Up next in 10
Hacking 101: Everything You Need To Know!
2 views
Apr 25, 2025
Hacking 101: Everything You Need To Know!" Dive into the fascinating world of ethical hacking with our expert-led guide designed for novices and aspiring hackers alike! In this video, we’ll break down essential concepts, explore tools of the trade, and share invaluable tips to kick-start your hacking journey. From understanding cybersecurity threats to hands-on demos, we've got you covered! Don’t miss out on unlocking your potential in this thrilling field. Subscribe now for more tech insights and step up your digital savvy game! #Hacking101 #Cybersecurity #EthicalHacking #TechTips
View Video Transcript
0:00
everything you need to know has been
0:01
revealed now I can confidently tell you
0:03
that you can go from a beginner to a pro
0:05
hacker in the next 7 minutes in this
0:07
video I'll reveal the best hacking tools
0:09
that proh hackers use that will
0:11
fasttrack your journey towards becoming
0:12
a professional hacker just give me 7
0:14
minutes but before I start revealing the
0:16
best tools for hacking we need to cover
0:18
some basics you see the best hackers are
0:20
those who work after a tried and tested
0:22
process to increase the chance of
0:24
reaching their target objectives whether
0:26
it's to successfully perform social
0:27
engineering crack a difficult password
0:30
or hacking a remote computer you'll need
0:32
to know the process the tools and the
0:34
secret tricks that will turn you from a
0:36
novice to a pro hacker as fast as
0:38
possible let's get started disclaimer:
0:40
This video solely focuses on teaching
0:42
ethical hackers and security
0:44
professionals about the best hacking
0:46
tools and Policy Point does not provide
0:48
a step-by-step guide on how to use them
0:50
black hat hacking is highly discouraged
0:52
and can result in serious legal
0:54
consequences the first thing you need is
0:56
to know the process a professional
0:58
hacking process consists of several
1:00
phases and in each phase specific tools
1:03
are used that I will share during this
1:04
video along with some secret tricks that
1:06
will put you ahead of 99% of hackers the
1:09
hacking process consists of
1:11
reconnaissance scanning gaining access
1:13
maintaining access covering tracks and
1:16
actions on objectives let's dive deeper
1:18
into these steps step number one is
1:20
reconnaissance the first step in any
1:22
hacking attempt is reconnaissance also
1:24
known as footprinting during this phase
1:26
the hacker gathers as much information
1:27
as possible about the target system this
1:30
includes identifying IP addresses domain
1:32
details network infrastructure and
1:34
possible entry points the goal is to map
1:37
out the target environment to identify
1:38
vulnerabilities without touching the
1:40
target system directly the best tools
1:42
used in this step are N MAP Showdown and
1:44
Google Dorks nmapap is a free and open-
1:47
source utility widely used for network
1:48
discovery and security auditing network
1:51
administrators and security
1:52
professionals primarily use it to
1:54
identify what devices are running on
1:56
their systems discover open ports and
1:58
services and detect security risks nmap
2:00
uses raw IP packets in clever ways to
2:03
determine which hosts are available on
2:04
the network what services those hosts
2:06
are running what operating systems and
2:08
OS versions they are running and what
2:10
type of packet filters firewalls are in
2:12
use its powerful features allow users to
2:14
scan large networks or just single hosts
2:16
and map capabilities make it an
2:18
essential tool in any hacker's toolkit
2:20
providing a foundational overview that
2:22
guides further security assessment and
2:24
attack strategies the next tool is even
2:26
more impressive showden is often
2:28
referred to as the search engine for
2:30
hackers though it is also incredibly
2:31
useful for security analysts and network
2:34
administrators unlike Google which
2:35
crawls the internet for websites Showdan
2:38
scans for devices connected to the
2:39
internet making it possible to find
2:41
everything from webcams to water
2:43
treatment facilities it can be used to
2:45
discover which of your targets devices
2:46
are connected to the internet where they
2:48
are located and who is using them
2:50
showdan provides valuable data that
2:51
helps security professionals discover
2:53
the presence of potentially vulnerable
2:55
systems connected to the internet which
2:57
could be targets for exploitation did
2:59
you know you can even use Google for
3:01
this recon let me show you how Google
3:03
Dorks isn't a tool but rather a
3:05
technique used to leverage the mother of
3:06
all search engines Google to uncover
3:09
security vulnerabilities this technique
3:11
