In this video we go over the Penetration Test Professional course offered by eLearnSecuritry. See why this is such a highly regarded course! This video is NO. ELearnSecurity has been a player in the certification market for some time now, although their notoriety has been eclipsed by the powerhouses of EC2, CompTIA, and EC-Council. Who knows why that is the case, but, it is what it is. ELearnSecurity s.r.l. © 2019 HERA Lab 5 From the start menu, launch OpenVPN GUI.Once the application starts, you will see an icon with a display and a lock in the. Overview The eCPPT designation stands for eLearnSecurity Certified Professional Penetration Tester. ECPPT is a 100% practical and highly respected Ethical Hacking and Penetration Testing Professional certification counting certified professional in all the five continents. Download and Read online Elearnsecurity Certified Professional Penetration Tester A Complete Guide 2020 Edition ebooks in PDF, epub, Tuebl Mobi, Kindle Book. Get Free Elearnsecurity Certified Professional Penetration Tester A Complete Guide 2020 Edition Textbook and unlimited access to our library by created an account.
Download and Read online Elearnsecurity Certified Professional Penetration Tester A Complete Guide 2020 Edition ebooks in PDF, epub, Tuebl Mobi, Kindle Book. Get Free Elearnsecurity Certified Professional Penetration Tester A Complete Guide 2020 Edition Textbook and unlimited access to our library by created an account. Fast Download speed and ads Free!
ELearnSecurity Certified Professional Penetration Tester A Complete Guide 2020 Edition
Author | : Gerardus Blokdyk |
Publsiher | : 5starcooks |
Total Pages | : 316 |
Release | : 2020-03 |
ISBN 10 | : 9781867340102 |
ISBN 13 | : 1867340100 |
Language | : EN, FR, DE, ES & NL |
How likely is it that a customer would recommend your company to a friend or colleague? Does the scope remain the same? What is measured? Why? How do you listen to customers to obtain actionable information? Who is gathering ELearnSecurity Certified Professional Penetration Tester information? This easy ELearnSecurity Certified Professional Penetration Tester self-assessment will make you the trusted ELearnSecurity Certified Professional Penetration Tester domain assessor by revealing just what you need to know to be fluent and ready for any ELearnSecurity Certified Professional Penetration Tester challenge. How do I reduce the effort in the ELearnSecurity Certified Professional Penetration Tester work to be done to get problems solved? How can I ensure that plans of action include every ELearnSecurity Certified Professional Penetration Tester task and that every ELearnSecurity Certified Professional Penetration Tester outcome is in place? How will I save time investigating strategic and tactical options and ensuring ELearnSecurity Certified Professional Penetration Tester costs are low? How can I deliver tailored ELearnSecurity Certified Professional Penetration Tester advice instantly with structured going-forward plans? There's no better guide through these mind-expanding questions than acclaimed best-selling author Gerard Blokdyk. Blokdyk ensures all ELearnSecurity Certified Professional Penetration Tester essentials are covered, from every angle: the ELearnSecurity Certified Professional Penetration Tester self-assessment shows succinctly and clearly that what needs to be clarified to organize the required activities and processes so that ELearnSecurity Certified Professional Penetration Tester outcomes are achieved. Contains extensive criteria grounded in past and current successful projects and activities by experienced ELearnSecurity Certified Professional Penetration Tester practitioners. Their mastery, combined with the easy elegance of the self-assessment, provides its superior value to you in knowing how to ensure the outcome of any efforts in ELearnSecurity Certified Professional Penetration Tester are maximized with professional results. Your purchase includes access details to the ELearnSecurity Certified Professional Penetration Tester self-assessment dashboard download which gives you your dynamically prioritized projects-ready tool and shows you exactly what to do next. Your exclusive instant access details can be found in your book. You will receive the following contents with New and Updated specific criteria: - The latest quick edition of the book in PDF - The latest complete edition of the book in PDF, which criteria correspond to the criteria in... - The Self-Assessment Excel Dashboard - Example pre-filled Self-Assessment Excel Dashboard to get familiar with results generation - In-depth and specific ELearnSecurity Certified Professional Penetration Tester Checklists - Project management checklists and templates to assist with implementation INCLUDES LIFETIME SELF ASSESSMENT UPDATES Every self assessment comes with Lifetime Updates and Lifetime Free Updated Books. Lifetime Updates is an industry-first feature which allows you to receive verified self assessment updates, ensuring you always have the most accurate information at your fingertips.
