[ Certified Ethical Hacker v10 ] :: [ Modules 1 & 2 ]

This entry is part 3 of 21 in the series [ Certified Ethical Hacker Training ]


Short bios and description of experience

Assessment test:

Study Guide: Modules 1 and 2

Module 1: Introduction to Ethical Hacking

Module 2: Stage 1 of a Hack: Footprinting / Reconnaisance

  • “Phone book” information
  • Employee names and info
  • Company/facility info
  • IP address ranges
  • Job information


Google: Advanced Search Operators

The Google Hacking Database

Archive.org (The Wayback Machine)

Command line:





Nikto, Parsero


GUI Tools:



Critical vocabulary: threat, vulnerability, attack, exploit, payload etc.

Motivations: money, status, terror, revenge, ideology, fun


Laws for Dread and Comfort


theHarvester, Metagoofil

Google, Shodan, social media, job sites

Echosec, Maltego


THP3: Intro and Chapter 1

Pentester vs. Red Team

MITRE ATT&CK, @cyberops, PenTesters Framework (PTF)

Cobalt Strike/Armitage

PowerShell Empire, p0wnedShell, Pupy Shell, PoshC2, Merlin, Nishang

Virtual Machines

We’ll be using Kali Linux as a virtual machine. Setting up a hacking VM, updating, configuring and customizing it is a critical hacker skill.

Hackable Websites

Hackthissite.org: Take them up on this offer! A great learning site. https://www.hackthissite.org/

Root-me.org: There are challenges in several categories, and they’re quite good. There is no clear pathway through, though, so it’s up to your hackerly curiosity to explore your interests.

Shellterlabs: Work through a series of lessons to gain competencies in one area after another. The challenges are truly challenging. https://shellterlabs.com/en/

HackTheBox.eu: You’ll have to hack your way in even to use this site. Bonus: they’ll help you get pentesting gigs if you prove your skillz. https://www.hackthebox.eu/

In-Class Exercise:

Maltego: activation and configuration

First official training video (19 mins.):

From our old friend Hackersploit (25 mins.):


  1. Begin a Maltego investigation (graph) of yourself. Start with the Person object and expand outward to work information, email addresses etc. Every single particle of information you can gather about yourself, anyone else can too.While this kind of scanning is perfectly legal in many parts of the world (think about what ad agencies know about you), remember this critical hacker principal: Don’t attract unneeded attention.
  2. Take your first reading pass through Chapters 1, 2 and 3. Highlight liberally. Plan for using special markers in locations that directly discuss test topics (i.e. questions).
Series Navigation<< [ Certified Ethical Hacker v10 ] :: [ Syllabus ][ Certified Ethical Hacker v10 ] :: [ Module 3 ] >>

Leave a Reply