[ Certified Ethical Hacker v10 ] :: [ Modules 1 & 2 ]

This entry is part 3 of 21 in the series [ Certified Ethical Hacker Training ]

Introductions

Short bios and description of experience

Assessment test:
https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ceh-assessment/

Study Guide: Modules 1 and 2

Module 1: Introduction to Ethical Hacking

Module 2: Stage 1 of a Hack: Footprinting / Reconnaisance

  • “Phone book” information
  • Employee names and info
  • Company/facility info
  • IP address ranges
  • Job information

Tools:

Google: Advanced Search Operators

The Google Hacking Database

Archive.org (The Wayback Machine)

Command line:

nslookup

dig

whois

p0f
https://www.youtube.com/watch?v=-QMNlkbVxmwhttps://www.youtube.com/watch?v=-QMNlkbVxmw

Nikto, Parsero

recon-ng

GUI Tools:

Netcraft

Maltego

Critical vocabulary: threat, vulnerability, attack, exploit, payload etc.

Motivations: money, status, terror, revenge, ideology, fun

Pentesting

Laws for Dread and Comfort

Footprinting/Reconnaissance

theHarvester, Metagoofil

Google, Shodan, social media, job sites

Echosec, Maltego

FOCA

THP3: Intro and Chapter 1

Pentester vs. Red Team

MITRE ATT&CK, @cyberops, PenTesters Framework (PTF)

Cobalt Strike/Armitage

PowerShell Empire, p0wnedShell, Pupy Shell, PoshC2, Merlin, Nishang

Virtual Machines

We’ll be using Kali Linux as a virtual machine. Setting up a hacking VM, updating, configuring and customizing it is a critical hacker skill.

Hackable Websites

Hackthissite.org: Take them up on this offer! A great learning site. https://www.hackthissite.org/

Root-me.org: There are challenges in several categories, and they’re quite good. There is no clear pathway through, though, so it’s up to your hackerly curiosity to explore your interests.
https://www.root-me.org/?lang=en

Shellterlabs: Work through a series of lessons to gain competencies in one area after another. The challenges are truly challenging. https://shellterlabs.com/en/

HackTheBox.eu: You’ll have to hack your way in even to use this site. Bonus: they’ll help you get pentesting gigs if you prove your skillz. https://www.hackthebox.eu/

In-Class Exercise:

Maltego: activation and configuration

First official training video (19 mins.):
https://www.youtube.com/watch?v=sP-Pl_SRQVo&list=PLC9DB3E7C258CD215

From our old friend Hackersploit (25 mins.):
https://www.youtube.com/watch?v=zemNLx0-LRw

Homework:

  1. Begin a Maltego investigation (graph) of yourself. Start with the Person object and expand outward to work information, email addresses etc. Every single particle of information you can gather about yourself, anyone else can too.While this kind of scanning is perfectly legal in many parts of the world (think about what ad agencies know about you), remember this critical hacker principal: Don’t attract unneeded attention.
  2. Take your first reading pass through Chapters 1, 2 and 3. Highlight liberally. Plan for using special markers in locations that directly discuss test topics (i.e. questions).
Series Navigation<< [ Certified Ethical Hacker v10 ] :: [ Syllabus ][ Certified Ethical Hacker v10 ] :: [ Module 3 ] >>

Leave a Reply