The Pentester BluePrint
Author | : Phillip L. Wylie,Kim Crawley |
Publsiher | : John Wiley & Sons |
Total Pages | : 192 |
Release | : 2020-11-24 |
ISBN 10 | : 1119684307 |
ISBN 13 | : 9781119684305 |
Language | : EN, FR, DE, ES & NL |
JUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTER The Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or 'white-hat' hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications. You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement. Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing. Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you: The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems The development of hacking skills and a hacker mindset Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study Which certifications and degrees are most useful for gaining employment as a pentester How to get experience in the pentesting field, including labs, CTFs, and bug bounties
Advanced Penetration Testing
Author | : Wil Allsopp |
Publsiher | : John Wiley & Sons |
Total Pages | : 288 |
Release | : 2017-02-27 |
ISBN 10 | : 1119367662 |
ISBN 13 | : 9781119367666 |
Language | : EN, FR, DE, ES & NL |
Build a better defense against motivated, organized, professional attacks Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level—and this book shows you how to defend your high security network. Use targeted social engineering pretexts to create the initial compromise Leave a command and control structure in place for long-term access Escalate privilege and breach networks, operating systems, and trust structures Infiltrate further using harvested credentials while expanding control Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.
Kali Linux Revealed
Author | : Raphaël Hertzog,Jim O'Gorman,Mati Aharoni |
Publsiher | : Anonim |
Total Pages | : 342 |
Release | : 2017-06-05 |
ISBN 10 | : 9780997615609 |
ISBN 13 | : 0997615605 |
Language | : EN, FR, DE, ES & NL |
Whether you're a veteran or an absolute n00b, this is the best place to start with Kali Linux, the security professional's platform of choice, and a truly industrial-grade, and world-class operating system distribution-mature, secure, and enterprise-ready.
Kali Linux Network Scanning Cookbook
Author | : Justin Hutchens |
Publsiher | : Packt Publishing Ltd |
Total Pages | : 452 |
Release | : 2014-08-21 |
ISBN 10 | : 1783982152 |
ISBN 13 | : 9781783982158 |
Language | : EN, FR, DE, ES & NL |
Kali Linux Network Scanning Cookbook is intended for information security professionals and casual security enthusiasts alike. It will provide the foundational principles for the novice reader but will also introduce scripting techniques and in-depth analysis for the more advanced audience. Whether you are brand new to Kali Linux or a seasoned veteran, this book will aid in both understanding and ultimately mastering many of the most powerful and useful scanning techniques in the industry. It is assumed that the reader has some basic security testing experience.
Ethical Hacking and Penetration Testing Guide
Author | : Rafay Baloch |
Publsiher | : CRC Press |
Total Pages | : 531 |
Release | : 2017-09-29 |
ISBN 10 | : 148223162X |
ISBN 13 | : 9781482231625 |
Language | : EN, FR, DE, ES & NL |
Requiring no prior hacking experience, Ethical Hacking and Penetration Testing Guide supplies a complete introduction to the steps required to complete a penetration test, or ethical hack, from beginning to end. You will learn how to properly utilize and interpret the results of modern-day hacking tools, which are required to complete a penetration test. The book covers a wide range of tools, including Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. Supplying a simple and clean explanation of how to effectively utilize these tools, it details a four-step methodology for conducting an effective penetration test or hack.Providing an accessible introduction to penetration testing and hacking, the book supplies you with a fundamental understanding of offensive security. After completing the book you will be prepared to take on in-depth and advanced topics in hacking and penetration testing. The book walks you through each of the steps and tools in a structured, orderly manner allowing you to understand how the output from each tool can be fully utilized in the subsequent phases of the penetration test. This process will allow you to clearly see how the various tools and phases relate to each other. An ideal resource for those who want to learn about ethical hacking but dont know where to start, this book will help take your hacking skills to the next level. The topics described in this book comply with international standards and with what is being taught in international certifications.
Penetration Testing
Author | : Georgia Weidman |
Publsiher | : No Starch Press |
Total Pages | : 528 |
Release | : 2014-06-14 |
ISBN 10 | : 1593275641 |
ISBN 13 | : 9781593275648 |
Language | : EN, FR, DE, ES & NL |
Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more. Learn how to: * Crack passwords and wireless network keys with brute-forcing and wordlists * Test web applications for vulnerabilities * Use the Metasploit Framework to launch exploits and write your own Metasploit modules * Automate social-engineering attacks * Bypass antivirus software * Turn access to one machine into total control of the enterprise in the post exploitation phase You’ll even explore writing your own exploits. Then it’s on to mobile hacking—Weidman’s particular area of research—with her tool, the Smartphone Pentest Framework. With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.
The Basics of Hacking and Penetration Testing
Author | : Patrick Engebretson |
Publsiher | : Elsevier |
Total Pages | : 225 |
Release | : 2013-06-24 |
ISBN 10 | : 0124116418 |
ISBN 13 | : 9780124116412 |
Language | : EN, FR, DE, ES & NL |
The Basics of Hacking and Penetration Testing, Second Edition, serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches students how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clean explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping students with the know-how required to jump start their careers and gain a better understanding of offensive security. Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. Tool coverage includes: Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. This is complemented by PowerPoint slides for use in class. This book is an ideal resource for security consultants, beginning InfoSec professionals, and students. Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases. Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University. Utilizes the Kali Linux distribution and focuses on the seminal tools required to complete a penetration test.
Starting Out with Python
Author | : Tony Gaddis |
Publsiher | : Pearson |
Total Pages | : 744 |
Release | : 2017-03-06 |
ISBN 10 | : 9780134444321 |
ISBN 13 | : 0134444329 |
Language | : EN, FR, DE, ES & NL |
For courses in Python programming. A clear and student-friendly introduction to the fundamentals of Python In Starting Out with Python�, 4th EditionTony Gaddis' accessible coverage introduces students to the basics of programming in a high level language. Python, an easy-to-learn and increasingly popular object-oriented language, allows readers to become comfortable with the fundamentals of programming without the troublesome syntax that can be challenging for novices. With the knowledge acquired using Python, students gain confidence in their skills and learn to recognize the logic behind developing high-quality programs. Starting Out with Python discusses control structures, functions, arrays, and pointers before objects and classes. As with all Gaddis texts, clear and easy-to-read code listings, concise and practical real-world examples, focused explanations, and an abundance of exercises appear in every chapter. Updates to the 4th Edition include revised, improved problems throughout, and new Turtle Graphics sections that provide flexibility as assignable, optional material. Also Available with MyLab Programming. MyLab(tm)Programming is an online learning system designed to engage students and improve results. MyLabProgramming consists of programming exercises correlated to the concepts and objectives in this book. Through practice exercises and immediate, personalized feedback, MyLab Programming improves the programming competence of beginning students who often struggle with the basic concepts of programming languages. Note: You are purchasing a standalone product; MyLab Programming does not come packaged with this content. Students, if interested in purchasing this title with MyLab Programming, ask your instructor for the correct package ISBN and Course ID. Instructors, contact your Pearson representative for more information. If you would like to purchase both the physical text and MyLab Programming, search for: 0134543661 / 9780134543666 Starting Out with Python Plus MyLab Programming with Pearson eText -- Access Card Package, 4/e Package consists of: 0134444329 / 9780134444321 Starting Out with Python 0134484967 / 9780134484969 MyLab Programming with Pearson eText -- Access Code Card -- for Starting Out with Python Students can use the URL and phone number below to help answer their questions: http://247pearsoned.custhelp.com/app/home 800-677-6337
The Basics of Web Hacking
Author | : Josh Pauli |
Publsiher | : Elsevier |
Total Pages | : 160 |
Release | : 2013-06-18 |
ISBN 10 | : 0124166598 |
ISBN 13 | : 9780124166592 |
Language | : EN, FR, DE, ES & NL |
The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a 'path of least resistance' that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities. The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user. With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge. Provides a simple and clean approach to Web hacking, including hands-on examples and exercises that are designed to teach you how to hack the server, hack the Web app, and hack the Web user Covers the most significant new tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more! Written by an author who works in the field as a penetration tester and who teaches Web security classes at Dakota State University
Practical Malware Analysis
Author | : Michael Sikorski,Andrew Honig |
Publsiher | : No Starch Press |
Total Pages | : 800 |
Release | : 2012 |
ISBN 10 | : 1593272901 |
ISBN 13 | : 9781593272906 |
Language | : EN, FR, DE, ES & NL |
Introduces tools and techniques for analyzing and debugging malicious software, discussing how to set up a safe virtual environment, overcome malware tricks, and use five of the most popular packers.
