Cybersecurity & Ethical Hacking: Mastering the Basics

A short video overview of what the expectations are for creating your lab environment using VirtualBox.

In this lab, you will learn how to import Metasploitable2 into VirtualBox. Metasploitable2 is an intentionally vulnerable Linux virtual machine.  This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.

In this lesson, you will learn how to create an automated Windows 10 virtual machine installation using VirtualBox and a scripted build process. This automated setup helps you build a clean, repeatable Windows 10 target system that can be reused across cybersecurity, vulnerability testing, and DFIR labs. By the end of this lesson, you will have a working Windows 10 VM ready for the next stage of lab configuration.

In this lesson, you will learn how to transfer the PowerShell-Lab folder from your host computer to the Windows 10 target VM. The PowerShell-Lab folder contains the scripts used throughout the course to configure, validate, and prepare the target machine for cybersecurity and DFIR exercises. By the end of this lesson, the folder will be successfully copied to the Windows 10 desktop and ready for use in future labs.

In this lesson, you will learn how to transform your clean Windows 10 lab machine into a vulnerable target using the PowerShell-Lab scripts. These scripts apply a series of controlled security misconfigurations that will be used throughout the course for vulnerability assessments, digital forensics investigations, and cybersecurity exercises. By the end of this lesson, your Windows 10 VM will be ready for the hands-on labs that follow.

In this lesson, you will learn how to automate the installation and configuration of Metasploitable3 (Windows Server 2008) using Packer, Vagrant, and VirtualBox. Rather than manually installing the operating system and vulnerable services, you will use an automated build process to create a repeatable lab environment suitable for penetration testing, vulnerability assessments, and cybersecurity training. By the end of this lesson, you will have a fully functional Metasploitable3 Windows Server 2008 virtual machine ready for use in the hands-on labs that follow.

In this short lab, you will learn how to create a virtual install of the OWASP Web Application Project

In this short PowerPoint presentation, you will learn about the importance of scoping an engagement.

Regardless of which cybersecurity exam, exam vendor, or certification path you choose, you will be expected to know what documents are required before, during, and after a pentest. For exam purposes, you will need to understand the purpose of the Statement of Work document, why it is important, and what should be included in the document. You are also expected to know the difference between a Statement of Work and the Rules of Engagement.

Regardless of which cybersecurity exam, exam vendor, or certification path you choose, you will be expected to know what documents are required before, during, and after a pentest. For exam purposes, you will need to understand the purpose of the Rules of Engagement, why it is important, and what should be included in the document.

You are also expected to know the difference between a Statement of Work and the Rules of Engagement.

Two additional documents pentesters need to be familiar with are the Master Service Agreement and the Nondisclosure Agreement (NDA). 

Regardless of the cyber security exam or the exam vendor, documentation and reporting will be one of the required domains of knowledge. In addition, you can expect to be asked questions about the different sections of the Pentesting Final Report.

A high-level overview of the MITRE ATT&CK framework.

A high-level overview of the NIST Penetration Testing Framework and Standard.

A high-level overview of the Penetration Testing Execution Standard (PTES) framework.

In this first lab, students will use Nmap to investigate their network and identify potential targets. In this lab, students will be introduced to network discovery using Nmap, and becoming familiar the using CLI in Linux.

Regardless of which cyber security exam you are preparing for, you can expect plenty of questions regarding Nmap switches. You will need to know which switch(s) to use to perform a specific scan, and you will need to be able to identify the type of scan used to generate a particular Nmap output. Lastly, from the Nmap output, you will need to identify the vulnerability shown in the Nmap results.

Regardless of your cyber security exam or vendor, you will be expected to know how to perform service and version detection using Nmap.

Regardless of your cyber security exam or vendor, you will be expected to know how to perform a host discovery using Nmap.

The Nmap scripting engine is one of Nmap's most powerful and, at the same time, most flexible features. It allows users to write their own scripts and share these scripts with other users for the purposes of networking, reconnaissance, etc. These scripts can be used for:

•  Network discovery

• More sophisticated and accurate OS version detection

• Vulnerability detection

• Backdoor detection

• Vulnerability exploitation

In this lab, you will look at the scripts that have been shared and are built into Kali and will examine how to use them to do thorough recon on our target, to increase the possibility of success, and reduce the possibilities of frustration.

Regardless of your exam vendor for your next cyber security exam, you may be asked to analyze the output of an NMap scan. You may be asked to reconstruct the NMap command that generated the output and finally, you may be asked to determine from the output the best attack vector.

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans, and a powerful internal programming language to implement any vulnerability test.

The scanner obtains the tests for detecting vulnerabilities from a feed with a long history and daily updates.

In this lab, you will learn about banner grabbing. Banner grabbing is a technique used to gather information about running services on a computer system.

In this lesson, you will learn how to perform an automated enumeration of a vulnerable Windows 10 target using WinPeas looking for ways to elevate privileges.

This lab provided hands-on experience with a key tool in cybersecurity, enhancing students' practical skills in digital reconnaissance and data analysis.

In this short lab, you will learn how to use Metasploitable to create a persistent connection with a Windows 10 Pro machine.

In this short lab, you will learn how to use Metasploitable to create a persistent connection with a Windows 10 Pro machine.

In this short lab, you will learn how to Launch a graphic console window Using SSH and XTERM.

In this lab, we will learn how to perform privilege escalation on a Microsoft Windows machine using the Metasploit UAC bypass module.

Unquoted Path or Unquoted Service Path is reported as a critical vulnerability in Windows. This vulnerability allows attackers to escalate their privileges using the NT AUTHORITY/SYSTEM account.

The following command can be used to verify the presence of an Unquoted Service path vulnerability.

wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """

A service whose service executable path contains spaces and is not wrapped within quotes can lead to a vulnerability known as Unquoted Service Path. This vulnerability allows a normal user to gain administrative access to the machine by performing privilege escalation using the local system account, which is needed to launch the service executable.

Overview of OWASP Top 10 Web Application Vulnerabilities

Hping3 is a terminal application for Linux that will allow us to analyze and assemble TCP/IP packets quickly. Unlike a conventional ping used to send ICMP packets, hping3 allows the sending of TCP, UDP, and RAW-IP packets.

The purpose of reconnaissance is to collect as much information about a target network as possible. From a hacker’s perspective, the information gathered is very helpful when preparing for an attack. A penetration tester tries to find the information and to patch the vulnerabilities if found. This is also called Footprinting

OSWAP ZAP is an open-source, free tool used to perform penetration tests. The main goal of Zap is to allow easy penetration testing to find the vulnerabilities in web applications.