🔐

Certified Ethical Hacking I

Complete beginner to entry-level ethical hacker in 17 stages. No shortcuts, no time caps — just mastery-focused, hands-on penetration testing education built for people who want to do this professionally.

Advanced CEH Prep eJPT Prep Bug Bounty Ready Job-Ready Focus

📖 17 Stages

⏱️ 400+ Hours

💻 Hands-On Labs

🧪 Checkpoint Assessments

Become a Founding Member — $9/mo View All 17 Stages ↓

What You'll Learn

Legal framework, ethics, and rules of engagement

Networking for penetration testers — deep level

Reconnaissance and OSINT from passive to active

Scanning, enumeration, and vulnerability analysis

System hacking, exploitation, and privilege escalation

Web application security and OWASP Top 10

Post-exploitation, persistence, and lateral movement

Wireless network attacks and defenses

Mobile, IoT, and cloud security fundamentals

Cryptography, malware analysis, and social engineering

Curriculum — 17 Stages

No time caps. Each stage is complete before you advance. Deliverables verify mastery.

00

Course Overview & Foundations

Orientation, lab setup, prerequisites, methodology introduction

▾

Set up your lab environment, understand the course structure, and get oriented on ethical hacking as a profession. By the end, you'll have a working Kali + Metasploitable lab and a clear picture of the road ahead.

Lab setupKali + MetasploitableCareer pathsCourse structureDocumentation standards
01

Ethical Hacking Fundamentals

Legal framework, methodologies, and professional conduct

▾

The CFAA, international law, bug bounty rules, penetration test types, and what separates ethical from criminal. You'll build your first Rules of Engagement template and personal methodology guide.

CFAABlack/white/gray boxPTESOWASPNISTRules of engagementBug bounty
02

Networking for Penetration Testers

OSI, TCP/IP, protocols, and packet-level understanding

▾

Deep networking from a hacker's perspective. Every protocol you'll target in later stages gets covered here at the packet level. If you can't see the network, you can't attack the network.

OSI modelTCP/IPSubnettingDNSHTTP/HTTPSSMBWireshark
03

Reconnaissance & Information Gathering

OSINT, passive recon, and target profiling

▾

The most underrated phase of a pentest. Master OSINT techniques, passive information gathering, and building a complete target profile before you touch a single system.

OSINTGoogle dorkingtheHarvesterShodanDNS reconMaltegoLinkedIn OSINT
04

Scanning & Enumeration

Nmap, service enumeration, and attack surface mapping

▾

Map the attack surface completely before attempting exploitation. Learn every Nmap scan type, enumerate services, users, and shares, and document everything with professional precision.

NmapPort scanningService enumerationSMB enumerationSNMPLDAPBanner grabbing
05

Vulnerability Analysis

Finding and classifying weaknesses before exploitation

▾

Automated scanners find issues. Skilled practitioners understand them. Learn vulnerability assessment methodology, CVE research, CVSS scoring, and how to distinguish a critical finding from a false positive.

NessusOpenVASCVE/CVSSNVDExploit-DBRisk prioritization
06

System Hacking

Password attacks, exploitation, and privilege escalation

▾

Initial access against systems. Password cracking, hash attacks, Metasploit exploitation, and privilege escalation on both Linux and Windows — all in your authorized lab environment.

Password crackingHashcatJohn the RipperMetasploitLinux privescWindows privesc
07

Web Application Security

OWASP Top 10, Burp Suite, and web exploitation

▾

Web apps are the most common attack surface in modern engagements. Master Burp Suite, cover every OWASP Top 10 vulnerability hands-on, and practice on intentionally vulnerable targets like DVWA and WebGoat.

OWASP Top 10SQL injectionXSSIDORBurp SuiteDVWAWebGoat
08

Exploitation Fundamentals

Buffer overflows, shellcode, and custom exploits

▾

Go deeper than script-based exploitation. Understand the mechanics of buffer overflows, how shellcode works, and how to modify and adapt public exploits for your specific targets.

Buffer overflowsStack exploitationShellcodemsfvenomExploit adaptationDebugging basics
09

Post-Exploitation

Persistence, pivoting, lateral movement, and exfiltration

▾

What a real attacker does after they're in. Maintain access, move through the network, harvest credentials, and document everything for your final report.

MeterpreterPersistence mechanismsCredential harvestingPivotingTunnelingData exfiltration
10

Professional Practice & Reporting

Writing pentest reports that actually get read

▾

The skill that separates hired professionals from skilled hobbyists. Learn to write executive summaries, technical findings, and risk-based remediation guidance — then build your portfolio and prepare for job applications.

Report structureExecutive summariesFinding write-upsCVSS scoringPortfolioCareer prep
11

Wireless Hacking

WPA2 cracking, rogue APs, and wireless attack methods

▾

Wireless networks remain a huge attack surface in real engagements. Learn WPA2 cracking with aircrack-ng, evil twin attacks, deauth attacks, and how to assess wireless security professionally.

WPA2 crackingaircrack-ngEvil twinDeauth attacksWPS attacksWireless assessment
12

Mobile & IoT Security

Android/iOS vulnerabilities, IoT attack surface

▾

Mobile apps and IoT devices are on every network you'll assess. Learn Android app testing, certificate pinning bypass, IoT firmware analysis, and the tools the industry uses for mobile security assessments.

Android testingAPK analysisMobSFFridaIoT firmwareOWASP Mobile Top 10
13

Cloud Security

AWS/Azure misconfigurations and cloud attack paths

▾

Almost every modern organization runs in the cloud. Learn to identify misconfigured S3 buckets, IAM privilege escalation, cloud metadata attacks, and how to conduct authorized cloud security assessments.

AWS misconfigsS3 bucket testingIAM privescMetadata attacksScoutSuitePacu
14

Cryptography

How encryption works and where it fails

▾

You can't attack what you don't understand. Learn symmetric and asymmetric encryption, hashing, PKI, common cryptographic failures, and how to identify and exploit weak cipher implementations.

AES/RSAHashing algorithmsPKI & certificatesSSL/TLS testingCrypto failuresRainbow tables
15

Malware & Attack Vectors

Malware types, analysis basics, and delivery methods

▾

Understand the tools attackers use — trojans, RATs, keyloggers, ransomware — and how they're delivered. Learn static and basic dynamic analysis to understand what malware actually does.

Malware typesTrojans & RATsStatic analysisDynamic analysisSandbox analysisPayload delivery
16

Social Engineering

Phishing, pretexting, and the human attack surface

▾

The most effective attacks target people, not systems. Learn phishing campaign design, vishing, pretexting, physical security testing basics, and how to include social engineering in a professional engagement scope.

Phishing campaignsGoPhishVishingPretextingPhysical securitySET (Social-Engineer Toolkit)

Who This Course Is For

🎓

Complete beginners with zero security background who want to go all the way

🔐

Security professionals expanding from defensive to offensive skills

🐛

Aspiring bug bounty hunters who want structured, foundational training

💼

Anyone targeting a penetration tester or security analyst role

Prerequisites

✓ Basic computer and internet literacy
✓ A machine capable of running VMs (recommended: 16GB RAM, SSD)
✓ Commitment to completing every stage — no skipping
Recommended but not required: complete Kali Linux Zero to Job Ready first for deeper Linux foundation

Go from zero to ethical hacker.

17 stages, no shortcuts. Founding Members get full access for $9/month — locked forever.

Become a Founding Member — $9/mo →

Price locked forever. Cancel anytime. Secure checkout by Lemon Squeezy.