Learn Ethical Hacking & Penetration Testing

We will open this module on information gathering with a look at a very fun tool called Maltego. This program is graphical and easy to use once you get the hang of it. It comes already installed on most versions of Kali Linux, so the setup is very minimal.

Maltego is one of many open source intelligence (OSINT) tools that we will be covering in this section. Students who master it will find that they can conduct basic detective work and reconnaissance against any target, be it a person or institution. Maltego will collect all relevant open source information about the desired subject and display how each item interconnects. It is then possible to run searches against related items to acquire even more information, generating an easy-to-follow road map.

Recon-NG is a powerful reconnaissance tool similar in nature to Maltego. Written entirely in the Python coding language, it contains powerful modules which facilitate the collection of open source information from multiple services across the internet.

Unlike Matego, this tool is entirely text based. It will serve as the students first introduction to conducting complex activities through the terminal window alone, with minimal graphical interfaces.

Recon-NG has been intentionally designed to mimic the command structure of the Metasploit framework, which will be covered later in this class. Mastering this application will give the student a powerful tool for the information gather stage of any penetration test. It will also provide a firm structural foundation for handling the command interfaces discussed in Module 7 – Metasploit.

A very old tool written in the C programming language. Dmitry is short for Deep Magic Information Gathering Tool, and is in fact quite dated. It has come packaged with Kali Linux, as well as several other penetration testing distributions, for a great many years now. While not as powerful as some other tools, it is considered a classic in some circles and is therefore included in this module.

Unlike the highly structured tools of the prior two lectures, Dmitry uses simple terminal based commands and provides the student with their first experience of using text-based switches.

Sparta is a network infrastructure penetration testing tool. It serves as a kind of “Swiss army knife” of a program, containing many of the tools used for both reconnaissance and breaking into a system. It is an ideal tool for the scanning and enumeration phase of any pentest.

The graphical user interface allows students to become acquainted with many of these tools in a way that is more approachable than using them in the terminal only. The most important of these tools will be covered later in dedicated lectures. Here the student can see them in action and play around with them a bit.

This will also be the first tool presented with actual “hacking” applications, offering the student a taste of what is to come and allowing them to get their feet wet with many of the concepts that will be used later in this class.

Nmap is short for Network Mapper. A free and open source utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on a network, what services those hosts are offering, what operating systems they are running, what type of packet filters or firewalls are in operations, as well as many other target characteristics.

This tool is utilized to a greater or lesser degree by many other applications covered in this class. Students who master it will be able to learn a great deal about any target network, or even a single machine operating on a network.

Nmap is a terminal intensive tool. Students not yet comfortable with text-only interfaces may find it to be a bit of a challenge. A graphical version of Nmap is presented in the next lecture in this module, however students are encouraged watch this video first as it covers the deeper concepts of how this tool operates.

Zenmap is the official graphical user interface for Nmap. It is cross platform, meaning that it can be used on Windows, Linux or even MacOS. It is a free and open source application. It exists to make Nmap a little bit easier to use, and provides a few nice features for advanced users.

Students are encouraged to listen to the prior lecture covering Nmap, as many of the concepts and data points will not be repeated here. Zenmap will be a useful tool in any penetration testers arsenal, as it makes the process of scanning that much easier.

Nikto is a free software command-line vulnerability scanner that scans webservers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received.

Students will learn how to use Nikto to gather vulnerabilities against select targets. These techniques will become applicable later as we dive into the exploitation phase of any penetration test.

Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.

The advantage of learning Lynis is that it can run on almost any UNIX based system. It is light weight and portable. Since this tool is designed to be run locally, students can use it to audit any computer with which they have direct access and permission to test.

This is a shell script to check for simple privilege escalation vectors on Unix systems.

Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases).

It is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred, compiled and installed). It can run either as a normal user or as root (obviously it does a better job when running as root because it can read more files).

Network administrators will find tools such as this useful for defending their systems against cyber intrusion. Pentesters will find it valuable as well, since it can be used on a system the student already has access to and permission to test to determine various attack vectors for later use. It can also be used in conjunction with Metasploit, once initial access to a system is obtained, to help obtain persistent access and elevated permissions. These concepts will be discussed in greater detail later, in the Metasploit module.

