5 courses to learn ethical hacking online - white hat

Jumpstart your cybersecurity career with an online ethical hacking course. Ethical hacking is the process of attempting to penetrate computer systems and networks with the intention of locating weaknesses and vulnerabilities (real and potential) that could be exploited by malicious hackers. Any information uncovered is then used to improve the system’s security and plug loopholes. It’s a skill in high demand.  

Ethical hacking is sometimes referred to as penetration testing, intrusion testing, or red teaming. There are many types of hackers – all colors of the rainbow, in fact – and ethical hackers are usually referred to as white hats.

Is ethical hacking legal?

Yes. In 2015, the Librarian of Congress issued a number of exemptions to the 1998 Digital Millennium Copyright Act that effectively allows white hat hackers to hack software in the name of research and on condition they disclose any vulnerabilities they might find. (Read more about this controversial move as it relates to your relationship with the devices you own, including your vehicle.)

An ethical hacker must abide by the following (informal) guidelines:

  • Get express (written, preferably) permission to attempt to penetrate an organization’s system
  • Be respectful of all the company’s rules and policies
  • Notify the company of all weaknesses and vulnerabilities found
  • Leave the system in the way it was found, i.e. do not create any weaknesses that could be exploited at a later date
  • Keep a written record of what is done on the system
  • Do not violate the laws of a country by, for example, doing something that breaches copyrights, intellectual property, privacy laws, etc.

Why do an ethical hacking course?

An organization may hire an ethical hacker to attempt to hack their computer system within certain restrictions set by the company and country law. A company may also train a staff member to perform this role in-house. Sometimes ethical hackers are simply geeks who hack on their own time, but not destructively. These kinds of hackers do it “for the fun of it” and, if they’re bounty hunters, even get paid if they find a loophole in an organization’s system.

You’ll be in excellent company, for instance, Sir Timothy John Berners-Lee, best known as the inventor of the World Wide Web. A little known fact about Sir Timothy is that he was a hacker in his early years. According to Investopedia, “As a student at Oxford University, Berners-Lee was banned from using the university computers after he and a friend were caught hacking to gain access to restricted areas.”

One of the most notorious white hat hackers in recent times is Kevin Mitnick, described once by the US Department of Justice, as “the most wanted computer criminal in United States history”. After serving time for unlawful hacking, he reformed and became a paid ethical hacking consultant for numerous Fortune 500 companies as well as for the FBI. Who says going straight doesn’t pay?

As a career, ethical hacking can be extremely lucrative. According to InfoSec Institute, salaries for certified ethical hackers in 2018 ranged from $24,760 to $111,502, with a bonus payout between $0.00 and $17,500. A 2018 Indeed survey found that ethical hacking salaries ranged from approximately $67,703 per year for a network analyst to $115,592 per year for a penetration tester.

The Exabeam 2018 Cyber Security Professionals Salary and Job Report found that 23.7 percent of security professionals surveyed had CEH certification.

The essential skills to becoming a master hacker

Unless you specialize in a particular area, e.g. mobile or forensics, a formal one-size-fits-all course typically touches on the following subject matter:

  • Buffer Overflows, Cryptography, Denial of Service, Enumeration, Firewalls, Exploitation, Finger Printing, Foot Printing, Hacker Types, Hacking Mobile Platforms, Hacking Web Applications, Hacking Web Servers, Penetration Testing, Reconnaissance, Scanning Networks, Session Hijacking, Sniffing, Social Engineering, SQL Injection, System Hacking, TCP/IP Hijacking, Hacking Tools, Trojans and Backdoors, Viruses and Worms, and Wireless Hacking.

Succinctly summed up by OCCUPYTHEWEB, to get started, here is what you really need to master:

  • Basic computer skills (not just MS Word but using the command line, editing the registry and setting up a network
  • Networking skills (e.g. understanding routers and switches, internet protocols, advanced TCP/IP, etc.)
  • Linux skills (non-negotiable)
  • Hacker tools (e.g. Wireshark, TcpDump, Kali Linux, etc.)
  • Virtualization
  • Security concepts and technologies (e.g. SSL, IDS, firewalls, etc.)
  • Wireless technologies
  • Scripting (e.g Perl, BASH, Windows PowerShell, etc.)
  • Database skills (starting with SQL)
  • Web programming and applications (how hackers target them)
  • Digital forensics
  • Cryptography (encryption)
  • Reverse engineering

Ethical hacking course certification

The most widely recognized ethical hacking credential is the Certified Ethical Hacker (CEH) credential from EC-Council. You don’t have to sign up for their course before taking the exam, but all self-study students have to go through a formal eligibility process. Should you pay for training or just wing it on your own? There is enough free training on the internet to get you started, including sample question papers and study manuals. You can always pay for a formal, recognized course if you decide you want to specialize, fail the exam, or are being sponsored by your company.