involves using advanced search operators
3:13
in Google to locate specific strings of
3:15
text within search queries for example
3:17
using Google Dorks a security researcher
3:20
can find exposed sensitive documents
3:22
misconfigured website databases and
3:24
access to public cameras these dorks are
3:26
essentially simple commands that can be
3:28
used to search for a plethora of data
3:30
including server error messages which
3:32
reveal too much information and can lead
3:34
to further exploitation the
3:35
effectiveness of Google Dorks in finding
3:37
exposed information serves as a reminder
3:39
of the importance of securing servers
3:41
and applications to protect against
3:43
potential attackers who might use
3:45
similar techniques after the initial
3:47
recon we are ready for the next step
3:49
step number two is scanning following
3:51
reconnaissance the next step is to
3:53
actively engage with the system by
3:54
scanning this phase involves using
3:56
automated tools to send data to systems
3:58
and analyze the responses received
4:00
scanning helps in identifying live hosts
4:03
open ports and the services running on
4:05
servers it's essential for confirming
4:07
the data gathered during the
4:08
reconnaissance phase and setting the
4:10
stage for the next steps tools used in
4:12
this phase are NAPAP Wireshark and
4:14
Nessus n MAPAP is not just a tool for
4:16
simple network mapping and port
4:18
discovery it can be used to perform more
4:20
complex and stealthy operations let me
4:22
share three secrets about NMAPAP zombie
4:24
scans this technique allows a hacker to
4:26
scan a target while masking their own IP
4:28
address using a third party's IP to send
4:31
packets to the target this can make it
4:33
appear that the fake host is the one
4:34
doing the scanning thereby hiding the
4:36
actual scanner's presence this is real
4:38
ninja stuff version detection using the
4:41
SRV option NAPAP can be used to
4:43
determine service information about open
4:45
ports such as the software version and
4:47
type of the services running this
4:49
information can be critical for
4:50
identifying specific vulnerabilities
4:52
known to affect particular versions of
4:54
software script scanning nap comes with
4:57
a powerful scripting engine called NSS
4:59
MAPAP scripting engine that can be used
5:01
to automate a wide variety of networking
5:03
tasks these scripts can perform advanced
5:05
tasks like vulnerability detection
5:07
backdoor detection and more making end
5:09
mapap not just a scanning tool but a
5:11
powerful network security tool the next
5:14
powerful tool you must know is wireshark
5:16
wireshark is widely known for capturing
5:18
network packets but it can be used for
5:20
deeper analysis in ways that many users
5:22
may not realize filter expressions
5:24
learning and using Wireshark's filtering
5:26
expressions can significantly enhance
5:28
its utility for example you can filter
5:30
by protocol such as TCP UDP ICMP also by
5:35
source and destination IPS ports and
5:37
even by specific packet properties
5:39
follow TCP stream this feature allows
5:41
users to reconstruct the actual data
5:43
streams from captured packets it can be
5:46
extremely useful for analyzing what data
5:48
is being transmitted over a connection
5:50
potentially exposing sensitive
5:51
information like passwords or
5:53
confidential data being sent in plain
5:55
text decrypting TLS if you have access
5:58
to the server's private key Wireshark
6:00
can't decrypt TLS encrypted traffic
6:03
allowing you to analyze encrypted data
6:05
transferred over secure connections
6:07
another useful tool to learn is Nessus
6:09
it is one of the most widely used
6:10
vulnerability scanners and it offers
6:12
several advanced features that can help
6:14
uncover deep vulnerabilities in a
6:16
network configuration audit beyond just
6:18
scanning for known vulnerabilities
6:20
Nessus can be configured to perform
6:22
comprehensive configuration audits using
6:24
compliance checks to ensure that systems
6:26
are configured securely according to
6:28
industry best practices customized
6:30
scanning users can write their own
6:32
Nessus plugins or modify existing ones
6:35
this can be particularly useful for
6:36
tailored security assessments where
6:38
specific and non-standard
6:40
vulnerabilities need to be tested
6:42
scheduled scanning which can
6:43
automatically monitor the network for
6:45
new vulnerabilities as they emerge
6:46
without manual intervention this feature
6:49
ensures that the network is continually
6:51
monitored which is crucial for
6:52
maintaining long-term security postures
6:54
now it's starting to get interesting the
6:56
next step is crucial number three
6:58
gaining access this step involves
7:00
exploiting vulnerabilities discovered
7:02
during the scanning phase hackers
7:03