GoLismero, "the web knife", is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans.

Like Sparta, GoLismero is a kind of all-in-one type of tool. It includes both scanning and brute force elements, and is not remotely subtle.

Burp Suite (aka Burp) is a graphical tool for testing Web application security. The tool is written in Java and developed by PortSwigger Web Security. The tool has three editions: a Community Edition that can be downloaded free of charge, a Professional Edition and an Enterprise Edition that can be purchased after a trial period. The Community edition has significantly reduced functionality. It intends to provide a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

Because Burp Suite is an extremely complicated program, it is presented in three parts. Students are encouraged to watch these parts in order. There may be some overlap of discussion when it comes to concepts, but each use case is unique. Mastering Burp Suite will grant the student a powerful tool for web application auditing. It will also aquatint students with the concept of spidering, used by many other penetration testing applications.

Burp Suite (aka Burp) is a graphical tool for testing Web application security. The tool is written in Java and developed by PortSwigger Web Security. The tool has three editions: a Community Edition that can be downloaded free of charge, a Professional Edition and an Enterprise Edition that can be purchased after a trial period. The Community edition has significantly reduced functionality. It intends to provide a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

Because Burp Suite is an extremely complicated program, it is presented in three parts. Students are encouraged to watch these parts in order. There may be some overlap of discussion when it comes to concepts, but each use case is unique. Mastering Burp Suite will grant the student a powerful tool for web application auditing. It will also aquatint students with the concept of spidering, used by many other penetration testing applications.

Burp Suite (aka Burp) is a graphical tool for testing Web application security. The tool is written in Java and developed by PortSwigger Web Security. The tool has three editions: a Community Edition that can be downloaded free of charge, a Professional Edition and an Enterprise Edition that can be purchased after a trial period. The Community edition has significantly reduced functionality. It intends to provide a comprehensive solution for web application security checks. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.

Because Burp Suite is an extremely complicated program, it is presented in three parts. Students are encouraged to watch these parts in order. There may be some overlap of discussion when it comes to concepts, but each use case is unique. Mastering Burp Suite will grant the student a powerful tool for web application auditing. It will also aquatint students with the concept of spidering, used by many other penetration testing applications.

The OWASP Zed Attack Proxy, also known as OWASP ZAP, is a popular free security tool that is actively maintained by volunteers. It is entirely open source. Designed to help you find security vulnerabilities in your web applications, it is a solid tool for experienced penetration testers to use for manual security testing. It also has the advantage of being very simplified for beginners.

Zap is cross platform, and be used on Linux, Windows and Mac. Students with an interest in web application security and development will find it useful.

This video will be a practical demonstration of SQLMAP and SQL injection techniques. This is one of the most powerful tools in Kali, and it does the sort of thing that people normally think of when they hear the word “hacker”. It is used to detect and exploit database vulnerabilities, and provides options to “inject” malicious code into them. The tool automates the process of detecting and exploiting SQL inject flaws and provides the user interface in the terminal window.

Hashes and password cracking will also be demonstrated using this application. These techniques will be invaluable to students interested in database security.

SkipFish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.

While this is a very old tool, it has been kept around by user enthusiasm because it still works quite well. Students will find it a useful addition to their toolbox when performing security checks for web vulnerabilities.

A Java-based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting.

This is an older tool and students may or may not it as useful an offering as the somewhat more advanced OWASP ZAP, presented previously. However it is included for the sake of completeness, and because several applications such as Zap are actually forks of the code used for this application. While it is somewhat out of date, it may also be of interest to network administrators.

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

This tool is presented first in this module because its graphical nature might make it a good starting point for students to get their feet wet in the areas of password cracking and bruteforce attacks.

CeWL is a Custom Word List generator. CeWL is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behaviour can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

Students will find applications like CeWL and Crunch (next lecture) useful for creating custom wordlists which can be utilized with almost all of the crackers presented in this class. Custom lists can, in some situations, have a much higher probability to cracking a given set of credentials than a standard wordlist, which takes far longer to use.

Crunch is a custom wordlist generator, much like CeWL presented in the previous lecture. Mastering the use of both CeWL and Crunch will allow for a wide array of custom password lists to be generated that are better suited to a specific target.

