Ethical hacking is the process of attempting to penetrate computer systems and networks with the intention of locating weaknesses and vulnerabilities (real and potential) that could be exploited by malicious hackers. Any information uncovered is then used to improve the system’s security and plug loopholes. Sound interesting? Then an online ethical hacking course is for you.
Ethical hacking is sometimes referred to as penetration testing, intrusion testing, or red teaming. There are many types of hackers, and ethical hackers are usually referred to as white hat hackers. This skill is in high demand and a white hat hacking course can jumpstart your cybersecurity career.
A quick search will yield a ton of results for an ethical hacking course online, but they aren’t all worth your time. We reveal more about our favorite courses below, but if you’re in a rush, here are our top picks for the best ethical hacking courses:
- StationX – The Complete Ethical Hacking Course Bundle
- Udemy – Learn Ethical Hacking From Scratch
- Cybrary – The Art of Exploitation
- EH Academy – The Complete Cyber Security & Hacking Course
- Offensive Security – Metasploit Unleashed
- Coursera – Cryptography
- Introduction to Ethical Hacking and Cyber Security
We’ve included a range of course types in our list, but here are some things to think about when deciding on which one to try first:
- Don’t go in over your head. Some courses assume a certain level of background knowledge, while others are targeted at complete beginners. Choose a course that’s at the right level for you.
- Consider minimum requirements. Bear in mind that you’ll need specific software to follow some courses, so be prepared to gather some resources if needed.
- Look for special offers. Paid courses are often of higher quality, but they can get pricey. However, many companies run special offers so you end up paying very little for a superior-quality course.
- Watch out for scammers. Unethical hackers prey on amateurs, so be careful you don’t sign up with unethical hackers who promise to teach you the ropes.
Best ethical hacking courses online
Here is our list of the best ethical hacking courses to learn hacking from scratch:
1. StationX – The Complete Ethical Hacking Course Bundle (Paid – Beginner)
StationX’s The Complete Ethical Hacking Course Bundle is our top choice for the best ethical hacking course and is really the gold standard for white hat hacker training. This comprehensive course was developed with beginners in mind and contains everything you need to know about ethical hacking and how to secure systems against attacks.
It starts with basic terminology and shows you how to install the required software, and how to set up a penetration testing lab. Aside from ethical hacking and penetration testing, you’ll also learn about hacking and testing for websites and networks, social engineering, and using Android for testing computer system security.
Your instructor throughout is computer scientist and ethical hacker Zaid Al Quraishi.
This bundle usually costs $500 but Comparitech readers save 87% and benefit from five courses for just $65.
Courses in bundle:
- Ethical hacking from scratch
- Website hacking from scratch
- Network hacking from scratch
- Social engineering from scratch
- Hacking using Android
- Basic IT skills
- Wireless adapter
2. Udemy – Learn Ethical Hacking From Scratch (Paid – Beginner)
This is a very comprehensive ethical hacking course for absolute beginners with no previous knowledge of hacking or penetration testing. It focuses on the practical side of penetration testing but doesn’t neglect the theory, for example, how devices interact inside a network.
You will first learn how to set up a testing lab on your own machine, and how to install the Kali Linux operating system. Don’t worry if you’re not familiar with Linux; you will quickly learn the basic commands you need to interact with the Kali Linux terminal.
Approximately $100, although Udemy offers regular specials.
TIP: This course is included as part of the StationX Ethical Hacking bundle.
- Network penetration testing
- Gaining access
- Post exploitation
- Web application penetration testing
- 12.5 hours of on-demand video (about 120 videos)
- Basic IT skills
- Wireless adapter
More: Udemy provides an easily navigable portal to a wide range of ethical hacking courses, free and paid. Running a search on “ethical hacking” returns over 800 matches, more than 40 of them free. Some suggestions to get started:
- Start Kali Linux, Ethical Hacking and Penetration Testing! (Free – Beginner) – Offers a complete tutorial on how to install VirtualBox, including on Windows 8.1, and run Kali Linux in any environment. Learn how to create a virtual environment and the basics of the Linux terminal. All you need is a fast internet connection. (4 hours)
- Kali Linux tutorial for beginners (Paid – Beginner) – Focuses on configuring the Kali Linux operating system to build up Linux targets from scratch to hack. No previous knowledge of Linux required. You will need to have a basic understanding of networking concepts and of ethical hacking concepts such as port scanning, vulnerability scanning, and so on. (5.5 hours)
3. Cybrary – The Art of Exploitation (Free – Intermediate)
Buffer Overflow occurs when a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations, creating a potential security vulnerability. In this ethical hacking course, you will write a Python script and use it to hack a system affected with Buffer Overflow.
- Vulnerability and exploit
- Buffer overflow
- 3 hours of on-demand video
- Prior coding experience
More: Cybrary courses are totally free and cover a wide range of subjects, but you must pay if you want a certificate of completion, or to access the assessments and exams (approximately $99 per month). The website is well organized with an option to select ethical hacking courses suitable for a specific career path, for example, penetration tester or network engineer, and even create your own syllabus.
