Learn Pentesting
Browse our list of curated database of projects, exercises, and lessons to learn pentesting
Wazuh is an open-source security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. It offers threat prevention, detection, and response capabilities through its integrated modules.
Learn all about Buffer overflow and how to exploit this vulnerability
Discover the Causes, Consequences, and Solutions of NoSQL Injection: A Comprehensive Guide to Preventing and Mitigating Vulnerabilities in NoSQL Databases
Learn everything about SQL Injection
How to evade firewalls using tools like NMAP, VPNs and verify bypass Methods for Optimized Network Security**
What is Metasploit and how to use it for pentesting, key components and complementary tools
Master Pentesting: Essential Tools for Security Assessment - Explore Info Gathering, Exploitation, Vulnerability Analysis & More!
4hrs average
Learn how to install Wazuh on a virtual machine, configure Linux endpoints, collect and analyze logs from multiple sources, and simulate attacks to monitor with Wazuh's SIEM (Security Information and Event Management) capabilities.
4hrs average
Master red team tactics with dozens of hands-on exercises focused on exploiting the OWASP Top 10 vulnerabilities. Perfect for ethical hackers and penetration testers looking to sharpen their offensive security skills.
2hrs average
This project aims to teach students how to exploit vulnerabilities found in a vulnerable machine (Metasploitable) during the reconnaissance phase. It includes detecting exploitable vulnerabilities, performing exploitation, privilege escalation, and documenting the process. Note: Post-exploitation activities are not included.
1hrs average
This practice will guide you through the process of installing bWAPP using a pre-configured virtual machine (BeeBox), including steps for setting up and customizing the environment for web security testing.
Exploring EDR Systems: Advanced Protection and Threat Detection for Modern Enterprises
How Attackers Use Vulnerabilities to Gain System Control and Perform Privilege Escalation Attack
Learn about Server-Side Request Forgery (SSRF), its impact on web security, and how to protect against this dangerous vulnerability. Includes real-world examples and prevention techniques.
Learn about Broken Authentication, its impact on web security, and how to protect against this OWASP Top 10 vulnerability. Includes real-world examples and prevention techniques.
🔍 What is Cross-Site Scripting, examples and how to recreate the attack or prevent it on you web application
Identify vulnerabilities like lack of anti-CSRF tokens in HTML forms and learn effective solutions to mitigate CSRF attacks and enhance security.
Learn how to install and use Metasploitable 2, a vulnerable virtual machine designed for practicing penetration testing and enhancing cybersecurity skills. This guide covers common vulnerabilities and installation prerequisites, offering detailed instructions for setting up Metasploitable 2 on VirtualBox.
Planning, Reconnaissance, Scanning, Exploitation, Post-Exploitation, Analysis and Reporting, Remediation and Validation
3hrs average
Learn how to install Wazuh on a virtual machine, configure Linux endpoints, and simulate threat activities to monitor with Wazuh's EDR (Endpoint Detection and Response) capabilities.
2hrs average
This project aims to consolidate the knowledge gained from previous pentesting exercises to propose preventive measures against identified vulnerabilities. The focus is on developing a comprehensive report that details identified vulnerabilities, exploitation techniques used, and recommendations for preventing future exploits.
1hrs average
This project aims to teach students how to perform the reconnaissance phase on a vulnerable machine (Metasploitable). It includes steps for finding the target's IP address, gathering information about the operating system and versions, enumerating ports and services, and describing potential vulnerabilities and breaches.
Understanding Privilege Escalation: How Attackers Exploit Vulnerabilities to Gain Unauthorized Access
Understand and exploit vulnerabilities of local and remote file inclusion in web applications.
Understanding and exploiting vulnerabilities in access control mechanisms
Learn essential firewall evasion techniques to bypass Web Application Firewalls (WAFs) and enhance your cybersecurity skills. Master methods like encoding, parameter tampering, and more in this concise, practical lesson for security professionals.
Documentation of activities performed during penetration testing: Key Steps for Detailed, Clear, and Effective Reporting
Mastering Information Gathering for Penetration Testing: Essential Techniques and Tools for Effective Reconnaissance
3hrs average
This final project aims to simulate a comprehensive cybersecurity exercise where students assume the role of cybersecurity analysts tasked with restoring and protecting a compromised server at 4Geeks Academy. The project is divided into three phases: forensic analysis, vulnerability detection and correction, and incident response planning.
2hrs average
Learn how to perform a buffer overflow exploit vulnerable from a Kali Linux machine.
2hrs average
This project focuses on teaching students how to exploit vulnerabilities found in a vulnerable web application (DVWA) using Metasploit. It includes confirming vulnerabilities, exploiting them, performing privilege escalation, and documenting the process. Note: Post-exploitation activities are not included.
1hrs average
This project aims to teach students how to perform the reconnaissance phase on a vulnerable website (bWAPP in BeeBox VM). It includes steps for network scanning, service enumeration, domain information gathering, vulnerability scanning, and brute forcing directories and files.