John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most frequently used password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.

Much like SQLMAP, this tool has a certain degree of fame (or infamy) as being what people tend to think of when they hear of the word "hacker". Ethical penetration testers and system administrators alike are encouraged to study the use of this application very carefully. Custom word lists can be generated if needed, using CeWL and Crunch, as outlined in the two prior lectures.

Medusa is a lightweight tool for brute forcing logins.

It is not subtle, but can be situationally useful to force access. Students may find it to be a quick and dirty version of Hydra (which we have seen integrated into Sparta and Burpsuite).

HashCat is a somewhat legendary password cracker. It is designed to break even the most complex of passwords. It uses many different approaches to achieve this objective in an efficient and effective way.

Arguably one of the best tools of its kind, HashCat will take encrypted hashes (such as password hashes taken from a database) and attempt to translate them to readable plain text strings.

This program will be of interest to everyone. Pentesters, ethical hackers, system administrators and yes, even people just wishing to recover a lost password for which they have they somehow have the encrypted hash...

A rainbow table is a pre-computed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a password (or credit card numbers, etc.) up to a certain length consisting of a limited set of characters. It is a practical example of a space–time tradeoff, using less computer processing time and more storage than a brute-force attack which calculates a hash on every attempt, but more processing time and less storage than a simple lookup table with one entry per hash. Use of a key derivation function that employs a salt makes this attack infeasible.

This module will cover various methods of wifi hacking. To avoid redundancy, this first lecture is devoted to covering the basic tools and commands that we will see utilized over and over again. Rather than attempt to explain these in each lecture, or devote lectures to them, I have decided to present them as a single video right at the start.

Students should consider this lecture as a starting prerequisite for the ones that follow in this module. We will be learning about ifconfig, iwconfig, airmon-ng, airodump-ng and macchanger. We will also touch briefly upon the wash command.

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.

Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.

On average Reaver will recover the target AP’s plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase, provided that the target AP does not lock.

Reaver is an old tool, but it remains effective against certain targets. Students will learn how to make use of it, although it must be said that configuring it in such a way as to avoid causing certain access points to lock is more of an art than a science...

Aircrack-ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security:

• Monitoring: Packet capture and export of data to text files for further processing by third party tools

• Attacking: Replay attacks, deauthentication, fake access points and others via packet injection

• Testing: Checking WiFi cards and driver capabilities (capture and injection)

• Cracking: WEP and WPA PSK (WPA 1 and 2)

NOTE: The techniques shown here will NOT work correctly in VirtualBox. In order to use the information pertaining to packet injection, it will be necessary to have a wifi card that is injection capable. Students can still benefit from this lecture even if they do not have such a card.

Besside-ng is a tool for automatically cracking WEP access points. It can also be used to grab all WPA handshakes in range for later cracking.

Students are warned to be very careful with this tool. Because it can be used to attack all access points in range, there is a very good chance of it affecting access points that you do not personally own or have written permission to penetration test. It is presented to showcase the methods of breaking a WEP "protected" access point, while also giving an example of the methods so-called "blackhats" employ to grab a large number of handshakes in an area quickly. Do not experiment with this tool unless you are absolutely sure you can do so without unlawfully affecting anything! Remember that laws vary from region to region and country to country.

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.

Fern is basically a graphical user interface to do things you've already seen done in the terminal. It for students who prefer nice looking GUI's.

Metasploit is the bread and butter of penetration testing. Students who are familiar with Recon-Ng, presented previously, will recognize the basic structure of the Metasploit framework.

Entirely terminal based until we get to Armitage, Metasploit is used to directly facilitate the penetration of other computer systems.

While I have made an attempt to present each lecture as being stand alone, it will be necessary for students wishing to learn how to use Metasploit to follow all of the lectures presented in this module in order. It is not possible to cover every possible use-case or elaborate upon every single module contained within the framework. Instead, this module will focus on giving students the solid grounding they need to use Metasploit and easily learn about applicable modules on their own as they go along.

Metasploit is the bread and butter of penetration testing. Students who are familiar with Recon-Ng, presented previously, will recognize the basic structure of the Metasploit framework.

Entirely terminal based until we get to Armitage, Metasploit is used to directly facilitate the penetration of other computer systems.

