Introductions

Short bios and description of experience

Assessment test:
https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ceh-assessment/

DURING THE COVID-19 RESPONSE:

Free and discounted materials from EC-Council:

https://www.eccouncil.org/free-cybersecurity-resources/

30 days of free access to Code Red courses:

https://codered.eccouncil.org/

DON’T BUY YOUR TEST VOUCHERS ONLINE. BUY THEM LOCALLY:

Vickie Eha
505-910-4173
vickie dot eha at eccouncil.org

Study Guide: Modules 1 and 2

Module 1: Introduction to Ethical Hacking

Module 2: Stage 1 of a Hack: Footprinting / Reconnaissance

• “Phone book” information
• Employee names and info
• Company/facility info
• IP address ranges
• Job information

 

Tools:

Google Dorking / Google Hacking

Advanced Search Operators

https://duckduckgo.com/?q=google+advanced+search+operators&t=ffsb&ia=web

http://www.googleguide.com/advanced_operators_reference.html

The Google Hacking Database

https://www.exploit-db.com/google-hacking-database/

Archive.org (The Wayback Machine)

A good history and examples of usage on multiple search engines:

https://exposingtheinvisible.org/guides/google-dorking/

Use StartPage to confidentially query Google for you:

https://www.startpage.com/

Let the Google Hacking Database do the work for you:

https://www.exploit-db.com/google-hacking-database

.And if you like your information in video form:

Command line:

nslookup

dig

whois

p0f
https://www.youtube.com/watch?v=-QMNlkbVxmwhttps://www.youtube.com/watch?v=-QMNlkbVxmw

Nikto, Parsero

recon-ng

 

GUI Tools:

Netcraft

Maltego

 

Critical vocabulary: threat, vulnerability, attack, exploit, payload etc.

Motivations: money, status, terror, revenge, ideology, fun

Pentesting

Laws for Dread and Comfort

Footprinting/Reconnaissance

theHarvester, Metagoofil

Google, Shodan, social media, job sites

Echosec, Maltego

FOCA

THP3: Intro and Chapter 1

Pentester vs. Red Team

MITRE ATT&CK, @cyberops, PenTesters Framework (PTF)

Cobalt Strike/Armitage

PowerShell Empire, p0wnedShell, Pupy Shell, PoshC2, Merlin, Nishang

Virtual Machines

We’ll be using Kali Linux as a virtual machine. Setting up a hacking VM, updating, configuring and customizing it is a critical hacker skill.

Hackable Websites

Hackthissite.org: Take them up on this offer! A great learning site. https://www.hackthissite.org/

Root-me.org: There are challenges in several categories, and they’re quite good. There is no clear pathway through, though, so it’s up to your hackerly curiosity to explore your interests.
https://www.root-me.org/?lang=en

TryHackMe.com: This site offers much more direct guidance than most hacking-practice sites. Set up an account and start exploring the Rooms.
https://tryhackme.com/

HackTheBox.eu: You’ll have to hack your way in even to use this site. Bonus: they’ll help you get pentesting gigs if you prove your skillz. https://www.hackthebox.eu/

In-Class Exercise:

Maltego: activation and configuration

First official training video (19 mins.):
https://www.youtube.com/watch?v=sP-Pl_SRQVo&list=PLC9DB3E7C258CD215

From our old friend Hackersploit (25 mins.):
https://www.youtube.com/watch?v=zemNLx0-LRw

Homework:

1. Begin a Maltego investigation (graph) of yourself. Start with the Person object and expand outward to work information, email addresses etc. Every single particle of information you can gather about yourself, anyone else can too.While this kind of scanning is perfectly legal in many parts of the world (think about what ad agencies know about you), remember this critical hacker principal: Don’t attract unneeded attention.
2. Take your first reading pass through Chapters 1, 2 and 3. Highlight liberally. Plan for using special markers in locations that directly discuss test topics (i.e. questions).
3. Set up a Discord account, and email me your Discord ID (this includes both your user name and the numbers), and I will set you up on the Discord server.

 

Series Navigation

<< [ Certified Ethical Hacker v10 ] :: [ Syllabus ][ Certified Ethical Hacker v10 ] :: [ Chapter 3 ] :: Scanning >>