动漏洞分析和搜索

• Nessus Installation Nessus 安装

• Discovering Vulnerabilities & Nessus
  发现漏洞和 Nessus

• Scanning Windows 7 Machine With Nessus
  使用 Nessus 扫描 Windows 7 计算机

6. EXPLOITATION and GAINING ACCESS  – This is the exciting part of the course. This is where we attack and gain access to the target machines. Throughout this section, we will be covering many different vulnerabilities and different targets. We perform these attacks on our virtual machines and cover another really important tool for an ethical hacker: Metasploit Framework. The goal of exploitation is to get on that target machine. This means we must drop a payload on that target machine so we can use it to navigate through their systems, look through their files, execute anything we want, and delete anything we want without the target knowing anything about it. We will also learn to create our own Viruses and Trojans that we can deliver to the target whether through an email or through an USB.
6. 利用和获得访问权限 – 这是课程中令人兴奋的部分。这就是我们攻击并访问目标计算机的地方。在本节中，我们将介绍许多不同的漏洞和不同的目标。我们在虚拟机上执行这些攻击，并涵盖了另一个对道德黑客非常重要的工具：Metasploit Framework。利用的目标是进入该目标计算机。这意味着我们必须在目标机器上放置一个有效负载，这样我们就可以使用它来浏览他们的系统，查看他们的文件，执行我们想要的任何内容，并在目标不知道的情况下删除我们想要的任何内容。我们还将学习创建自己的病毒和特洛伊木马，我们可以通过电子邮件或USB将其传递给目标。

• What is Exploitation  什么是剥削

• What is a Vulnerability  什么是漏洞

• Reverse Shells and Bind Shells
  反向壳体和绑定壳体

• Metasploit Framework Structure
  Metasploit框架结构

• Msfconsole Basic Commands
  msfconsole 基本命令

• Our First Exploit with vsftp 2.3.4 Exploitation
  我们对 vsftp 2.3.4 利用的第一个漏洞利用

• Misconfigurations Happen with Bindshell Exploitation
  Bindshell 漏洞利用会发生错误配置

• Information Disclosure with Telnet Exploit
  Telnet 漏洞的信息泄露

• Software Vulnerability with Samba Exploitation
  利用 Samba 的软件漏洞

• Attacking SSH with Bruteforce Attack
  使用蛮力攻击攻击 SSH

• Exploitation Challenge with 5 Different Exploits
  具有 5 种不同漏洞的漏洞利用挑战

• Explaining Windows 7 Setup
  解释 Windows 7 安装程序

• Eternal Blue Attack Windows 7 Exploitation
  Eternal Blue 攻击 Windows 7 漏洞利用

• DoublePulsar Attack Windows Exploit
  DoublePulsar 攻击 Windows 漏洞

• BlueKeep Vulnerability  Windows Exploit
  BlueKeep 漏洞 Windows 漏洞利用

• Routersploit 路由器

• Router Default Credentials
  路由器默认凭据

• Setting Up Vulnerable Windows 10
  设置易受攻击的 Windows 10

• Crashing Windows 10 Machine Remotely
  远程使 Windows 10 计算机崩溃

• Exploiting Windows 10 Machine Remotely
  远程利用 Windows 10 计算机

• Generating Basic Payload With Msfvenom
  使用 msfvenom 生成基本有效负载

• Advance Msfvenom Usage 提前使用 msfvenom

• Generating Powershell Payload Using Veil
  使用 Veil 生成 Powershell 有效负载

• TheFatRat Payload Creation
  TheFatRat 有效载荷创建

• Hexeditor and Antiviruses
  Hexeditor 和防病毒软件

• Making Our Payload Open An Image
  使我们的有效负载打开映像

7. POST EXPLOITATION – This is what comes after Exploitation. Post exploitation is what we do on the target machine after we have exploited it. Since we are on that machine we can do many things depending on what we want to get out from it. At the end, after we do all of the things we wanted, we want to make sure we cover our tracks by deleting any event logs or deleting any evidence that we were ever on that machine.
7. POST EXPLOITATION – 这是 Exploitation 之后的内容。后期开发是我们在利用目标计算机后在目标计算机上执行的操作。由于我们在那台机器上，我们可以做很多事情，这取决于我们想从中得到什么。最后，在我们完成所有我们想要的事情之后，我们希望通过删除任何事件日志或删除我们曾经在那台机器上的任何证据来确保我们掩盖我们的踪迹。