Bug Bounty Hunting Essentials
Author | : Carlos A. Lozano,Shahmeer Amir |
Publsiher | : Packt Publishing Ltd |
Total Pages | : 270 |
Release | : 2018-11-30 |
ISBN 10 | : 1788834437 |
ISBN 13 | : 9781788834438 |
Language | : EN, FR, DE, ES & NL |
Get hands-on experience on concepts of Bug Bounty Hunting Key Features Get well-versed with the fundamentals of Bug Bounty Hunting Hands-on experience on using different tools for bug hunting Learn to write a bug bounty report according to the different vulnerabilities and its analysis Book Description Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals. What you will learn Learn the basics of bug bounty hunting Hunt bugs in web applications Hunt bugs in Android applications Analyze the top 300 bug reports Discover bug bounty hunting research methodologies Explore different tools used for Bug Hunting Who this book is for This book is targeted towards white-hat hackers, or anyone who wants to understand the concept behind bug bounty hunting and understand this brilliant way of penetration testing. This book does not require any knowledge on bug bounty hunting.
The Art of Assembly Language 2nd Edition
Author | : Randall Hyde |
Publsiher | : No Starch Press |
Total Pages | : 760 |
Release | : 2010-03-01 |
ISBN 10 | : 1593273010 |
ISBN 13 | : 9781593273019 |
Language | : EN, FR, DE, ES & NL |
Assembly is a low-level programming language that's one step above a computer's native machine language. Although assembly language is commonly used for writing device drivers, emulators, and video games, many programmers find its somewhat unfriendly syntax intimidating to learn and use. Since 1996, Randall Hyde's The Art of Assembly Language has provided a comprehensive, plain-English, and patient introduction to 32-bit x86 assembly for non-assembly programmers. Hyde's primary teaching tool, High Level Assembler (or HLA), incorporates many of the features found in high-level languages (like C, C++, and Java) to help you quickly grasp basic assembly concepts. HLA lets you write true low-level code while enjoying the benefits of high-level language programming. As you read The Art of Assembly Language, you'll learn the low-level theory fundamental to computer science and turn that understanding into real, functional code. You'll learn how to: –Edit, compile, and run HLA programs –Declare and use constants, scalar variables, pointers, arrays, structures, unions, and namespaces –Translate arithmetic expressions (integer and floating point) –Convert high-level control structures This much anticipated second edition of The Art of Assembly Language has been updated to reflect recent changes to HLA and to support Linux, Mac OS X, and FreeBSD. Whether you're new to programming or you have experience with high-level languages, The Art of Assembly Language, 2nd Edition is your essential guide to learning this complex, low-level language.
BackTrack
Author | : Kevin Cardwell |
Publsiher | : Packt Publishing Ltd |
Total Pages | : 108 |
Release | : 2013-01-01 |
ISBN 10 | : 1782164073 |
ISBN 13 | : 9781782164074 |
Language | : EN, FR, DE, ES & NL |
Written in an easy-to-follow step-by-step format, you will be able to get started in next to no time with minimal effort and zero fuss.BackTrack: Testing Wireless Network Security is for anyone who has an interest in security and who wants to know more about wireless networks.All you need is some experience with networks and computers and you will be ready to go.
Learn Kali Linux 2019
Author | : Glen D. Singh |
Publsiher | : Packt Publishing Ltd |
Total Pages | : 550 |
Release | : 2019-11-14 |
ISBN 10 | : 1789612624 |
ISBN 13 | : 9781789612622 |
Language | : EN, FR, DE, ES & NL |
Explore the latest ethical hacking tools and techniques in Kali Linux 2019 to perform penetration testing from scratch Key Features Get up and running with Kali Linux 2019.2 Gain comprehensive insights into security concepts such as social engineering, wireless network exploitation, and web application attacks Learn to use Linux commands in the way ethical hackers do to gain control of your environment Book Description The current rise in hacking and security breaches makes it more important than ever to effectively pentest your environment, ensuring endpoint protection. This book will take you through the latest version of Kali Linux and help you use various tools and techniques to efficiently deal with crucial security aspects. Through real-world examples, you’ll understand how to set up a lab and later explore core penetration testing concepts. Throughout the course of this book, you’ll get up to speed with gathering sensitive information and even discover different vulnerability assessment tools bundled in Kali Linux 2019. In later chapters, you’ll gain insights into concepts such as social engineering, attacking wireless networks, exploitation of web applications and remote access connections to further build on your pentesting skills. You’ll also focus on techniques such as bypassing controls, attacking the end user and maintaining persistence access through social media. Finally, this pentesting book covers best practices for performing complex penetration testing techniques in a highly secured environment. By the end of this book, you’ll be able to use Kali Linux to detect vulnerabilities and secure your system by applying penetration testing techniques of varying complexity. What you will learn Explore the fundamentals of ethical hacking Learn how to install and configure Kali Linux Get up to speed with performing wireless network pentesting Gain insights into passive and active information gathering Understand web application pentesting Decode WEP, WPA, and WPA2 encryptions using a variety of methods, such as the fake authentication attack, the ARP request replay attack, and the dictionary attack Who this book is for If you are an IT security professional or a security consultant who wants to get started with penetration testing using Kali Linux 2019.2, then this book is for you. The book will also help if you’re simply looking to learn more about ethical hacking and various security breaches. Although prior knowledge of Kali Linux is not necessary, some understanding of cybersecurity will be useful.
