If you want to become a skilled ethical hacker who can find, exploit, and responsibly report real security weaknesses - and do it faster by working side-by-side with AI - this course is for you. You'll start from the absolute foundations of cybersecurity and the legal framework that governs professional hacking, then build a complete Kali Linux lab, master how the web really works under the hood, and move all the way up to hands-on exploitation of the most common web vulnerabilities. Throughout the course, you'll learn how modern AI tools reshape a hacker's workflow, speeding up reconnaissance, crafting and mutating payloads, reading unfamiliar code, and even writing professional pentest reports. The course closes with an introduction to an entirely new frontier: attacking AI systems themselves through prompt injection and the OWASP LLM Top 10.
-
Foundations: What ethical hacking is, the role of a penetration tester, types of hackers, threat actors, attacker motivations, the cyber kill chain, and the MITRE ATT&CK framework
-
Legal & Ethical Practice: Scope, authorization, rules of engagement, responsible disclosure, and the major laws and standards every tester must respect
-
Methodology: The five phases of a penetration test, plus industry standards like PTES and the OWASP Testing Guide
-
Lab Setup: Installing Kali Linux in a virtual machine, networking, essential tools, intentionally vulnerable apps (DVWA, Juice Shop), and good lab hygiene
-
Web & Internet Internals: Clients and servers, DNS, IP, TCP/IP, ports, front-end vs back-end, HTML/CSS/JavaScript, databases, APIs, and common stacks
-
HTTP in Depth: The anatomy of requests and responses, methods, headers, query strings vs body, content types, status codes, cookies, sessions, tokens, JWTs, and HTTPS/TLS basics
-
Traffic Interception: Installing and configuring Caido to read, replay, modify, and automate real requests
-
AI-Assisted Hacking: Using LLMs as a research partner, code reader, and payload generator, including effective prompting patterns and their pitfalls
-
Web Exploitation: Broken Access Control (IDOR, privilege escalation, forced browsing), SQL Injection, Command Injection, Cross-Site Scripting (reflected, stored, DOM-based), Security Misconfiguration, Vulnerable Components, and Server-Side Request Forgery (SSRF)
-
Full Engagement: An end-to-end AI-assisted web penetration test against a vulnerable target, including AI-assisted reporting
-
LLM Security: Why AI applications are a new attack surface, the OWASP LLM Top 10, and both direct and indirect prompt injection
-
Carry out a structured, professional web penetration test from reconnaissance to reporting
-
Identify and exploit the most common web vulnerabilities in a safe, authorized environment
-
Use AI tools to dramatically speed up recon, payload crafting, code review, and reporting
-
Understand and probe the security of modern AI/LLM applications
-
Work as a penetration tester or security analyst, or strengthen your own products against attack
- A personal computer with 4GB+ RAM
- Basic knowledge of computer literacy
Language: Hausa
Tutors:
- Engr. Ibrahim Auwal
- Dr. Salisu Abdurrazak Saheel
Course Page: https://flowdiary.ai/course/AEH-101
Contact: hello@flowdiary.ai