Learning Path

Ethical Hacking

Learn the techniques used by malicious hackers to assess your vulnerabilities.
9 hours, 16 minutes

What you will learn

This learning path teaches you the necessary hacking skills to conduct a formal penetration test. As you progress through 12 courses, you'll build core pentesting skills such as intelligence gathering, reconnaissance, device exploitation, stealth techniques and more. Upon completion, you'll have the knowledge and skills to carry out a penetration test against an organization to identify weaknesses and potential avenues of attack.


Advanced Adversary Tactics - Defense Evasion

Lab - 00:30:00

This lab covers multiple techniques related to defense evasion including crashing an antivirus to avoid detection, modifying PAM to allow for a backdoored password, and going through multiple methods of identifying virtual environments.
Advanced Adversary Tactics - Privilege Escalation XSS

Lab - 00:30:00

This lab will cover using XSS techniques to steal tokens from other users and using these tokens to escalate to admin privileges.
Advanced Adversary Tactics - Reconnaissance and Resource Development

Lab - 00:30:00

The first steps of the MITRE ATT&CK chain focus on learning about a target and gathering information for future attacks. This sort of information gathering can be instrumental to the success of future operations. For example, learning that a target uses a standard IT management software could cause an APT to target this software in a supply-chain vulnerability attack later on. In this lab we’ll take a look at some of the social engineering techniques and tools that can help aid Reconnaissance and Resource Development.
Advanced Adversary Tactics - Persistence

Lab - 00:30:00

This lab covers multiple techniques related to persistence including tampering with desktop autostart application, .bashrc files, trojanizing binaries, and infecting a USB drive.
Advanced Adversary Tactics - Persistence 2

Lab - 00:30:00

This lab covers multiple techniques related to persistence including creating a malicious browser extension and modify system processes.
Advanced Adversary Tactics - Pivoting with Proxychains

Lab - 00:30:00

This lab covers configuring and using proxychains to pivot between machines on a network. The lab simulates pivoting that might occur were a raspberry pi or similar device added to a network.
Ethical Hacking Process

Course - 01:08:00

Passive Intelligence Sources, Tools and Techniques

Course - 02:13:00

Understanding TCP/IP Communications

Course - 01:14:00

Network Reconnaissance

Course - 01:24:00

Stealthy Network Reconnaissance

Course - 00:49:00

Finding and Exploiting Vulnerabilities

Course - 02:57:00


Course - 01:38:00

Cracking Passwords

Course - 00:49:00

Covert Channels and IDS Evasion

Course - 01:29:00

Using Trojans and Backdoors

Course - 00:45:00

Exploit Writing Fundamentals: Basic Buffer Overflow Exploit

Course - 01:05:00

Exploiting Common Web Application Vulnerabilities

Course - 01:48:00

Learn to strike at your targets’ weak points with this course on exploiting web application vulnerabilities. This course demonstrates various techniques of exploiting the most common web application flaws, such as cross-site scripting (XSS) and Structured Query Language (SQL) injection.
Sandworm APT Exercise

Course - 02:42:00

Sandworm APT is an advanced hacking group that has been active since at least 2009. Most famous for their attacks on Ukrainian electrical companies and the NotPetya attacks in 2016, they are a Russian-backed threat group
Penetration Testing Cyber Range

Course - 07:26:00

This cyber range helps you develop your knowledge of penetration testing and ethical hacking by practicing on cloud-hosted virtual machines. You’ll build and reinforce your skills as you progress through labs covering a wide range of pentesting topics, including abusing protocols, scanning for vulnerabilities, identifying exploits and delivering payloads, and more. You’ll also perform several Capture the Flag (CTF) exercises designed to validate your new pentesting skills. Try to complete the CTF challenges on your own, using the labs and other Skills materials as reference. If you get stuck, you can use this walkthrough document for help: https://www.infosecinstitute.com/pentest-guide/

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments