Archive for » June, 2019 «

Week 11

On our eleventh session in ethical hacking and penetration testing, our main topic was about maintaining access. This is the last step of penetration testing because once u get to maintain your access on a server, you can mostly do anything in the server and all you need to do is to maintain its access. Maintaining access is not as easy as we thought because we have to keep maintaining it and we have to be careful so we don’t make fatal mistakes. There are some ways to maintain access such as tunneling. Maintaining access should be performed after you gain access to its root

Week 10

On our tenth session on ethical hacking and penetration testing, our main topic was about privilege escalation. Escalating privilege is considered an advanced activity because it could give you more access to the system so you have more authorities to anything you would like to access. Privilege escalation has many ways to do according to its vulnerabilities and many tools to support privilege escalating. It shows how privilege escalating is very crucial since it could give crucial information and could lead to misuse of authorities. Privilege escalating is one of the hardest steps in ethical hacking since it takes a lot of knowledge and tricks to be implemented.

Week 9

On our ninth session on ethical hacking and penetration testing, our main topic was about target exploitation. We were also taught how to exploit vulnerabilities step by step efficiently so that we would get every vulnerability to check correct without re-checking it. Target exploitation is really hard because it would need a lot of knowledge lots of programming language to make scripts to exploit vulnerabilities because there are a lot of ways to exploit vulnerabilities in a website. One thing that we must make sure is that never use any script given by strangers since we don’t know what kind of scripts they are giving and what damage could it cause to the server we’re currently penetrating (especially if you are unexperienced).

Week 8

On our eighth session on ethical hacking and penetration testing, our main topic was about social engineering. Social engineering is one of the most effective ways to start on the process of penetration testing. It could give out possibly important information that would be useful for penetration testing. We learnt about the process of performing social engineering and what are the essential information we would need. There are a lot of tools we could use to perform social engineerings such as SET (Social Engineering Toolkit) and CUPP (Common User Password Profiler. We were also asked to make our own site cloner project and it would be our Lab 4 assignment

Week 6

On our sixth session on ethical hacking and penetration testing, our main topic was about vulnerability mapping. We were introduced to the types of vulnerability mapping and the tools that we are going to use for vulnerability mapping. Vulnerability mapping is used to scan where the vulnerabilities of a domain are. We also can exploit those vulnerabilities after the scanning process, which is why we would need to know the type of vulnerability too to make it easier for us to locate the vulnerability. Vulnerability also gives us the knowledge of why and how to avoid vulnerabilities before implementing or before we start to deploy our website. Because the security of a server is one of the most important things to be aware of in a server or on a website.

Week 5
On our fifth session on ethical hacking and penetration testing, our main topic was about enumerating target and the tools we are going to use to enumerate target. We were told about the information we could extract by performing enumeration (resources or shares on the network, user names or groups assigned on the network, last time user logged on, user’s password). We were introduced with some tools such as NBTscan, Hyena, DumpSec, etc. We were also explained about the advantages and disadvantages of each tool we were introduced with, and what the results would look like after the enumerating process. On our fifth session, we were expected to enumerate the user technical identity, explain the different nmap scanning options from the TCP/IP perspective, understanding how to use enumeration in an effective way.
Week 4

On our fourth session on ethical hacking and penetration testing, our main topic was about target discovery. We were expected to apply the tools that we were introduced to identify the target machine, we were also introduced to the tools that could perform fingerprinting, and also generalize the things that we found during the target discovery. We were taught about the differences between fingerprinting and footprinting, and what results do we get when we perform either fingerprinting or footprinting. We were also taught how to find old files that were once stored on the internet, and some old records or even websites that were once active.

Week 3

On our third session on ethical hacking and penetration testing, our main topic of the session was about information gathering and the tools we’re going to use for information gathering. We were introduced with a lot of tools that would be useful for information gathering such as maltego and theharvester. theHarvester and maltego are tools that give the registrant details of the domain. Those tools are considered as a very powerful tool to be used for information gathering because it could leak out some private or even sensitive information that would be useful for penetration testing. theHarvester could give out the information such as emails, the date the domain was made (or even expired), subdomains, etc. And harvester uses the search engine (or social platforms) as their base on searching information about the domain. Maltego has the same features as theHarvester, but maltego is more of a GUI based.

Week 2

On our second session on ethical hacking and penetration testing, our main topic was about target scoping and information gathering. We were also asked whether we have installed our Kali Linux yet. We were also taught a lot about target scoping which is the correct procedure after we sign on the non-disclosure agreement and before we perform penetration testing. Target scoping involves the client too so that it made sure that the penetration testing is safe for both parties. We were taught the steps to perform information gathering, what could it cause, and what are the tools we could use for our information gathering process. At the end of the class, we were given a lab assignment about information gathering. We were assigned to sniff on another Kali Linux (or virtual machine) that we were supposed to make, and show the results on what we can sniff. There are several tools we used, and there are some steps that we would need to follow for it to be sniffed. The results are in a pcap file which can be accessed through Wireshark.

Week 1

During our first session, we were introduced about hackers, ethical hackers, and crackers. We were told about the differences between hackers and ethical hackers. We were told about the differences of white-box, black-box, and gray-box penetration testing. We were also told about what are the steps to perform a penetration testing (e.g. signing NDA before performing penetration testing). We were also told about our upcoming sessions’ activity and we were also asked to install Kali Linux for our penetration testing. We were also explained about the red and blue team that works on a company and what their roles are. Also, we were explained about script kiddies definition and why being script kiddie is dangerous.