While I have made an attempt to present each lecture as being stand alone, it will be necessary for students wishing to learn how to use Metasploit to follow all of the lectures presented in this module in order. It is not possible to cover every possible use-case or elaborate upon every single module contained within the framework. Instead, this module will focus on giving students the solid grounding they need to use Metasploit and easily learn about applicable modules on their own as they go along.

With the introduction of concepts out of the way, we will now dive right into the practical usage of Metasploit. This lecture is part 1 of 6.

With the introduction of concepts out of the way, we will now dive right into the practical usage of Metasploit. This lecture is part 2 of 3.

With the introduction of concepts out of the way, we will now dive right into the practical usage of Metasploit. This lecture is part 3 of 6.

With the introduction of concepts out of the way, we will now dive right into the practical usage of Metasploit. This lecture is part 4 of 6.

With the introduction of concepts out of the way, we will now dive right into the practical usage of Metasploit. This lecture is part 5 of 6.

This lecture will specifically address the subject of Port Forwarding, which was alluded to in prior lectures.

With the introduction of concepts out of the way, we will now dive right into the practical usage of Metasploit. This lecture is part 6 of 6.

Armitage is a graphical user interface for Metasploit. It is very much what Zenmap is to Nmap. It gives you a visual representation of what is going on when you use Metasploit.

Please note that this video is not stand alone. It will be necessary to watch the prior lectures in this module to understand what is going on. Students who have obtained a foundational understanding of the Metasploit framework should have no problems using Armitage.

NOTE: Armitage will run in VirtualBox. However, when run in this way, it sometimes has... issues. Students who encounter any unforeseen problems are encouraged to try Armitage on another platform.

The subject of this lecture is going to be client side exploitation using the BeEF framework. Short for "Browser Exploitation Framework", it is a penetration testing tool that focuses on the web browser.

Students will learn just how dangerous it can be to not update your web browser. Techniques for "hooking" a browser with BeEF will be shown, allowing a wide range of potential attacks, including a demonstration of how a remote subject can use such a hooked browser to conduct web traffic from the target machine, bypassing certain protections.

A practical demonstration of how to escalate privileges on a Windows 10 system, using Metasploit.

A practical discussion of how to achieve persistent access, with a demonstration of one possible method.

This lecture will cover the basics of creating an encrypted file container within a Windows environment, using the open source software VeraCrypt. Students who prefer the original TrueCrypt can follow these exact same procedures, as both pieces of software are identical in terms of their interfaces.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Students may be somewhat frustrated by the repetition of information in lectures 47, 48, 49 and 50. Each of these lectures is intended to be stand alone. Some students may wish to only create a single encrypted file container, while others may wish to encrypt a Windows operating system. Still others may wish to create an encrypted operating system and a hidden operating system, and still others may wish to have an encrypted Linux partition on top of that.

For that reason, it is recommended that you only watch the lecture that pertains to your specific interest.

With that being said, please be aware of several very important details:

1. Full disk encryption is risky. If you wish to experiment with these techniques, please do so in VirtualBox. There is a very real possibility of making a mistake when doing this, and that could require a full re-installation of your operating system with a complete loss of data.

2. This module assumes that you do not have any sort of “Secure Boot Mode” incorporated into your BIOS. If such a Mode is enabled, it may need to be disabled, and this is done at your own risk.

3. VeraCrypt has UEFI support. TrueCrypt does not. This means that if you elect to use TrueCrypt for Full Disk Encryption, your system will need to be set to MBR. It may be possible to change some systems from UEFI to MBR, but this is done at your own risk, and involves totally reinstalling the operating system. Making such changes varies from system to system and is outside of the scope of these lectures.

4. Laws concerning encryption vary from region to region and country to country. Please make absolutely sure that you are employing any encryption technique you use in a lawful manner. Also keep in mind that if you encrypt a laptop or other portable device and then travel to another country, the rules there may be different.

5. If you lose your password or any other necessary access credentials... you are out of luck. I cannot help you recover such credentials. DO NOT LOSE YOUR PASSWORD OR OTHER CREDENTIALS!

This lecture covers implementation of full disk encryption for a Windows system. Windows 10 is used in this demonstration, although the process will be the same for all versions of Windows going as far back as XP.