attempt to exploit these vulnerabilities
7:05
to enter the system techniques could
7:07
involve the use of buffer overflows SQL
7:10
injection or cross-sight scripting
7:12
depending on the nature of the target
7:13
systems weaknesses some powerful tools
7:15
in this phase are Metas-ploit SQL Map
7:18
and John the Ripper metas-ploit is more
7:19
than just a tool for executing exploits
7:22
it is a comprehensive framework that can
7:23
be used for custom exploit development
7:25
reconnaissance and post exploitation
7:27
activities meter Preater payloads one of
7:30
the most powerful features of
7:31
metas-ploit is its meter payload which
7:33
provides a dynamic and interactive shell
7:35
on the target machine meterreer allows
7:38
users to migrate between processes
7:40
upload and download files manipulate the
7:42
system registry capture screenshots and
7:45
webcam shots and even pivot to other
7:47
networks auxiliary scanners metas-ploit
7:50
includes a variety of auxiliary modules
7:52
that can be used for tasks like scanning
7:54
other systems on a network performing
7:56
denial of service attacks and sniffing
7:58
network traffic these modules can help
8:00
prepare the environment for more
8:02
effective exploitation exploit
8:04
customization advanced users can modify
8:06
existing exploits or create their own to
8:08
tailor them to specific target
8:10
environments this customization can
8:12
significantly increase the success rate
8:14
against wellprotected targets where
8:15
generic exploits might fail sql map
8:18
automates the process of detecting and
8:20
exploiting SQL injection flaws but it
8:22
also offers functionalities that can
8:24
deepen the impact of SQL injection
8:26
discovery database fingerprinting SQL
8:28
map can perform detailed database
8:30
fingerprinting to determine the back-end
8:32
database management system version and
8:34
even configuration this precise
8:36
knowledge allows for more targeted
8:38
attacks retrieving hidden data beyond
8:40
just exploiting SQL injections sql Map
8:43
can retrieve data other database tables
8:45
that aren't directly used by the web
8:47
application uncovering hidden or more
8:49
sensitive information that wasn't
8:50
intended to be exposed the next one on
8:52
the list is legendary and can hack any
8:54
password john the Ripper is renowned for
8:56
its password cracking capabilities but
8:58
it also includes features that can
9:00
optimize and enhance the cracking
9:02
process custom rules jon supports
9:04
rule-based attack mode which allows
9:06
users to specify custom rules for
9:08
password cracking this can be incredibly
9:10
effective when you have knowledge of the
9:12
password policies used by an
9:14
organization enabling you to tailor your
9:16
attacks to conform to those policies
9:18
incremental mode uses brute force but
9:20
intelligently adapting the test
9:22
passwords over time by learning more
9:24
about the passwords in a given system
9:26
Jon can optimize future attempts making
9:28
the brute force attack faster and more
9:30
effective parallel processing john the
9:32
Ripper can take advantage of multiple
9:34
CPUs and GPU acceleration to increase
9:37
the speed of the cracking process
9:39
significantly this is crucial for
9:41
practical password attacks as modern
9:43
passwords are complex and require
9:45
substantial computational power to break
9:47
utilizing these tools with these
9:49
advanced techniques allows hackers to
9:51
perform deep security assessments
9:53
identify vulnerabilities and demonstrate
9:55
the potential impact of these
9:57
vulnerabilities this in turn can lead to
9:59
stronger more secure systems but
10:01
everything you have learned thus far is
10:03
useless if you lose your hard-earned
10:05
access to target systems that's why the
10:07
next step is so important introducing
10:09
step number four which is for
10:11
maintaining access once access is gained
10:13
the hacker seeks to maintain it by
10:15
securing a way to return to the system
10:17
this often involves creating back doors
10:19
and Trojans the purpose of this phase is
10:21
to ensure the hacker can re-enter the
10:23
system easily and remain undetected to
10:25
gather more extensive data or await the
10:27
optimal time for launching a further
10:28
attack some of the most powerful tools
10:30
for this Cobalt Strike and Mimikat's
10:32
Cobalt Strike is a penetration testing
10:34
tool which provides an attacker with a
10:36
powerful suite of capabilities designed
10:38
to mimic a genuine cyber attack it's
10:40
particularly renowned for its advanced
10:42
command and control C2 features and its
10:44
ability to simulate a full attack life
10:46
cycle from spear fishing to persistent
10:48
access and data exfiltration beaconing
10:51
capability cobalt Strikes beacon is a
10:54
lightweight payload designed to execute
