Cybersecurity & Ethical Hacking: Mastering the Basics

Overview of what the course has to offer for exam preppers.

A short video overview of what the expectations are for creating your lab environment using VirtualBox.

In this short lab, you will learn how to create a windows 10 Pro target machine needed for this course.

In this lab, you will learn how to import Metasploitable2 into VirtualBox. Metasploitable2 is an intentionally vulnerable Linux virtual machine.  This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.

Metasploitable3 is an intentionally vulnerable VM of Windows 2008 Server. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.

In this short lab, you will learn how to create a virtual install of the OWASP Web Application Project

In this short PowerPoint presentation, you will learn about the importance of scoping an engagement.

Regardless of which cybersecurity exam, exam vendor, or certification path you choose, you will be expected to know what documents are required before, during, and after a pentest. For exam purposes, you will need to understand the purpose of the Statement of Work document, why it is important, and what should be included in the document. You are also expected to know the difference between a Statement of Work and the Rules of Engagement.

Regardless of which cybersecurity exam, exam vendor, or certification path you choose, you will be expected to know what documents are required before, during, and after a pentest. For exam purposes, you will need to understand the purpose of the Rules of Engagement, why it is important, and what should be included in the document.

You are also expected to know the difference between a Statement of Work and the Rules of Engagement.

Two additional documents pentesters need to be familiar with are the Master Service Agreement and the Nondisclosure Agreement (NDA). 

Regardless of the cyber security exam or the exam vendor, documentation and reporting will be one of the required domains of knowledge. In addition, you can expect to be asked questions about the different sections of the Pentesting Final Report.

A high-level overview of the MITRE ATT&CK framework.

A high-level overview of the NIST Penetration Testing Framework and Standard.

A high-level overview of the Penetration Testing Execution Standard (PTES) framework.

In this first lab, students will use Nmap to investigate their network and identify potential targets. In this lab, students will be introduced to network discovery using Nmap, and becoming familiar the using CLI in Linux.

Regardless of which cyber security exam you are preparing for, you can expect plenty of questions regarding Nmap switches. You will need to know which switch(s) to use to perform a specific scan, and you will need to be able to identify the type of scan used to generate a particular Nmap output. Lastly, from the Nmap output, you will need to identify the vulnerability shown in the Nmap results.

Regardless of your cyber security exam or vendor, you will be expected to know how to perform service and version detection using Nmap.

Regardless of your cyber security exam or vendor, you will be expected to know how to perform a host discovery using Nmap.

The Nmap scripting engine is one of Nmap's most powerful and, at the same time, most flexible features. It allows users to write their own scripts and share these scripts with other users for the purposes of networking, reconnaissance, etc. These scripts can be used for:

•  Network discovery

• More sophisticated and accurate OS version detection

• Vulnerability detection

• Backdoor detection

• Vulnerability exploitation

In this lab, you will look at the scripts that have been shared and are built into Kali and will examine how to use them to do thorough recon on our target, to increase the possibility of success, and reduce the possibilities of frustration.

Regardless of your exam vendor for your next cyber security exam, you may be asked to analyze the output of an NMap scan. You may be asked to reconstruct the NMap command that generated the output and finally, you may be asked to determine from the output the best attack vector.

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans, and a powerful internal programming language to implement any vulnerability test.

The scanner obtains the tests for detecting vulnerabilities from a feed with a long history and daily updates.

In this lab, you will learn about banner grabbing. Banner grabbing is a technique used to gather information about running services on a computer system.

In this lesson, you will learn how to perform an automated enumeration of a vulnerable Windows 10 target using WinPeas looking for ways to elevate privileges.

This lab provided hands-on experience with a key tool in cybersecurity, enhancing students' practical skills in digital reconnaissance and data analysis.

In this short lab, you will learn how to use Metasploitable to create a persistent connection with a Windows 10 Pro machine.

In this short lab, you will learn how to use Metasploitable to create a persistent connection with a Windows 10 Pro machine.

In this short lab, you will learn how to Launch a graphic console window Using SSH and XTERM.

In this lab, we will learn how to perform privilege escalation on a Microsoft Windows machine using the Metasploit UAC bypass module.

Unquoted Path or Unquoted Service Path is reported as a critical vulnerability in Windows. This vulnerability allows attackers to escalate their privileges using the NT AUTHORITY/SYSTEM account.

The following command can be used to verify the presence of an Unquoted Service path vulnerability.

wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:Windows\" | findstr /i /v """

A service whose service executable path contains spaces and is not wrapped within quotes can lead to a vulnerability known as Unquoted Service Path. This vulnerability allows a normal user to gain administrative access to the machine by performing privilege escalation using the local system account, which is needed to launch the service executable.

Overview of OWASP Top 10 Web Application Vulnerabilities

Hping3 is a terminal application for Linux that will allow us to analyze and assemble TCP/IP packets quickly. Unlike a conventional ping used to send ICMP packets, hping3 allows the sending of TCP, UDP, and RAW-IP packets.

The purpose of reconnaissance is to collect as much information about a target network as possible. From a hacker’s perspective, the information gathered is very helpful when preparing for an attack. A penetration tester tries to find the information and to patch the vulnerabilities if found. This is also called Footprinting

OSWAP ZAP is an open-source, free tool used to perform penetration tests. The main goal of Zap is to allow easy penetration testing to find the vulnerabilities in web applications.

In this short lab, you will learn how to setup BurpSuite using a virtual install of Kali Linux. Burp or Burp Suite is a set of tools used for penetration testing of web applications.

Wafwoof is a free and open-source tool that can identify whether the firewall is present on a website or not.

SQLmap is an open-source penetration test tool that automates the process of detecting and exploiting weaknesses in SQL injection (SQLi) and taking over the server database.

In this lab, you will learn how to exploit a vulnerable web application using command injection. Command injection is also known as OS Command injection, is an attack technique used to execute commands on a host operating system via a vulnerable web application.

In this lab, we exploit the HTTP PUT method using Metasploitable3 as are target machine. If the HTTP PUT method is enabled on the webserver it can be used to upload a specified resource to the target machine, such as a web shell. We will also look at how to determine if the HTTP PUT method is enabled.

Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims to be the most straightforward kind of method to gain access to a site: it repeatedly tries usernames and passwords until it gets in. Often deemed ‘inelegant,’ they can be very successful when people use passwords like ‘123456’ and usernames like ‘admin.’

In this short lab, you will learn how to compile exploit code that will escalate privileges on a Linux target.

In this short lab, you will learn how to prepare a Windows 7 OVA file for your virtual lab environment and the next lab.