* Students who only wish to create an encrypted container for important files should see the prior lecture.

* Students who wish to create an encrypted decoy and encrypted hidden operating system should see lecture 49 or lecture 50 (whichever is more applicable to your interest).

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Students may be somewhat frustrated by the repetition of information in lectures 47, 48, 49 and 50. Each of these lectures is intended to be stand alone. Some students may wish to only create a single encrypted file container, while others may wish to encrypt a Windows operating system. Still others may wish to create an encrypted operating system and a hidden operating system, and still others may wish to have an encrypted Linux partition on top of that.

For that reason, it is recommended that you only watch the lecture that pertains to your specific interest.

With that being said, please be aware of several very important details:

1. Full disk encryption is risky. If you wish to experiment with these techniques, please do so in VirtualBox. There is a very real possibility of making a mistake when doing this, and that could require a full re-installation of your operating system with a complete loss of data.

2. This module assumes that you do not have any sort of “Secure Boot Mode” incorporated into your BIOS. If such a Mode is enabled, it may need to be disabled, and this is done at your own risk.

3. VeraCrypt has UEFI support. TrueCrypt does not. This means that if you elect to use TrueCrypt for Full Disk Encryption, your system will need to be set to MBR. It may be possible to change some systems from UEFI to MBR, but this is done at your own risk, and involves totally reinstalling the operating system. Making such changes varies from system to system and is outside of the scope of these lectures.

4. Laws concerning encryption vary from region to region and country to country. Please make absolutely sure that you are employing any encryption technique you use in a lawful manner. Also keep in mind that if you encrypt a laptop or other portable device and then travel to another country, the rules there may be different.

5. If you lose your password or any other necessary access credentials... you are out of luck. I cannot help you recover such credentials. DO NOT LOSE YOUR PASSWORD OR OTHER CREDENTIALS!

This lecture covers the creation of both an encrypted decoy, as well as an encrypted hidden Windows operating system. Windows 10 is being used in this example, although the process is the same for all earlier versions of Windows going as far back as Windows XP.

Students who only wish to encrypt their system normally, or simply create an encrypted container for select files, should see lectures 48 and 47 respectively. Students who also wish for a third encrypted operating system, such as Kali Linux, in addition to the decoy and hidden Windows systems, should see lecture 50.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Students may be somewhat frustrated by the repetition of information in lectures 47, 48, 49 and 50. Each of these lectures is intended to be stand alone. Some students may wish to only create a single encrypted file container, while others may wish to encrypt a Windows operating system. Still others may wish to create an encrypted operating system and a hidden operating system, and still others may wish to have an encrypted Linux partition on top of that.

For that reason, it is recommended that you only watch the lecture that pertains to your specific interest.

With that being said, please be aware of several very important details:

1. Full disk encryption is risky. If you wish to experiment with these techniques, please do so in VirtualBox. There is a very real possibility of making a mistake when doing this, and that could require a full re-installation of your operating system with a complete loss of data.

2. This module assumes that you do not have any sort of “Secure Boot Mode” incorporated into your BIOS. If such a Mode is enabled, it may need to be disabled, and this is done at your own risk.

3. VeraCrypt has UEFI support. TrueCrypt does not. This means that if you elect to use TrueCrypt for Full Disk Encryption, your system will need to be set to MBR. It may be possible to change some systems from UEFI to MBR, but this is done at your own risk, and involves totally reinstalling the operating system. Making such changes varies from system to system and is outside of the scope of these lectures.

4. Laws concerning encryption vary from region to region and country to country. Please make absolutely sure that you are employing any encryption technique you use in a lawful manner. Also keep in mind that if you encrypt a laptop or other portable device and then travel to another country, the rules there may be different.

5. If you lose your password or any other necessary access credentials... you are out of luck. I cannot help you recover such credentials. DO NOT LOSE YOUR PASSWORD OR OTHER CREDENTIALS!

This lecture covers the most advanced encryption scheme presented in this class. Students will learn how to create an encrypted decoy, as well as an encrypted hidden, Windows operating system. Additionally, students will learn how to create an encrypted Kali Linux operating system on top of that.