You can search for courses by skill type, level, or certification. When you sign up, you will be directed to your dashboard, which displays the courses you’ve completed or are busy with, your certifications, and even posts you’ve published to the Cybrary community. This site is ideal if you want to build up a portfolio of knowledge, keep track of your progress, and ultimately choose one or more certifications.
4. EH Academy – The Complete Cyber Security & Hacking Course (Free – Beginner to Intermediate)
This ethical hacking course covers the basics of white hat hacking including a detailed video on how to set up a lab. You’ll also get an introduction to Nmap and Metasploit tools and learn basic Windows and Linux commands. A nice touch is that below each video you can comment or post questions to the instructor or other students.
- Computer basics and introduction
- Setting up your lab
- Information gathering
- System hacking
- Web server (site) hacking
- 1.5 days
- Reliable internet connection
More: For the advanced hacker, EH Academy offers a wide range of specialized ethical hacking courses, most of them paid (ranging from $50 to $200). Examples are Using Python For Offensive Penetration Testing, Advanced Mobile Application Penetration Testing, iOS Application Penetration Testing Training, Metasploit training for Penetration Testing & Ethical Hacking, and VoIP Hacking & Penetration Testing Training.
5. Offensive Security – Metasploit Unleashed (Free – Intermediate to Advanced)
The in-depth Metasploit Unleashed ethical hacking course is provided for by Offensive Security. The organization’s goal in providing the course is to increase awareness for children in East Africa who are underprivileged. The course assumes you understand some fundamentals, for example, command-line interface commands, and scripts.
- Everything you need to know to get started with Metasploit
- Hands-on practice from information gathering to writing a simple fuzzer
- Reliable internet connection
- A virtual machine (aka Hypervisor) to host your labs
- Minimum 10 gigabytes of storage space
- Sufficient RAM (check under Requirements in the Introduction section to calculate how much you will need)
- The bare-minimum requirement for VMware Player is a 400 MHz or faster processor (500MHz recommended)
- Kali Linux (download under Requirements in the Introduction section)
- A vulnerable VMware virtual machine to scan and attack (download “Metasploitable” under Requirements in the Introduction section)
6. Coursera – Cryptography (Free – Intermediate)
By the end of this ethical hacking course, provided by the University of Maryland through Coursera, you’ll have a firm grasp of cryptographic primitives in wide use today. You’ll also learn how to combine these to develop modern protocols for secure communication.
- Foundations and practical applications of modern cryptography
- 7 weeks
- Some experience covering discrete mathematics and basic probability
- Prior exposure to algorithms will be helpful
- Familiarity with programming in a C-like language
- Mathematical maturity
More: MOOCs (Massive Open Online Courses) are free online college-level classes open to everyone. They are apparently “more popular than cheese.” They don’t count towards degree credits but will be appreciated by future employers as degree-level training.
The method of instruction is usually video but instructors’ brains can be picked on virtual forums and during chat sessions. There are various types of assessments, from peer assessment to formal exams, depending on the course. Some of the courses have fixed schedules and most take between six to eight weeks to complete.
This free course offered by Mindsmapped is a four-part program. Aimed at beginners, it comprises 35 lectures in total and should take around five hours to complete.
The fours modules are:
- Introduction to Cyber Security and Ethical Hacking (2 lectures)
- Deep-Dive into Ethical Hacking (3 lectures)
- Penetration Testing (6 lectures)
- Ethical Hacking (24 lectures)
You’ll learn the basics of ethical hacking including exactly what it is and its different phases. The course also delves into virtualization and penetration testing, including practical applications of all topics.
If you’re keen to learn more, you can check out several additional ethical hacking courses offered by Mindsmapped:
- Certified Ethical Hacking (CEH) Training
- Penetration Testing with Kali Linux
- Python for Ethical Hacking: Beginners to Advanced Level
Is ethical hacking legal?
Yes. In 2015, the Librarian of Congress issued a number of exemptions to the 1998 Digital Millennium Copyright Act which effectively allow white hat hackers to hack software in the name of research and on condition they disclose any vulnerabilities they might find. This controversial topic is increasingly relevant as more everyday items, including vehicles, contain computers.
An ethical hacker must abide by the following (informal) guidelines:
- Get express (written, preferably) permission to attempt to penetrate an organization’s system.
- Be respectful of all the company’s rules and policies.
- Notify the company of all weaknesses and vulnerabilities found.
- Leave the system in the way it was found, that is do not create any weaknesses that could be exploited at a later date.
- Keep a written record of what is done on the system.
- Do not violate the laws of a country by, for example, doing something that breaches copyrights, intellectual property, privacy laws, and so on.
Why take an ethical hacking course?