• Post Exploitation Theory 后开发理论

• Meterpreter Basic Commands
  Meterpreter 基本命令

• Elevating Privileges With Different Modules
  使用不同模块提升权限

• Creating Persistence On The Target System
  在目标系统上创建持久性

• Post Exploitation Modules
  开发后模块

• Python Coding Project Backdoor
  Python 编码项目后门

8. WEBSITE PENETRATION TESTING – This is another big topic for an ethical hacker. In this section, we are mainly targeting websites and their bugs or vulnerabilities. These vulnerabilities can be anything from misconfigurations, SQL Injections (us interacting with the database), Information Disclosures (having access to some information by mistake which shouldn’t be out there), Command Injection  (directly interacting with the system through the webpage),  XSS (Cross Site Scripting Attack and Injecting Javascript code on the page).
8. 网站渗透测试 – 这是道德黑客的另一个大话题。在本节中，我们主要针对网站及其错误或漏洞。这些漏洞可以是任何漏洞，包括错误配置、SQL 注入（我们与数据库交互）、信息泄露（错误地访问了一些不应该出现的信息）、命令注入（通过网页直接与系统交互）、XSS（跨站点脚本攻击和在页面上注入 Javascript 代码）。

• Website Penetration Testing Theory
  网站渗透测试理论

• HTTP Request and Response
  HTTP 请求和响应

• Information Gathering and Dirb Tool
  信息收集和 Dirb 工具

• Burpsuite Configuration Burpsuite 配置

• ShellShock Exploitation ShellShock 漏洞利用

• Command Injection Exploitation
  命令注入漏洞利用

• Getting Meterpreter Shell With Command Execution
  通过命令执行获取 Meterpreter Shell

• Reflected XSS and Cookie Stealing
  反射 XSS 和 cookie 窃取

• Stored XSS 存储的 XSS

• HTML Injection HTML 注入

• SQL Injection SQL注入

• CSRF Vulnerability CSRF 漏洞

• Hydra Bruteforce Attack   九头蛇蛮力攻击

• Burpsuite Intruder Burpsuite 入侵者

• Python Coding Project with Login Brute-force and Directory Discovery
  具有登录暴力破解和目录发现的 Python 编码项目

9. MAN IN THE MIDDLE – This is an attack that is used inside a network. This allows us to sniff any unencrypted data and see it in plain text. This could also include seeing passwords in plain text for some websites. There are many tools out there that can perform this attack for us and we cover some of the main ones in the section.
9. 中间人 – 这是一种在网络内部使用的攻击。这使我们能够嗅探任何未加密的数据并以纯文本形式查看它。这还可能包括查看某些网站的纯文本密码。有许多工具可以为我们执行这种攻击，我们将介绍本节中的一些主要工具。

• Theory of Man In The Middle Attack
  人中人攻击理论

• Bettercap ARP Spoofing Bettercap ARP 欺骗

• Ettercap Password Sniffing
  Ettercap 密码嗅探

• Manually Poisoning Targets ARP Cache With Scapy
  使用 Scapy 手动中毒目标 ARP 缓存

10. WIFI CRACKING – This is the section where we want to gain access to a network by cracking its wireless password.
10. WIFI破解 – 这是我们希望通过破解其无线密码来访问网络的部分。

• Wireless Cracking Theory 无线破解理论

• Putting Wireless Card In Monitor Mode
  将无线网卡置于监控模式

• Deauthenticating Devices & Grabbing Password
  取消身份验证设备并获取密码

• Aircrack Password Cracking
  Aircrack密码破解

• Hashcat Password Cracking
  Hashcat 密码破解

11. SOCIAL ENGINEERING – This is something we cover in almost every section. Social Engineering is an attack on humans since as we know people are always the weakest security!
11. 社会工程 – 这是我们几乎在每个部分都涵盖的内容。社会工程是对人类的攻击，因为正如我们所知，人总是最薄弱的安全！

& much much more! 还有更多！

We guarantee you this is the most comprehensive online course on hacking and security skills! Have a look at the course outline video to see all the topics we are going to cover, all the projects we’re going to build, and all the techniques you’re going to learn to become a top ethical hacker and penetration tester!
我们向您保证，这是关于黑客和安全技能的最全面的在线课程！观看课程大纲视频，了解我们将要涵盖的所有主题、我们将要构建的所有项目，以及您将要学习的所有技术，以成为顶级道德黑客和渗透测试人员！