When all is said and done, it should be possible to boot into any of these three encrypted systems. Students who only wish to create a decoy and hidden OS should see the prior lecture. Students who only wish to create an encrypted version of Windows as a stand-alone should see lecture 48. The creation of simple, encrypted file containers is covered in lecture 47 of this module.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Students may be somewhat frustrated by the repetition of information in lectures 47, 48, 49 and 50. Each of these lectures is intended to be stand alone. Some students may wish to only create a single encrypted file container, while others may wish to encrypt a Windows operating system. Still others may wish to create an encrypted operating system and a hidden operating system, and still others may wish to have an encrypted Linux partition on top of that.

For that reason, it is recommended that you only watch the lecture that pertains to your specific interest.

With that being said, please be aware of several very important details:

1. Full disk encryption is risky. If you wish to experiment with these techniques, please do so in VirtualBox. There is a very real possibility of making a mistake when doing this, and that could require a full re-installation of your operating system with a complete loss of data.

2. This module assumes that you do not have any sort of “Secure Boot Mode” incorporated into your BIOS. If such a Mode is enabled, it may need to be disabled, and this is done at your own risk.

3. VeraCrypt has UEFI support. TrueCrypt does not. This means that if you elect to use TrueCrypt for Full Disk Encryption, your system will need to be set to MBR. It may be possible to change some systems from UEFI to MBR, but this is done at your own risk, and involves totally reinstalling the operating system. Making such changes varies from system to system and is outside of the scope of these lectures.

4. Laws concerning encryption vary from region to region and country to country. Please make absolutely sure that you are employing any encryption technique you use in a lawful manner. Also keep in mind that if you encrypt a laptop or other portable device and then travel to another country, the rules there may be different.

5. If you lose your password or any other necessary access credentials... you are out of luck. I cannot help you recover such credentials. DO NOT LOSE YOUR PASSWORD OR OTHER CREDENTIALS!

This lecture covers a piece of software called "Darik's Boot n Nuke". It is used to completely and securely erase the contents of any hard drive by overwriting it multiple times with encrypted data. This is a strong security practice as it makes it much more difficult to extract any usable information from a drive that has been wiped in this manner.

Students may also find this lecture to be of particular use if they wish to totally erase a hard drive, wipe out the partition tables, and start over from absolute scratch when using any of the techniques of full disk encryption elaborated upon in the prior lectures of this module.

NOTE: Very old hard drives that are in poor condition may be damaged by this process. Certain solid state hard drives are known to have a limited number of read/writes before they begin to fail, meaning that routine wiping with this method may shorten the life expectancy of the drive.

The techniques shown here will COMPLETELY erase a computer. ALL files, operating systems, and partition tables will be lost beyond recovery. Backup any important files before proceeding, and make sure that you are fully prepared to perform a fresh installation of your operating system of choice!

PGP encryption, or Pretty Good Privacy encryption, is a data encryption computer program that gives cryptographic privacy and authentication for online communication. It is often used to encrypt and decrypt texts, emails, and files to increase the security of emails.

This lecture is a prerequisite for the following lectures in this module. It will teach students methods to verify the authenticity of their downloads using Sha Sum Checker. This is very important, because the following lectures on TOR and TAILS are all about security and anonymity. Should a user download a compromised version of either piece of software, this would utterly defeat all other security precautions taken.

Students will learn techniques to verify that they are using authentic versions of software that they download, without having to trust the individual source. Concepts from the prior lecture on PGP will also be included here.

This lecture will cover the TOR anonymity network.

Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities un-monitored.

Tor does not prevent an online service from determining when it is being accessed through Tor. Tor protects a user's privacy, but does not hide the fact that someone is using Tor. Some websites restrict allowances through Tor.

This lecture will cover the TAILS operating system, which has TOR built into it.

Tails or The Amnesic Incognito Live System is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. All its incoming and outgoing connections are forced to go through Tor, and any and all non-anonymous connections are blocked. The system is designed to be booted as a live DVD or live USB, and will leave no digital footprint on the machine unless explicitly told to do so.

NOTE: It may not be possible to live boot TAILS on computers with "Secure Boot Mode" enabled in the BIOS. This mode prevents any non-Windows media from being booted from. It may be possible to disable Secure Boot Mode by going into the BIOS and making the appropriate changes, however doing so is outside of the scope of this tutorial, and is done at your own risk. Students who face this problem may prefer to test out TAILS using VirtualBox, or carry the bootable media with them to another computer.

