TCM’s Ethical Hacking in 15 Hours — 2023 Edition — Learn to Hack! (Part 1) — Review

5 min readJun 25, 2023

Content link: https://www.youtube.com/watch?v=3FNYvj2U0HM

Background

Before I delve into the review, I would like to talk a little bit about my background so that the reader has an idea of the perspective this review is coming from

I am SzwochM, an up and coming Cybersecurity professional. I am eJPT, and Security+ certified. I have also recently graduated with a B.A in Computer Science, so I have a decent amount of knowledge when it comes to programming in general. The last thing I would like to mention is that I did about 80% of the eCPPT’s content before my subscription expired. I decided not to renew my subscription with INE, and instead went with Offsec’s Learn One as the OSCP has better employment opportunities at the time of writing this article. (See below)

6/14/2023 — LinkedIn Job Results — No other filters

God Dang INE! I love your content but you guys gotta’ step up your HR game. You’re getting beat by the new guy on the block!

Goal

When approaching this content my goal was to reinforce concepts, fill in knowledge gaps, and learn new tricks. In other words I wanted to approach the material from a different angle rather than learning something new from scratch. I also wanted something convenient that I could watch while on lunch, or otherwise away from my computer. This means that I watched the video content in a relatively small timeframe (5–7 hours a day), and would not recommend this approach for someone learning these topics for the first time.

With that being said lets begin.

TCM’s Ethical Hacking in 15 Hours — 2023 Edition — Learn to Hack! (Part 1) covers the first half of the PEH course released by The Cyber Mentor A.K.A Heath Adam. As the CEO of TCM, a company that produces Cybersecurity content. TCM released this content so that anyone in the world with an internet connection has access to quality content.

The Layout

The course consists of ~50 short videos all aggregated into one video. Part one acts as a foundation, with a little Cybersecurity at the end. Here is the simplified organization:

Introduction & Day in the Life of an Ethical Hacker
Time range (0:00 -> 27:43)
Preliminary Skills: Notetaking, Networking, Protocols, Subnetting
Time range (27:44 -> 1:46:00)
Preliminary Skills: Using VMs, Kali and Linux in general
Time range (1:46:01 -> 3:18:35)
Preliminary Skills: Scripting, Programing in Python
Time range (3:18:35 -> 6:22:31)
Ethical Hacking: Beginning of Information Gathering
Time range (6:22:32 -> 7:14:29)

Introduction & Day in the Life of an Ethical Hacker

Right off the bat, I loved the Day in the Life of an Ethical Hacker section. No other course I had taken at this point had broken down exactly how long each type of assessment should take. For example consider the following slide…

Wireless Assessment Timeframe — TCM (15:39)

Prior to viewing this slide I had no idea about what would be an appropriate amount of time to spend on a Wireless Pentest. Three bullets later, and now I feel confident with giving clients estimates for this service. Small details such as this are exactly why I love TCM’s content.

Preliminary Skills: Notetaking, Networking, Protocols, Subnetting

There were a couple of things I liked about this section. I ended up preferring TCM’s suggestion of Greenshot and KeepNote over the tools I had been using (Windows Snipping Tool & CherryTree). The networking, and protocol videos were short and sweet. Just enough to get an aspiring analyst going, but I would recommend more research to anyone learning these topics for the first time. By comparison INE’s protocol content was much more granular. For example TCM mentions the TCP 3-way handshake, while INE dives into the nitty gritty such as TCP sequence number generation, TCP Headers, and constantly referring to RFCs. Finally I thought that the subnetting section was sufficient, but again would recommend practice.

Preliminary Skills: Using VMs, Kali and Linux in general

This section is where TCM blows the competition out of the water again by making the content more friendly for new students. TCM walks the student through on installing the software necessary to create a lab. He goes step by step from installing VMware, to updating Kali. He also points out the dangers associated with said updates (Tools breaking) which competitors forget. Although this seems simple, I’m sure new students will appreciate the warning. TCM then shows the student general Linux usage, mentioning things that I had previously missed. In particular I enjoyed how Sudo, and Linux privileges were explained. Finally, I fully intend to make use of his recommendation of PimpMyKali.sh to fix the various broken tools I have on my distro.

Preliminary Skills: Scripting (Bash), Programing (Python)

As I am a Computer Science graduate, I already had tons of experience programming projects in Python, thus I skipped through alot of this content. I did enjoy how TCM broke down on how to create a ping scanner using Bash. It was very easy to follow along, while also creating a useful tool. Yes there are dozens of better ping scan options out there (Fping, Amass, Nmap), but this simple example encourages students to try their hand at creating tools.

Scripting a PingSweeper using Bash — TCM (3:35:37)

Ethical Hacking: Beginning of Information Gathering

The final section covers some basics of information gathering. TCM’s approach of using Bug Crowd to find a target for OSINT was very clever, and miles ahead of INE’s elsfoo.com (Which no longer works anyways). TCM’s recommendations for credential hunting also greatly exceed the typical suggestion of rockyou.txt.

Grading / Summary

Pricing: 10/10
0$ The best things in life are free. If you decide that you want to get the PNPT certificate there’s a few things to note. The exam voucher is $299, however it also covers concepts from the Windows Priv Escalation, Linux Priv Escalation courses. I would suggest just getting the $399 package which also includes courses on OSINT, and a playbook for external pentesting. Finally, TCM is moving to a subscription model in July 2023, so courses will be available for $30 monthly instead of a flat $30 per course. (Similar to OSCP’s Learn One, and INE’s Annual plans)

Student Friendliness: 9/10
Concepts were introduced, explained, and reinforced in a way that any student can understand.

Hands On: 8/10
INE and OffSec provide a greater variety of labs allowing for a more accurate simulation. However, these labs are generally only available with annual subscriptions and may be outside of the price point of aspiring hackers. Also some of INE’s and OffSec’s labs can be buggy/slow and prone to crashes.

Quality of information: 8/10
It is apparent that this course is aimed at people new to the Cybersecurity field. This course balances detail while still maintaining a relatively low learning curve.