Taught By: 授课人：

Andrei is the instructor of the highest rated technical courses on Udemy as well as one of the fastest growing. His graduates have moved on to work for some of the biggest tech companies around the world like Apple, Google, Tesla, Amazon, JP Morgan, IBM, UNIQLO etc… He has been working as a senior software developer in Silicon Valley and Toronto for many years, and is now taking all that he has learned, to teach programming skills and to help you discover the amazing career opportunities that being a developer allows in life.
Andrei 是 Udemy 上评分最高的技术课程的讲师，也是发展最快的课程之一。他的毕业生已经为世界上一些最大的科技公司工作，如苹果、谷歌、特斯拉、亚马逊、摩根大通、IBM、优衣库等……他多年来一直在硅谷和多伦多担任高级软件开发人员，现在正在利用他所学到的一切来教授编程技能，并帮助您发现开发人员在生活中提供的惊人职业机会。

Having been a self taught programmer, he understands that there is an overwhelming number of online courses, tutorials and books that are overly verbose and inadequate at teaching proper skills. Most people feel paralyzed and don’t know where to start when learning a complex subject matter, or even worse, most people don’t have $20,000 to spend on a coding bootcamp. Programming skills should be affordable and open to all. An education material should teach real life skills that are current and they should not waste a student’s valuable time. Having learned important lessons from working for Fortune 500 companies, tech startups, to even founding his own business, he is now dedicating 100% of his time to teaching others valuable software development skills in order to take control of their life and work in an exciting industry with infinite possibilities.
作为一名自学成才的程序员，他明白有大量的在线课程、教程和书籍过于冗长，不足以教授适当的技能。大多数人在学习复杂的主题时感到瘫痪，不知道从哪里开始，或者更糟糕的是，大多数人没有 20,000 美元可以花在编码训练营上。编程技能应该是负担得起的，并且对所有人开放。教材应该教授最新的现实生活技能，不应浪费学生的宝贵时间。从为财富 500 强公司、科技初创公司工作，甚至创办自己的企业中吸取了重要的经验教训，他现在将 100% 的时间用于教授他人宝贵的软件开发技能，以便在一个充满无限可能性的令人兴奋的行业中控制他们的生活和工作。

Andrei promises you that there are no other courses out there as comprehensive and as well explained. He believes that in order to learn anything of value, you need to start with the foundation and develop the roots of the tree. Only from there will you be able to learn concepts and specific skills(leaves) that connect to the foundation. Learning becomes exponential when structured in this way.
安德烈向您保证，没有其他课程如此全面且解释清楚。他认为，要想学到任何有价值的东西，就需要从基础开始，发展树的根。只有从那里，您才能学习与基础相关的概念和特定技能（叶子）。当以这种方式构建时，学习会呈指数级增长。

Taking his experience in educational psychology and coding, Andrei’s courses will take you on an understanding of complex subjects that you never thought would be possible.
凭借他在教育心理学和编码方面的经验，安德烈的课程将带您了解您从未想过的复杂主题。

Aleksa is a Penetration Tester with over 5 years of experience in Ethical Hacking and Cyber Security. As a self made hacker that started from a young age he has learned it all from Ethical Hacking and Cyber Security to Online Privacy and How To Become Anonymous Online.
Aleksa 是一名渗透测试人员，在道德黑客和网络安全方面拥有超过 5 年的经验。作为一个白手起家的黑客，他从小就学会了从道德黑客和网络安全到在线隐私以及如何在网上匿名的一切。

He has worked and discovered vulnerabilities for multiple companies and governments. He also worked as a freelancer that tested private web applications. He believes that Online Security and Privacy is something valuable but also that it doesn’t get enough attention as many cyber attacks are being executed every single day! No System is Safe and that is why we are here to discover vulnerabilities and secure them before the bad guys attempt anything malicious
他曾为多家公司和政府工作并发现漏洞。他还是一名自由职业者，负责测试私人 Web 应用程序。他认为，在线安全和隐私是有价值的，但它也没有得到足够的关注，因为每天都有许多网络攻击在执行！没有一个系统是安全的，这就是为什么我们在这里发现漏洞并在坏人尝试任何恶意行为之前保护它们的原因

His main goal as an instructor is to teach the foundations of Ethical Hacking and Cyber Security to anyone who wants to pursue this as a career or wants to learn it to protect themselves online. Cyber attacks and online security is something that changes really fast so we as hackers must always be ready to learn new things in order to better protect Networks, Websites, Machines .. and also people
作为讲师，他的主要目标是向任何想要将其作为职业或想要学习它以保护自己在线的人教授道德黑客和网络安全的基础。网络攻击和在线安全变化非常快，因此我们作为黑客必须随时准备学习新事物，以更好地保护网络、网站、机器……还有人

See you inside the courses!
课程内见！

更多网络安全教程