Practical Ethical Hacking Course with Heath Adams

Overview

• Instructor: Heath Adams, CEO of TCM Security
• Duration: 15-hour course split into two parts (due to YouTube's 12-hour video rule)
• Format: First half on YouTube, second half linked in the description
• Focus: Ethical hacking methodologies, tools, and practical exercises

Introduction

• Ethical hacking: Companies hire to find vulnerabilities before malicious actors do
• Penetration Testing: Evaluating security by attempting to exploit vulnerabilities
• Types of Hacking Covered: Network, web application, wireless, mobile application, thick client applications, physical pen testing

Course Outline

• 15-hour Course: Content divided into modules; updated from 12-hour previous edition with new methodologies and tools for 2023
• TCM Academy: 25-hour extension available; discusses more advanced topics like Active Directory, post-exploitation, web app pen testing
• PMPT Certification: Practical Network Penetration Testing certification, job-ready skills for field

Day-to-Day of an Ethical Hacker

• Activities: Performing assessments, writing reports, delivering debriefs
• Assessment Types: External network pen test, internal network pen test, web application pen test, wireless pen test, physical pen test, social engineering

Types of Assessments

External Network Pen Test

• Most common entry-level assessment
• Focus: Open source intelligence, identifying vulnerabilities, login panels, users
• External Bots: Constant scanning; vulnerabilities often found
• Duration: 32-40 hours on average

Internal Network Pen Test

• Simulates an internal threat
• Focus: Active Directory attacks
• Methodology: Focus on internal networks and user data
• Duration: 32-40 hours

Web Application Pen Test

• High demand due to numerous web applications
• Focus: Web-based attacks using OWASP guidelines
• Duration: 32-40 hours

Wireless Pen Test

• Assessing wireless network security
• Tools: Wireless network adapters ($30-$50)
• Duration: 4-8 hours per SSID

Physical Pen Test & Social Engineering

• Assessing physical security
• Social Engineering: Phishing or smishing campaigns
• Duration: Variable, 16-40 hours or more

Specialized Assessments

• Mobile Pen Testing: Testing on iOS/Android
• IoT Pen Testing: Internet of Things devices
• Red Team Engagements: Complex attacks over extended periods
• Purple Team Engagements: Collaboration between offensive and defensive teams

Reporting and Debriefing

• Reports: High-level and technical findings, clear remediation steps
• Debriefing: Presenting findings to technical and non-technical audiences
• Process: Important for transparency and client understanding

Note Taking & Tools

• Importance: Effective note-keeping essential for learning and assessments
• Tools: Keep Note, Cherry Tree, OneNote, Joplin
• Screenshot Tool: Greenshot for capturing evidence and creating reports

Virtual Machines for Labs

• Software: VMware Workstation Player, Oracle VirtualBox
• Setup: Linux, Kali Linux installation walkthrough
• Usage: Running multiple VMs for comprehensive pen testing labs

Kali Linux: Overview and Navigation

• Purpose: Preloaded with penetration testing tools
• Navigation: Command-line interface for majority of tasks
• Root Access & Sudo: Importance of running commands with elevated privileges

Basic Linux Commands & Networking

Commands

• Navigation: cd, pwd, ls, mkdir, rmdir
• File Operations: cp, mv, rm
• Permissions: chmod, chown
• Scripting: Bash scripting basics for automation

Networking

• IP Configuration: ifconfig, ip a
• Routing Table: ip route, route -n
• Network Scanning: Ping, ARP commands

Ethical Hacking Process

Five Stages of Ethical Hacking

1. Reconnaissance: Information gathering (active and passive)
2. Scanning & Enumeration: Active scanning using tools (nmap, Nessus)
3. Gaining Access: Exploitation of vulnerabilities
4. Maintaining Access: Ensuring persistent access
5. Covering Tracks: Deleting logs and evidence

Specific Focus

• Reconnaissance: Gathering email addresses using tools (Hunter.io, phonebook.cz)
• Breaches: Utilizing breach databases (Dhashed, Have I Been Pwned)
• Tool Usage: Practical demonstration of techniques

Conclusion and Next Steps

• Follow-Up: Link to part two for continued learning
• Recommendations: Acknowledge changes in tools and methods, adaptive learning

Final Notes

• Priority: Legal and ethical boundaries must be respected at all times
• Certifications and Continuous Learning: Importance of career development and credentialing