In this article I want to review the course “Complete Ethical Hacking Bootcamp 2023: Zero to Mastery” that can be found on https://www.udemy.com/course/complete-ethical-hacking-bootcamp-zero-to-mastery/” which I took in 2023.

After having achieved a couple of challenging AWS certifications, I wanted to dive more into the topic of ethical hacking. Therefore I decided to purchase the above-linked course on Udemy since it seemed pretty promising on introducing me to ethical hacking topics.

I spent a few weeks going through the course and overall I am very pleased with the course contents. It is pretty comprehensive and a lot of tools are shown in action using hands-on examples. This is actually in stark contrast to what one may experience in university lectures where various security concepts are explained in theory, but there is little practice. In this case it is definitely a hands-on course where the instructor invites you to tag along to reproduce what he does on a Kali virtual machine, but it is not required.

In my case I followed up on only some of the examples that were shown on my native Kali machine because I mainly wanted to get a global overview of the ethical hacking field rather than apply the knowledge directly. I did notice that if you truly want to master everything, you are going to have practise a lot as well. It’s likely that if I actually start working in Cybersecurity that I may refer back to this course and practise with some tools, particularly with Metasploit. That said I did take a lot of notes that I can have a look at later.

Contents

The course uses a systematic approach of going through the five stages of hacking:

  • Information Gathering / Reconnaissance
  • Scanning, use tools to find openings in the target
  • Gaining Access / Exploitation
  • Maintaining Access
  • Covering Tracks

And it is emphasized that in the real world, you must obtain permission first before you start attacking machines or even start scan networks with tools such as nmap in stage 2. Of course within your own local network at home it should be no problem to play around and experiment.

The course also comes with some material on Python, taken from a different course of the Zero to Mastery series, as a refresher on Python since that is used to create a few programs during this course. I actually went through this first and found it very useful because although I have written code in Python before, I never had a formal education on the language. Apart from Python, I was surprised to learn that a lot of exploits are written in Ruby. But you won’t need to write code in Ruby, as these exploits are readily available in the Metasploit framework for usage and you would only need Ruby if you are going to code an exploit yourself which goes beyond the scope of the course.

Scanning Networks

The first two stages are all about gathering information and scanning, basically the preparation before starting an actual hack. Here we are introduced to tools like ping, nslookup, whatweb, theHarvester, netdiscover and of course nmap.

Although the course seemed to be targeted at beginners, I thought that this stage required at least some network knowledge so in my case I was able to understand well. Nmap was actually something I remembered from one of my networking courses during my Master’s where it was introduced as a tool to discover open ports on networks. Netdiscover was new to me, and I found it quite useful to get an insight in what goes on inside my local network. It turns out that Windows seems to do a pretty good job at filtering ports.

Perform Exploitation, the actual “hacking“

In multiple sections, the instructor uses a tool called Metasploit framework which can be used to hack devices. Basically there are two ways: Either we exploit a vulnerability, through which a target is completely defenseless, or we send the target a virus which he has to manually execute.

Sometimes you hear in the media about „leaks“ or „patching required“ because something is deemed insecure and an exploit was found. I was always a bit skeptical, because even if there an exploitation opportunity, then it would probably still require a lot of knowledge to break into a system. It turns out however that the Metasploit framework allows to make hacking easier than I thought with a large array of exploit programs that simply need to be configured the right way so that they can be used to attack a target. Without the target user noticing, you basically take over complete control of their machine using the meterpreter shell which is like a remote command line interface. Apart from doing the basic command line stuff, you can actually do things like running a keylogger, recording a microphone, turning on a webcam, making screenshots or uploading and downloading files. A virus is quite easily created and can even be configured in such a way to start up automatically when the system reboots so that access is maintained. It is quite scary how easy it can be.

That said, using the metasploit framework will still require a lot of practice. The instructor clearly seemed to have experience by doing everything in one go. I liked how he showed how he can hack his own machine using multiple hands-on examples.

In addition it was shown how to apply pentesting to website, for example by using SQL injections and applying cross-site scripting (XSS). It was nice to see it actually happening in practice rather than just covering the theoretical ideas which often left me puzzled during university lectures.

Final thoughts

I think that if you already have a Computer Science background and you are interested in ethical hacking, then this is a great place to you to start. Although the theory is kept limited to the essentials, a lot of hands-on application of hacking tools is shown in a clear manner that will help you to understand the world of ethical hacking much better. From there, you can then choose to practise yourself with the tools or take some follow-up courses, depending on how deep you want to go.