Ethical Hacking
Ethical Hacking
Introduction
Why Hacking
Definition: Hacking is an attempt to exploit a computer system or a private network inside a computer, unauthorised access to or control over computer network security systems illegally.
Ethical hacking: better known as “penetration testing,” involves purposeful “hacking” into a computer network by a qualified person for purposes of testing a system’s security.
Zodiac 340 Cipher, cracked after 50+ years, https://www.zodiacciphers.com/340-cipher.html
Movie Watch List
this glitch kills everyone in orgrimmar
Real life Catch Me If You Can
Threat Analysis The Bangladesh Bank Heist
STUXNET_ The Virus that Almost Started WW3
https://www.youtube.com/watch/7g0pi4J8auQ
British Airways hack
Classic Vulnerabilities
MS Blaster /MS RPC
CVE-2003-0352
Heart Bleed / OpenSSL leakage
CVE-2014-0160
Classic Vulnerabilities
Linux Kernel Priv. Escalation
CVE-2016-5195
Sudo Vulnerability
CVE-2021-3156
Classic Vulnerabilities
Eternal Blue, SMB
CVE-2017-0144
Citrix NetScaler VPN
CVE-2019-19781
Classic Vulnerabilities
Chinese Tax software (金税)
2020
SolarWinds Orient Sunburst
2020
Classic Vulnerabilities
iOS jailbreak
mac high sierra root no password login
CVE-2017-13872
Why Ethical
Hacker Hats:
SAME SKILL, DIFFERENT HATS
White Hat: ethical hackers, (blue team / red team)
Black hat: destructive, criminals
Grey hat: insider ( the greatest threat)
EH and other courses+
Will cover pre-requirements in lab 0
Fundamental
OperationSystems
Medium
Shell Programming
Advanced
ReverseEngineering
Networking
InformationSystem
Compliance
Mathematics
Programming
Ethical Hacking
SecurityMonitoring
SecurityDeveloping
PenetrationTesing
DigitalForensic
ThreatIntelligent
What did others feel about this course
変態エロh
分數?很想要吧(゚∀゚☜)
I feel GG everyday!
OH..NO
Me: Give me a GF.
God: No way.
Me: Help me pass this quiz then.
God: What is your previous wish?
:,(
Some examples
УЕРШСФД РФСЛШТП
What is the meaning of text above ?
IP Header was corrupted, Can you repair it and recover the destination IP ?
VV3lc30m3 7o 7|-|3 |-|311
Understand your limit
Set your goal
You choose the path
Hacker
You
End user
Course Info
OS
Windows / Linux
Process / Privilege Rings
Permissions / Owners
OSI Model
TCP/IP
Application
HTTP/S
Methods, Headers
TLS Handshake
Encoding
Base64, UTF, URL, GZip
Data format
Header, Magic Number
XML, JSON
DOCX
Metadata
EXIF, Email Header, HTTP Header
iNode, MFT
Course Info
[L] = with lab [M] = with Demo
Attack framework
Cyber Kill-chain
ATT&CK framework
CVE (e.g CVE-2016-5195)
Cryptography
Symmetric
Block Cipher: DES, AES
Stream Cipher
Asymmetric [LM]
RSA
Cryptography hashing [LM]
MD5, SHA1, SHA256, SALT
Crypto analysis [LM]
Steganography [LM]
Information Gathering
Passive (google, DNS, archive) [LM]
Active (Port / service scanning) [LM]
Password cracking
Brute force [LM]
Dictionary [LM]
Rainbow table [M]
Denial of Service
Local network [M]
SYN / Application [LM]
Reflection attack [M]
Course Info
Privilege escalation
Exploitation [LM]
Mis-configuration [LM]
Persistency
Windows – autorun / service [LM]
Linux – cron / service [M]
Web Attacks
XSS [LM]
SQLi [LM]
CSRF [LM]
Wireless
Radio and spectrum
Protocol handshake [M]
SIEM and log analysis
Common log format [LM]
Pen-testing
Pen-testing lifecycle
Report
CTF
Jeopardy / attack-defense
Exercise [LM]
Score
Attendance – 0%
5+ Lab exercise – 20%
(Bonus for lab – 10%)
Take home assignment – 20%
In-class CTF / 2nd assignment – 20%
(Bonus for assignment/CTF combined – 10%)
Final exam ( written exam / 24 hours hack lab ) –40%
Total possible Score > 100%
100% Hand-on
Lab 0
Linux Fundamental
https://overthewire.org/wargames/bandit/
The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. If you notice something essential is missing or have ideas for new levels, please let us know!
Tryhackme.com ( need to register a free account)
https://tryhackme.com/room/linux1
Networking fundamental
https://tryhackme.com/room/introtonetworking
The aim of this room is to provide a beginner’s introduction to the basic principles of networking
The topics that we’re going to cover in this room are:
Cryptography
https://tryhackme.com/room/encryptioncrypto101
This room will cover:
The OSI Model
The TCP/IP Model
How these models look in practice
An introduction to basic networking tools
Why cryptography matters for security and CTFs
The two main classes of cryptography and their uses
RSA, and some of the uses of RSA
2 methods of Key Exchange
Your lab setup – VM
Your Host Hardware, minimum
Intel i3
4GB RAM
50GB hard disk space
VirtualBox
https://www.virtualbox.org/
Kali Linux
https://www.kali.org/downloads/
Docker (if you like)
https://www.docker.com/
Your lab setup – Tools for your desktop
OpenVPN Client
https://tryhackme.com/room/openvpn
Wireshark
PCAP analysis
https://www.wireshark.org/
Burp Suite Community
Web intercept
https://portswigger.net/burp/communitydownload
https://www.youtube.com./watch?v=G3hpAeoZ4ek (configuration)
Cyber Chef
https://gchq.github.io/CyberChef/
Flexible text and data processing tools
Your lab setup – Tools for your desktop
Text Processing (any one)
NotePad++ (Windows only)
https://notepad-plus-plus.org/downloads/
Subline Text
https://www.sublimetext.com
Archive Manager (any one)
7z (windows only)
https://www.7-zip.org/download.html
Keka (Mac only)
https://www.keka.io/
7zip (Linux dist.)
Your lab setup – VPN (OPTIONAL)
OpenVPN Server
https://www.youtube.com./watch?v=w39P3k6XyNA
Choose your cloud provider (any one, one year trial / credit)
AWS https://aws.amazon.com/education/awseducate/
GCP https://edu.google.com/products/google-cloud/
Azure https://azure.microsoft.com/en-us/free/students/
BYOD
/docProps/thumbnail.jpeg