[ Certified Ethical Hacker v10 ] :: Using ngrok to Set a Trap From Inside NAT

This entry is part 29 of 29 in the series [ Certified Ethical Hacker Training ]

In a lot of hacking examples, the instructor demonstrates a tool like BeEF that requires you to have a website to host the trapping script (for instance, acookie stealer). They’ll often use a localhost address (127.0.0.1) and effectively set a trap for themselves (it’s a demo, after all), without showing you how to use the …

[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website

This entry is part 25 of 32 in the series [ Hacker Night School ]

OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …

[ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Physical Security

This entry is part 24 of 29 in the series [ Certified Ethical Hacker Training ]

Like Social Engineering, Physical Security is a domain that’s very lightly covered in the CEH exam. Vocabulary FRR: False Rejection Rate FAR: False Acceptance Rate CER: Crossover Error Rate Security Measures Against Physical Threats Physical Measures (locks) Technical Measures (smart cards, biometrics) Operational Measures (policies and procedures) Interesting Inside Information Attacks Cyber lock locksmith codes …

[ Certified Ethical Hacker v10 ] :: [ Chapter 5 cont’d] :: Hash Cracking

This entry is part 9 of 29 in the series [ Certified Ethical Hacker Training ]

Hash Cracking Passwords Hash-cracking communities: https://hashes.org/crackers.php Password dictionaries: https://wiki.skullsecurity.org/Passwords Kali supplies you with several wordlists and hash lists in /usr/share/. John the Ripper John the Ripper is quite old, and still an excellent tool. John can use Kali’s built-in wordlists: /usr/share/wordlists/rockyou.txt.gz etc. “How to crack passwords using john the ripper in kali linux” https://www.youtube.com/watch?v=eAn8dYdn1eY Exercises …

[ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Buffer Overflow

This entry is part 20 of 29 in the series [ Certified Ethical Hacker Training ]

Buffer Overflow Know these critical four C functions that don’t perform bounds checking, and thus are susceptible to buffer overflows: gets( ) scanf( ) strcopy( ) strcat( ) The Heap This is a loosely (dis)organized area for random storage. Memory space gets allocated and recovered automatically. The Stack This is much more organized, or constrained. …

[ Certified Ethical Hacker v10 ] :: [ Chapter 13 ] :: Pen Testing Methodology

This entry is part 25 of 29 in the series [ Certified Ethical Hacker Training ]

Methodology and Steps Vocabulary Security Assessment Security Audit Vulnerability Assessment Penetration Test External Assessment Internal Assessment Announced Testing Unannounced Testing Red Team Blue Team Purple Team Testing Automation Core Impact Pro Codenomicon Metasploit CANVAS – https://www.immunityinc.com/products/canvas/index.html Insider Threats Pure insider Insider associate (contractor) Insider affiliate (spouse, friend) Outside affiliate (not an employee, doesn’t know anyone) …

[ Certified Ethical Hacker v10 ] :: [ Chapter 10 ] :: Trojans, Backdoors, Viruses and Worms

This entry is part 18 of 29 in the series [ Certified Ethical Hacker Training ]

Chapter 10: Trojans and Other Attacks Trojans and Backdoors These aren’t really the same, they just get discussed under the same heading. Famous Trojans Neverquest Trojan (banking) ZeuS Mirai (IoT) The Simplest Backdoor of All Time Create a listener (-l) on the victim: nc -l -p 5555 Then connect to the victim by IP address …