The EC-Council also offers the Certified Network Defense Architect (CNDA) credential. To be eligible for the course, you need to first obtain CEH certification from EC-Council and must be employed by a government or military agency, or be a contract employee of the US government.

Tips on choosing an ethical hacking course

  • Contributors on websites like Quora warn that paid courses may not always be the best way to learn how to be an ethical hacker. Some instead suggest self-learning, joining an ethical hacking forum, or paying an ethical hacker to share with you their knowledge and experience.
  • Start with a free course to get your feet wet and decide if you can, and want to, hack it (pardon the pun).
  • Shop around. Many companies, e.g. Udemy, offer discounts or credits if you sign up for more than one course.
  • Do some research on the professional tools used by hackers. Once you’ve learned the theory, you might want to become an expert on using a specific tool or platform. Hacking software vendors usually provide tutorials for their applications.
  • It’s a bonus if the course you choose includes instructions on setting up your own virtual hacking lab, as most tutorials use a specific hacking environment (framework, operating system, or tool.) If it doesn’t, there are plenty of resources to help amateurs get started.
  • Unethical hackers prey on amateurs, so be careful out there and don’t sign up with unethical hackers who promise to teach you the ropes.

Get started with: 13+ free pentesting tools

Also see: Finding your first job in cyber security: A guide for computer science and technology graduates

Doing a course provides some proof of your knowledge. We’ve rounded up some great ethical hacking courses – free and paid – to help you get started. To make the best use of these resources, visit the vendors’ websites to browse related courses. Following the guidelines above, you can mix and match to create a custom training program to fulfill your cybersecurity career goals.

Best ethical hacking courses and resources

1. Udemy Learn Ethical Hacking From Scratch (Paid – beginners)

ethical hacking course

This is a very comprehensive ethical hacking course for absolute beginners with no previous knowledge of hacking or penetration testing. It focuses on the practical side of penetration testing but doesn’t neglect the theory, e.g. how devices interact inside a network. You will first learn how to set up a testing lab on your own machine, and how to install the Kali Linux operating system. Don’t worry if you’re not familiar with Linux; you will quickly learn the basic commands you need to interact with the Kali Linux terminal.

Cost:

  • Approximately $150, although Udemy offers regular specials

Covers:

  • Network penetration testing
  • Gaining access
  • Post exploitation
  • Web application penetration testing

Duration:

  • 12.5 hours on-demand video (about 120 videos)

Requirements:

  • Basic IT skills
  • Wireless adapter

More: Udemy provides an easily navigable portal to a wide range of ethical hacking courses, free and paid. Running a search on “ethical hacking” returns over 800 matches, more than 40 of them free. Some suggestions to get started:

  • Start Kali Linux, Ethical Hacking and Penetration Testing! (Free – Beginner) – Offers a complete tutorial on how to install VirtualBox, including on Windows 8.1, and run Kali Linux in any environment. Learn how to create a virtual environment and the basics of the Linux terminal. All you need is a fast internet connection. (4 hours)
  • Kali Linux tutorial for beginners (Paid – Beginner) – Focuses on configuring the Kali Linux operating system to build up Linux targets from scratch to hack. No previous knowledge of Linux required. You will need to have a basic understanding of networking concepts and of ethical hacking concepts such as port scanning, vulnerability scanning, etc. (5.5 hours)

2. Cybrary The Art of Exploitation (Free – Intermediate)

ethical hacking course

Buffer Overflow occurs when a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations, creating a potential security vulnerability. In this ethical hacking course, you will write a Python script and use it to hack a system affected with Buffer Overflow.

Covers:

  • Vulnerability and exploit
  • Buffer Overflow

Duration:

  • 3 hours on-demand video

Requirements:

  • Prior coding experience

More: Cybrary courses are totally free and cover a wide range of subjects, but you must pay if you want a certificate of completion, or to access the assessments and exams (approximately $99/month). The website is well organized with an option to select ethical hacking courses suitable for a specific career path, e.g. penetration tester or network engineer, and even create your own syllabus. You can search for courses by skill type, level, or certification. When you sign up, you will be directed to your dashboard, which displays the courses you’ve completed or are busy with, your certifications, and even posts you’ve published to the Cybrary community.

This site is ideal if you want to build up a portfolio of knowledge, keep track of your progress, and ultimately choose one or more certifications.

