Practical Ethical Hacking Course Notes (Part 1)

Jul 20, 2024

Practical Ethical Hacking Course Notes (Part 1)

Instructor Introduction

  • Instructor: Heath Adams, CEO of TCM Security
  • Course split into two parts due to YouTube's 12-hour limit
  • Focus on ethical hacking: finding vulnerabilities in companies before malicious actors do
  • No specific IT background needed, just basic computer and networking knowledge
  • Connect on social media: LinkedIn, Twitter, YouTube
  • Course also links to a 25-hour program on TCM Security Academy
  • Leads to Practical Network Penetration Testing Certification (PNPT)

Ethical Hacking Overview

  • Ethical hacking involves various types of hacking (network, web applications, wireless, physical access)
  • Examples of professional shifts into ethical hacking from non-IT backgrounds
  • Compliance and certification: many firms require annual external network pen test compliant
  • Common penetration testing types: external network, internal network, web applications, wireless
  • Reporting and debriefing process explained: essential for engagement wrap-up

Day in the Life of a Pen Tester

  • Tasks can include assessments, report writing, and debriefing
  • Different types of assessments: external network pen test, internal network pen test, web application pen test, wireless network pen test
  • Methodologies focus heavily on active directory for internal tests

Types of Hacking Assessments

External Network Pen Test

  • Focus: security from the outside
  • Relies on open-source intelligence gathering (OSINT)
  • Common for compliance and cheaper to perform
  • Encompasses identifying vulnerabilities exploitable from outside

Internal Network Pen Test

  • Focus: security from inside the network after perimeter breach
  • Often involves sending a laptop to the client for remote access
  • Emphasis on active directory attacks

Web Application Pen Test

  • Second most common, focusing on web-based attacks and OWASP testing guidelines
  • Involves comprehensive checklist of potential vulnerabilities

Wireless Pen Test

  • Methods vary based on wireless network type (guest networks, pre-share key, enterprise-based)
  • Simple and often where people start learning about hacking

Physical Pen Test and Social Engineering

  • Involves breaking into buildings, social engineering tactics
  • Commonly used methodologies include phishing campaigns, wearable cameras for training purposes, etc.

Assessment Reporting and Presentation

  • Combination of technical abilities, report writing, and presentation skills is critical
  • Report writing is typically done within a week after engagement, includes an executive summary and technical findings
  • Debriefing involves explaining findings to technical and non-technical audiences, offering a chance for questions

Note-Keeping for Pen Testers

  • Importance of good note-keeping for both personal use and client assessments
  • Organizational tools mentioned: KeepNote, CherryTree, OneNote, Joplin
  • Demonstrated example notebooks and layouts
  • Installation of KeepNote and GreenShot for effective note-keeping and screenshot capture

Networking Refresher

IP Addresses

  • IPv4 vs. IPv6 differences, importance of IP addresses in networking
  • NAT and private IP address space (NAT, DHCP, etc.) explained

MAC Addresses

  • Layer 2 network communication, importance of MAC addresses

TCP vs. UDP

  • TCP: connection-oriented protocol used for reliable communications (examples: HTTP, HTTPS)
  • UDP: connectionless protocol used for less reliable communications (examples: DNS, streaming services)
  • Explanation of the TCP 3-way handshake (SYN, SYN-ACK, ACK)

Common Ports and Protocols

  • List of typical ports and services (FTP, SSH, DNS, HTTP, HTTPS, etc.)

OSI Model

  • Seven layers explained: Physical, Data Link, Network, Transport, Session, Presentation, Application
  • Mnemonic: “Please Do Not Throw Sausage Pizza Away” help remember the layers
  • Importance for troubleshooting in networking

Subnetting

  • Explanation and example calculations for subnet masks, hosts in subnets, network and broadcast addresses
  • Common subnet masks for small and large networks (e.g., /24, /16)
  • Practice subnets: identification and calculation through examples

Virtual Machines and Lab Setup

  • Explanation of virtualization and daily usage among pen testers
  • Setup instructions for VMware Workstation, installation details for Kali Linux
  • Importance of choosing virtual networks carefully

Building a Lab

  • Creating a notebook, GreenShot installation, configuration details

Note-Keeping Tools Setup

  • Installing and using KeepNote and GreenShot for effective note management

Networking Fundamentals

Refreshers on vital topics like TCP/IP, OSI Model, subnetting

Practical Ethical Hacking Labs

Networking and Command Line Proficiency

  • Overview of basic commands: navigating directories, managing files, launching and managing services

Reconnaissance and Information Gathering

  • Ethical emphasis: use techniques only for legal purposes
  • Five stages of ethical hacking: reconnaissance, scanning and enumeration, gaining access, maintaining access, covering tracks
  • Detailed methodologies and tools for passive reconnaissance
  • Exercises for finding email addresses, utilizing Google techniques, breach data exploration

Full transcript