Hands-on Penetration Testing Labs 2.0

Learn from a real penetration tester!

   Watch Promo

What you'll learn

  • Enumeration
  • Remote and Local Exploitation
  • Vulnerability Scanning
  • SQL injection
  • Cross-site Scripting
  • Reverse shells
  • Nmap
  • Metasploit
  • Nikto
  • Dirb
  • Burp Suite
  • Penetration Testing
  • Kali Linux
  • Remote and local buffer overflows
  • Privilege escalation
  • Custom exploit development


  • Windows host (preferred, course tested with Windows 10, although other OS's should work)
  • VirtualBox
  • 8 GB RAM (the more the better)
  • Basic Linux skills
  • Several free vulnerable VMs (will include comprehensive lab setup instruction)


Welcome to my Hands-on Penetration Testing Labs 2.0 course. You can think of this as part 2 of my other course which has a similar name. This lecture will provide an overview of what you can expect for the remainder of this course.

First of all, this course is extremely hands-on. This means we're not going to be doing much talking about the theory of penetration testing, we're going to be diving into hands on technical application right away. We'll be using VirtualBox as a software hypervisor to build a host-only lab environment. Not only will this help you gain insight into penetration testing, but will give you the skills and resources to create your own environment to test and research beyond what you learn in this course.

The lab is going to consist of Kali Linux, and a variety of intentionally vulnerable Linux and Windows VMs. Some of the things we'll be covering are enumeration and vulnerability scanning and local and remote exploitation with industry standard penetration testing tools such as nmap, dirb, and nikto, Metasploit and standalone exploits. We're also going to focus upon exploit development, covering in detail how to craft a buffer overflow exploit for a custom Linux and Windows binary.

In order to accomplish this goal of buffer over flow exploit development and debugging, we're going to be creating a Windows 7 analysis and attack machine. This will have industry standard tools for exploit dev such as Immunity Debugger. We're also going to learn how to use Kali Linux's built in gnu debugger for this purpose.

The technology and methodology used is in this course is current at the time of this recording, which is January 2019. If you're watching this after the stated date, don't be worried too much, as this content should still be highly relevant for aspiring penetration testers.

I will also be introducing you to several free training platforms which I've found to be extremely helpful prior to earning my many hands-on penetration testing certs including OSCP and eWPT. This training has also helped sky rocket my progress as a skilled senior penetration tester and subject matter expert.

I truly hope that you enjoy my course and I'm very excited to be working with all of you. If you have any trouble, please don't hesitate to reach out to me via the Q&A system or by direct message. However, please make sure you include a detailed and specific question, not something like "I can't get it to work".

Also, I highly encourage independent research and attempting to find answers on your own. This is the single most important skill as a penetration tester, the ability to find solutions to problems you haven't yet encountered.

I ask you to please go through the majority of this course prior to leaving a review so that you can accurately measure the course's quality in entirety. I always appreciate constructive feedback, and encourage students to reach out to me if they think anything valuable could be added to the coursework.

Thanks, and have fun!

Who this course is for:

  • Penetration Testers
  • Cyber Security Students
  • Cyber Security Analysts
  • Aspiring Penetration Testers
  • Aspiring Cyber Security Analysts
  • Technology Enthusiasts
  • OSCP Candidates
  • CEH Candidates
  • Pentest+ Candidates

Your Instructor

Jesse Kurrus
Jesse Kurrus

Jesse Kurrus is a cybersecurity professional with strong network security analysis and intrusion detection experience. Jesse is skilled in utilizing commercial and proprietary Security Information and Event Management (SIEM) technology to create rules, filters, generate reports, and analyze correlations and events. Other professional strengths include cybersecurity, ethical hacking, penetration testing, training, and technical writing. Jesse has a true passion for cybersecurity and information technology, and an insatiable ambition to further his knowledge and professional skill set.

Specialties: Intrusion Detection / Network Security Monitoring (Security Onion, Snort, Bro, and Suricata); SIEM Technology (Elasticsearch, Logstash, Kibana (ELK), ArcSight, and Splunk); PCAP analysis (Tcpdump, Wireshark, NetworkMiner, NetWitness/Security Analytics); Penetration Testing (Kali Linux, BurpSuite, Nikto, Nmap, Metasploit, etc.)

Current Degrees/Certifications: M.S. in Information Technology with Information Assurance Specialization / B.S. in Computer Networks and Security / Network+, A+, Security+, Linux+, Certified Ethical Hacker v8 (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP)

Frequently Asked Questions

When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 30 days and we will give you a full refund.

Get started now!