Practical Ethical Hacking Course (Part 1)

Jul 23, 2024

Practical Ethical Hacking Course (Part 1)

Introduction

  • Instructor: Heath Adams (CEO of TCM Security)
  • Course split into two parts due to YouTube time restrictions
  • Focus on ethical hacking:
    • Network, web application, wireless, mobile, thick client hacking
    • Physical pen testing
  • Ethical hacking invites individuals from diverse backgrounds
  • Requires basic computer and networking knowledge
  • Certifications and educational resources available on TCM Security site
  • Updated course content to align with 2023 methodologies
  • TCM Security Academy offers extended materials and certifications (e.g., PMPT)

Penetration Testing Day-to-Day Workflow

  • Assessments: Various types including external, internal, web application, wireless, physical, and social engineering

Assessment Types

  • External Pen Test: Evaluating organizational security from outside; focus on OSINT and commonly dictated by compliance
  • Internal Pen Test: Security assessment from within network; heavily focused on Active Directory
  • Web Application Pen Test: Assessing security of web applications; follows OWASP guidelines
  • Wireless Pen Test: Testing organization's wireless network security; varied methodologies depending on type
  • Physical Pen Test & Social Engineering: Physical security assessments, phishing campaigns, and more

Engagement Duration

  • Typically 32-40 hours for most pen tests; varies depending on scope
  • Report writing typically adds another 8-16 hours

Reporting and Debriefing

  • Reports: High-level executive summaries and technical findings
  • Debriefs: Opportunities for clients to ask questions; technical and non-technical audiences
  • Importance of clear communication and effective presentation skills

Effective Note Taking

  • Critical for success in course and career
  • Use of applications like KeepNote, CherryTree, OneNote, Joplin
  • Organizational structure of notes and importance of screenshots
  • Installation and use of tools like KeepNote and GreenShot

Networking Refresher

  • Topics covered include IP addresses, OSI model, TCP/UDP protocols, common ports and protocols, and subnetting
  • IP Addresses:
    • IPv4 and IPv6 distinctions
    • Usage of private and public IPs through NAT
    • Common subnets for home and enterprise networks
  • Subnetting:
    • Understanding bits, masks, and host calculation
    • CIDR notation and subnet masks
    • Practical exercises in calculating subnets
  • OSI Model:
    • Layered approach (Physical to Application layers)
    • Use in troubleshooting and understanding network traffic
  • Common Ports & Protocols:
    • TCP/IP protocol suite
    • Specifics on protocols like FTP, SSH, HTTP/S, SMB, DNS, DHCP
  • Tutorials on scanning, understanding, and operating network data

Linux for Ethical Hacking

  • Virtual Machines Setup
    • Usage of VMware Workstation Player, VirtualBox
    • Installing Kali Linux and navigating the GUI and terminal

Linux Command Line Basics

  • Navigating directories, listing files, understanding permissions, using IP commands
  • File Operations: Creating, editing, and managing files using commands like nano, touch, cp, mv, rm
  • Networking Commands: ping, ifconfig, ip, arp, route
  • Service Management: Starting, stopping, enabling, and disabling services

Python for Ethical Hacking

  • Basics: Strings, math, variables, methods, Booleans, conditional statements, loops, advanced strings, lists, tuples, dictionaries
  • File I/O: Reading and writing files
  • Object-Oriented Programming: Classes and objects
  • Projects: Building a port scanner, a budget app for shoes
  • Importing Modules: Usage of sys, datetime, socket, etc.

Five Stages of Ethical Hacking

  • Overview: Reconnaissance, Scanning/Enumeration, Gaining Access, Maintaining Access, Covering Tracks
  • Importance: Methodology never changes, critical understanding for penetration testing engagements

Information Gathering & Reconnaissance

  • Types: Physical, social, web, host reconnaissance
  • Tools for Email & Username Discovery:
    • Hunter.io, Phonebook.cz, VoilaNorbert, Clearbit: Finding email patterns, discovering email addresses, verifying email existence
  • Breach Credential Hunting:
    • Usage of breach databases (e.g., Dehashed, HaveIBeenPwned)
    • Methodologies for tying usernames/email/passwords to individuals or accounts
    • Tools like breach parse for extracting credentials

Reminder: Always adhere to ethical hacking guidelines and do not attack without explicit permission.