An organization may hire an ethical hacker to attempt to hack their computer system within certain restrictions set by the company and country law. A company may also train a staff member to perform this role in-house. Sometimes ethical hackers are simply self-proclaimed “geeks” who hack on their own time, but not destructively. These kinds of hackers do it “for the fun of it” and, if they’re bounty hunters, even get paid if they find a loophole in an organization’s system.
If you decide to undergo white hat hacker training, you’ll be in excellent company. For instance, a little-known fact about Sir Timothy John Berners-Lee, best known as the inventor of the World Wide Web, is that he was a hacker in his early years. According to Investopedia, “As a student at Oxford University, Berners-Lee was banned from using the university computers after he and a friend were caught hacking to gain access to restricted areas.”
One of the most notorious white hat hackers in recent times is Kevin Mitnick, described once by the US Department of Justice, as “the most wanted computer criminal in United States history.” After serving time for unlawful hacking, he reformed and became a paid ethical hacking consultant for numerous Fortune 500 companies, as well as for the FBI.
As a career, ethical hacking can be quite lucrative. According to InfoSec Institute, salaries for certified ethical hackers in 2018 ranged from $24,760 to $111,502, with a bonus payout up to $17,500. A 2018 Indeed survey found that ethical hacking salaries ranged from approximately $67,703 per year for a network analyst to $115,592 per year for a penetration tester.
The Exabeam 2018 Cyber Security Professionals Salary and Job Report found that 23.7 percent of security professionals surveyed had a CEH certification (more on that below).
Ethical hacking course certification
The most widely recognized ethical hacking credential is the Certified Ethical Hacker (CEH) credential from EC-Council. You don’t have to sign up for their course before taking the exam, but all self-study students have to go through a formal eligibility process. You could take one or more of the courses listed above and go for the accreditation separately.
The EC-Council also offers the Certified Network Defense Architect (CNDA) credential. To be eligible for the course, you need to first obtain CEH certification from EC-Council and must be employed by a government or military agency, or be a contract employee of the US government.
The essential skills to becoming a master hacker
Unless you specialize in a particular area, for example, mobile or forensics, a formal one-size-fits-all course typically touches on the following subject matter:
- Buffer overflows, cryptography, denial of service, enumeration, firewalls, exploitation, fingerprinting, foot printing, hacker types, hacking mobile platforms, hacking web applications, hacking web servers, penetration testing, reconnaissance, scanning networks, session hijacking, sniffing, social engineering, sql injection, system hacking, tcp/ip hijacking, hacking tools, trojans and backdoors, viruses and worms, and wireless hacking.
Succinctly summed up by OCCUPYTHEWEB, to get started, here’s what you really need to master:
- Basic computer skills (not just MS Word but using the command line, editing the registry, and setting up a network
- Networking skills (for example, understanding routers and switches, internet protocols, and advanced TCP/IP)
- Linux skills (these are non-negotiable)
- Hacker tools (for example, Wireshark, TcpDump, and Kali Linux)
- Security concepts and technologies (such as SSL, IDS, and firewalls)
- Wireless technologies
- Scripting (for example, Perl, BASH, and Windows PowerShell)
- Database skills (starting with SQL)
- Web programming and applications (how hackers target them)
- Digital forensics
- Cryptography (encryption)
- Reverse engineering
Other ethical hacking resources
Formal ethical hacking courses are ideal for on-the-job training in a specific niche. Alternatively, many hackers advocate self-learning. The advantage of this is that you get to discover your field of particular interest. Below are some other free resources, tutorials, hands-on challenges, and articles on ethical hacking.
- Hacking Tutorial – Access this site with care; some of these tips and tricks are questionable, if not downright illegal. The reason we include it is that one of the responsibilities of an ethical hacker is to know what their evil counterpart is up to.
- Hack This Site – A free, safe, and legal training ground for hackers to test and expand their hacking skills. Includes an IRC channel where you can hook up with fellow white hatters and ask questions.
- Exploit Exercises – As the name suggests, see if you can spot code vulnerabilities in a series of advanced hacking challenges.
- Crypto Pals – Eight sets of crypto challenges. You don’t need to know about crypto but you should be familiar with at least one mainstream coding language. You need to work through all 48 exercises as some code is used in later challenges.
- Vuln Hub – This site offers a really fun way to practice your skills in hands-on workshops, for example, download a custom VM and then try to obtain root level access.
- YouTube – Perfect for the lazy ethical hacker; all you need is popcorn. Simply search “ethical hacking course.”
- Tutorials Point – The Ethical Hacking Tutorial provides a good overview for beginners.
- Open Security Training – The Hacking Techniques and Intrusion Detection course is under a Creative Commons License so you can use it to train employees in-house. All the materials are supplied; just add an instructor. The course creator is available for on-site training.
To enhance your learning experience, you might consider joining an ethical hacking forum or paying an ethical hacker to share their knowledge and experience with you. If you’re interested in a particular tool or platform, most hacking software vendors provide in-depth tutorials for their applications.
Happy hacking and stay legal!