3. EH Academy The Complete Cyber Security & Hacking Course (Free – Beginner to Intermediate)

ethical hacking course

This ethical hacking course covers the basics of white hat hacking including a detailed video on how to set up a lab. You’ll also get an introduction to Nmap and Metasploit tools and learn basic Windows and Linux commands. A nice touch is that below each video you can comment or post questions to the instructor or other students.

Covers:

  • Computer basics & introduction
  • Setting up your lab
  • Ethical hacking (basics to advanced) – information gathering

Duration:

  • 1.5 days

Requirements:

  • Reliable internet connection

More: For the advanced hacker, EH Academy offers a wide range of specialized ethical hacking courses, most of them paid (ranging from $50 to $200), e.g: “Using Python For Offensive Penetration Testing”, “Advanced Mobile Application Penetration Testing”, “iOS Application Penetration Testing Training”, “Metasploit training for Penetration testing & Ethical Hacking”, and “VoIP Hacking & Penetration Testing Training”.

4. Offensive Security Metasploit Unleashed (Intermediate to Advanced – Free)

ethical hacking course

The in-depth Metasploit Unleashed (MSFU) ethical hacking course is provided free of charge by Offensive Security in order to raise awareness for underprivileged children in East Africa. It assumes you understand some fundamentals, e.g. command line interface commands, scripts, etc.

Covers:

  • Everything you need to know to get started with Metasploit
  • Hands-on practice from information gathering to writing a simple fuzzer

Duration:

  • Self-paced

Requirements:

  • Reliable internet connection
  • A virtual machine (aka Hypervisor) to host your labs
  • Minimum 10 gigabytes of storage space
  • Sufficient RAM (check under Requirements in the Introduction section to calculate how much you will need)
  • The bare-minimum requirement for VMware Player is a 400MHz or faster processor (500MHz recommended)
  • Kali Linux (download under Requirements in the Introduction section)
  • A vulnerable VMware virtual machine to scan and attack (download “Metasploitable” under Requirements in the Introduction section)

5. Cyber Degrees Cryptography (University of Maryland) (Intermediate – Free)

ethical hacking course

By the end of this ethical hacking course, you’ll have a firm grasp of cryptographic primitives in wide use today and a knowledge of how to combine these in order to develop modern protocols for secure communication.

Covers:

  • Foundations and practical applications of modern cryptography

Duration:

  • 7 weeks

Requirements:

  • Some experience covering discrete mathematics and basic probability
  • Prior exposure to algorithms will be helpful
  • Familiarity with programming in a C-like language
  • Mathematical maturity

More: MOOCs (Massive Open Online Courses) are free online college-level classes open to everyone. They are apparently “more popular than cheese.” They don’t count towards degree credits but will be appreciated by future employers as degree-level training. The method of instruction is usually video but instructors’ brains can be picked on virtual forums and during chat sessions. There are various types of assessments, from peer assessment to formal exams, depending on the course. Some of the courses have fixed schedules and most take between six to eight weeks to complete.

Where to on my ethical hacking journey from here?

Formal ethical hacking courses are ideal for on-the-job training in a specific niche. Alternatively, many hackers advocate self-learning. The advantage of this is that you get to discover your field(s) of particular interest. Below are listed some portals to “other” (free) resources, tutorials, hands-on challenges, and articles on ethical hacking.

  • Hacking Tutorial – Access this site with care; some of these tips and tricks are a bit dodgy, if not downright illegal. The reason we include it is that one of the responsibilities of an ethical hacker is to know what their evil counterpart is up to.
  • Hack this site – A free, safe, and legal training ground for hackers to test and expand their hacking skills. Includes an IRC channel where you can hook up with fellow white hatters and ask questions.
  • Exploit Exercises – As the name suggests, see if you can spot code vulnerabilities in a series of advanced hacking challenges.
  • Crypto Pals – Eight sets of crypto challenges. You don’t need to know about crypto but you should be familiar with at least one mainstream coding language. You need to work through all 48 exercises as some code is used in later challenges.
  • Vuln Hub – This site offers a really fun way to practice your skills in hands-on workshops, e.g. download a custom VM and then try to obtain root level access.
  • YouTube – Perfect for the lazy ethical hacker; all you need is popcorn. Simply search on “ethical hacking course.”
  • Hacking eBooks Collection – A private collection of hacking literature.
  • Tutorials Point – The Ethical Hacking Tutorial provides a good overview for beginners.
  • Open Security Training – The Hacking Techniques and Intrusion Detection course is under a Creative Commons License so you can use it to train employees in-house. All the materials are supplied; just add an instructor. The course creator is available for on-site training.

Happy hacking and stay legal!

Image for White Hat for Hacker by zeevveez via Flickr. Licensed under CC BY 2.0