Please also be aware that TAILS no longer offers a 32 bit version. It will only function on a computer capable of running a 64 bit operating system.

This lecture provides an explanation and simple demonstration of Virtual Private Networks, better known as VPN's. Students will learn the basic concepts of what a VPN is, and how to employ them to encrypt their traffic across the internet. It is also possible to use a VPN to obscure a users true location, or to present web services with the geographical location of the VPN server, allowing users to side-step certain geo-restrictions.

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, though not an inherent, part of a VPN connection.

NOTE: The VPN providers shown in this video are for demonstration purposes only. I neither advertise for nor endorse any particular service. The goal of this video is to provide students with enough information to research a provider that suits their needs and considerations.

This lecture will cover the setup and use of ProxyChains in Kali Linux for enhanced anonymity during penetration tests.

A brief introduction to the functionality of all forms of cryptographic currency (e.g. Bitcoin, Litecoin, etc).

This lecture is included because "cryptocurrency" is an important part of the encryption sphere. The aim is to educate the student on the basic concepts of how such things work. This is not an investment class, and it is very important for students to understand that the relative value and legality of such "currencies" are in a constant state of change. Some or all such "currencies" may be illegal to buy, sell or own in certain parts of the world. Some or all such "currencies" may have special tax regulations that apply to them.

This information is presented only so that students can get an idea of how "Blockchain" technology works. Any investment is done at your own risk, and no such investment is encouraged by this class.

This lecture is part 1 of 2 and covers Virtual Private Servers, also called VPS for short.

A virtual private server (VPS) is a virtual machine sold as a service by an Internet hosting service.

A VPS runs its own copy of an operating system (OS), and customers may have superuser-level access to that operating system instance, so they can install almost any software that runs on that OS. For many purposes they are functionally equivalent to a dedicated physical server, and being software-defined, are able to be much more easily created and configured. They are priced much lower than an equivalent physical server. However, as they share the underlying physical hardware with other VPSes, performance may be lower, depending on the workload of any other executing virtual machines.

NOTE: The VPS providers shown in this video are for demonstration purposes only. I neither advertise for nor personally endorse these services. Students who are interested in establishing their own Virtual Private Server are encouraged to use the information provided here to research a provider that best suits their needs and considerations.

This lecture is part 2 of 2 and covers Virtual Private Servers, also called VPS for short.

A virtual private server (VPS) is a virtual machine sold as a service by an Internet hosting service.

A VPS runs its own copy of an operating system (OS), and customers may have superuser-level access to that operating system instance, so they can install almost any software that runs on that OS. For many purposes they are functionally equivalent to a dedicated physical server, and being software-defined, are able to be much more easily created and configured. They are priced much lower than an equivalent physical server. However, as they share the underlying physical hardware with other VPSes, performance may be lower, depending on the workload of any other executing virtual machines.

NOTE: The VPS providers shown in this video are for demonstration purposes only. I neither advertise for nor personally endorse these services. Students who are interested in establishing their own Virtual Private Server are encouraged to use the information provided here to research a provider that best suits their needs and considerations.

A short and sweet method of transforming a base Debian machine into a Kali Linux machine with just a few simple commands.

This lecture is included because finding a VPS provider that actually offers any of the penetration testing "distros" of Linux, such as Kali, can be quite challenging. Finding a provider that offers basic Debian is easy. This technique will allow students greater freedom in terms of the provider they chose.

This method is by no means the only way of accomplishing this. Students can easily modify Debian on an as-needed basis to include any of the tools from Kali.  

This lecture will explain the concept of BotNets, which are often hosted on Virtual Private Servers.

It will also showcase "UFONET", which is an example of a BotNet framework which can be easily included into Kali Linux.

NOTE: There will be no practical demonstration of using a BotNet, nor will any "bots" be downloaded from the public list. The purpose of this video is to educate system administrators on the existence of so-called Public Access BotNets such as UFONET, as well as to cover the concepts of how a traditional botnet is setup. BotNets pose a considerable cyber security risk in the 21st century, and having a basic understanding of their operation is important.