10:56
commands deliver files and return
10:58
outputs it can communicate with the
11:00
attacker server in a low and slow manner
11:02
to evade detection mimicking regular
11:04
network traffic and staying under the
11:06
radar listener profiles cobalt Strike
11:08
allows the creation of customized
11:10
listener profiles which can mimic
11:12
legitimate services and protocols to
11:14
blend in with normal network traffic
11:16
this can help in evading network-based
11:18
intrusion detection systems IDs and
11:20
maintain stealth in the network social
11:22
engineering packages cobalt Strike
11:24
excels in integrating social engineering
11:26
techniques into its framework it can
11:28
generate malicious documents set up fake
11:30
websites and even create malicious Java
11:32
applets for broader attack vectors
11:34
facilitating initial access or spreading
11:37
laterally across a network the next tool
11:39
is crazy good mimikats is a notorious
11:41
utility used to gather credentials from
11:43
Windows systems originally developed for
11:45
testing the security of password storage
11:47
mechanisms it has become a favorite
11:49
among attackers for its effectiveness in
11:51
extracting credentials from an operating
11:52
system now we'll get a little technical
11:54
so apologize for that but I promise it
11:56
will be useful pass the hash mimicats
11:59
allows attackers to perform pass the
12:01
hash and pass the ticket attacks these
12:03
techniques can be used to authenticate
12:04
to a remote server or service using the
12:07
underlying NLM hash of a user's password
12:09
or keraros tickets bypassing the need
12:12
for the actual password elsas dump
12:14
mimicats can extract credential data
12:16
from the Elsas local security authority
12:18
subsystem service process in memory
12:20
which handles the security policy of
12:22
local accounts on Windows by dumping the
12:25
contents of this process mimikats can
12:27
retrieve plain text passwords hashes and
12:30
other forms of authentication
12:32
credentials golden ticket creation using
12:34
mimikats an attacker with sufficient
12:36
access can create a golden ticket which
12:39
is a ticket granting ticket TGT for the
12:41
Keraros authentication protocol that
12:43
allows unrestricted access to all
12:46
services this powerful feature can be
12:48
used for maintaining long-term access to
12:50
a compromised network one secret trick
12:52
you want to learn is how to stay hidden
12:54
you can't ignore the next step step
12:56
number five covering tracks in this
12:58
final step hackers remove all signs of
13:00
their presence and activities from the
13:02
system this includes altering or
13:04
deleting logs that show the hacking
13:06
activities and any other evidence that
13:08
might point to their unauthorized
13:09
actions one amazing tool I want to
13:11
highlight here is the SCE internal suite
13:13
developed by Microsoft is a collection
13:15
of over 70 different utilities that can
13:17
be used to accomplish an array of tasks
13:19
related to system management
13:20
troubleshooting and diagnostic
13:22
activities under Windows environments
13:24
for the purpose of covering tracks this
13:26
tool is part of the SCE internal suite
13:28
designed to securely delete existing
13:30
files as well as previously deleted data
13:32
by overwriting them for hackers this
13:34
means it can be used to securely delete
13:36
logs and other files that might indicate
13:38
their presence process explorer and
13:40
process monitor these tools can be used
13:42
to monitor and review processes threads
13:45
and handle information currently running
13:47
on the system hackers could use these
13:49
tools to identify and stop services that
13:51
may log or monitor activities such as
13:53
security software auto runs this utility
13:56
can be used to view which programs are
13:57
configured to run during system boot up
13:59
or login it can be crucial for removing
14:01
any traces of malware or unauthorized
14:04
applications that were set to
14:05
automatically start thus hiding their
14:07
existence from system administrators so
14:09
what happens after you're done with
14:10
covering your tracks it's time for phase
14:13
six actions on objectives after securing
14:15
presence and ensuring stealth hackers
14:17
proceed with their primary objectives
14:19
which could range from data exfiltration
14:21
espionage and launching malware each
14:23
phase of the hacking process requires a
14:25
blend of technical skills critical
14:27
thinking and specialized tools you're
14:29
now on the fast track to becoming a
14:30
professional hacker you know the process
14:33
the most powerful tools and even some
14:35
tricks to get you going hope you enjoyed
14:37
and happy hacking and happy hacking
#Computer Security
#Hacking & Cracking
#Network Security