Essential Notes on Ethical Hacking Course

Aug 29, 2024

Practical Ethical Hacking Course Notes

Introduction

  • Instructor: Heath Adams (CEO of TCM Security)
  • Course Duration: 15 hours (split into two parts on YouTube due to video length restrictions)

Who is Heath Adams?

  • CEO of TCM Security, a cybersecurity consulting firm and educational institution.
  • Focus on ethical hacking (finding vulnerabilities before malicious hackers do).
  • Background: Former accountant with diverse background in ethical hacking.

Course Structure & Content

  • The course is based on a previous 12-hour course with updated content for 2023.
  • Course content includes:
    • Kali Linux
    • Python
    • Pen testing methodologies
    • Active Directory, web app pen testing, etc.
  • Course leads to the PMPT certification (Practical Network Penetration Testing).

Day in the Life of an Ethical Hacker

  • Daily tasks may include:
    • Performing assessments
    • Writing reports
    • Providing debriefs to clients.

Types of Assessments

  1. External Network Pen Test

    • Assess security from outside the organization.
    • Focus on open-source intelligence gathering (OSINT).
    • Average duration: 32-40 hours + report writing.

  2. Internal Network Pen Test

    • Assess security from inside the network.
    • Usually involves Active Directory.
    • Average duration: 32-40 hours + report writing.

  3. Web Application Pen Test

    • Assess the security of web applications.
    • Average duration: 32-40 hours + report writing.

  4. Wireless Network Pen Test

    • Assess security of wireless networks.
    • Duration: 4-8 hours + report writing.

  5. Physical Pen Testing/Social Engineering Assessments

    • Assess physical security (e.g., badge cloning, social engineering).
    • Duration: 16-40 hours + report writing.

Other Specialized Assessments

  • Mobile penetration testing, IoT testing, red team engagements, purple team exercises.

Report Writing & Debriefs

  • Importance of clear communication in reports for both technical and non-technical audiences.
  • Reports typically include:
    • Executive summary for non-technical stakeholders.
    • Technical findings for security engineers.
  • Debriefs provide an opportunity for clients to ask questions regarding findings.

Effective Note Keeping

  • Importance of taking good notes throughout the course.
  • Suggested tools for note-taking:
    • KeepNote
    • CherryTree
    • OneNote
    • Joplin

Networking Refresher

  • Topics covered include:
    • IP Addresses (IPv4 and IPv6)
    • OSI Model
    • Subnetting
    • Common Ports and Protocols (e.g., FTP, HTTP, SMB)

Python Basics

  • Python is essential for scripting and automation in ethical hacking.
  • Topics covered in Python:
    • Strings, math functions, conditional statements, loops, lists, tuples, dictionaries, imports, and reading/writing files.

Information Gathering Techniques

  • Passive OSINT techniques to identify targets and gather information.
  • Tools include:
    • Hunter.io
    • Phonebook.cz
    • VoilaNorbert
    • Clearbit Connect

Breach Credential Hunting

  • Using tools like Dhash to search for compromised credentials.
  • Understanding data breaches and how they can be leveraged in ethical hacking.

Final Project: Shoe Budget App

  • Building a Python application to manage a shoe budget using OOP concepts.
  • Application checks for eligibility, price calculations, and user input handling.

Conclusion

  • Emphasis on ethical application of the skills learned.
  • Reminder to only use knowledge for ethical hacking purposes.