Violent Python
Author | : TJ O'Connor |
Publsiher | : Newnes |
Total Pages | : 288 |
Release | : 2012-12-28 |
ISBN 10 | : 1597499641 |
ISBN 13 | : 9781597499644 |
Language | : EN, FR, DE, ES & NL |
Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker’s tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how tos web applications Learn essential hacking techniques attackers use to exploit applications Map and document web applications for which you don’t have direct access Develop and deploy customized exploits that can bypass common defenses Develop and deploy mitigations to protect your applications against hackers Integrate secure coding best practices into your development lifecycle Get practical tips to help you improve the overall security of your web applications
Social Engineering
Author | : Christopher Hadnagy |
Publsiher | : John Wiley & Sons |
Total Pages | : 320 |
Release | : 2018-06-25 |
ISBN 10 | : 1119433754 |
ISBN 13 | : 9781119433750 |
Language | : EN, FR, DE, ES & NL |
Harden the human firewall against the most current threats Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker’s repertoire—why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited. Networks and systems can be hacked, but they can also be protected; when the “system” in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer’s bag of tricks. Examine the most common social engineering tricks used to gain access Discover which popular techniques generally don’t work in the real world Examine how our understanding of the science behind emotions and decisions can be used by social engineers Learn how social engineering factors into some of the biggest recent headlines Learn how to use these skills as a professional social engineer and secure your company Adopt effective counter-measures to keep hackers at bay By working from the social engineer’s playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.
Social Engineering
Author | : Christopher Hadnagy |
Publsiher | : John Wiley & Sons |
Total Pages | : 416 |
Release | : 2010-11-29 |
ISBN 10 | : 1118029712 |
ISBN 13 | : 9781118029718 |
Language | : EN, FR, DE, ES & NL |
The first book to reveal and dissect the technical aspect of many social engineering maneuvers From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering. Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats. Examines social engineering, the science of influencing a target to perform a desired task or divulge information Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access Reveals vital steps for preventing social engineering threats Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.
Linux Basics for Hackers
Author | : OccupyTheWeb |
Publsiher | : No Starch Press |
Total Pages | : 248 |
Release | : 2018-12-04 |
ISBN 10 | : 159327856X |
ISBN 13 | : 9781593278564 |
Language | : EN, FR, DE, ES & NL |
This practical, tutorial-style book uses the Kali Linux distribution to teach Linux basics with a focus on how hackers would use them. Topics include Linux command line basics, filesystems, networking, BASH basics, package management, logging, and the Linux kernel and drivers. If you're getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you'll learn the basics of using the Linux operating system and acquire the tools and techniques you'll need to take control of a Linux environment. First, you'll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you'll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You'll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to: - Cover your tracks by changing your network information and manipulating the rsyslog logging utility - Write a tool to scan for network connections, and connect and listen to wireless networks - Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email - Write a bash script to scan open ports for potential targets - Use and abuse services like MySQL, Apache web server, and OpenSSH - Build your own hacking tools, such as a remote video spy camera and a password cracker Hacking is complex, and there is no single way in. Why not start at the beginning with Linux Basics for Hackers?
Table of Contents:
For the past 4 years of my life I had one goal: Pass OSCP on my first try. I started by reviewing the course syllabus and I realized there were some things that I did not know, which made me nervous to start the course. So, I went through a variety of resources until I thought I was ready to begin. This guide contains those resources and my advice to prepare for your adventure to take the PWK/OSCP!
For those of you that would like to know about my journey when I took the course and exam, you can find my earlier post here: https://www.netsecfocus.com/oscp/review/2019/01/29/An_Adventure_to_Try_Harder_Tjnulls_OSCP_Journey.html
A big shout out goes to abatchy! Without his guide I would have never started exploring for other resources. Thank you for creating your original guide: https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
I also want to thank the following people for taking the time to read this guide:
- The team at Offensive Security
This guide has been approved by Offensive Security!
Do not expect these resources to be the main thing you use for obtaining OSCP. When you are ready to take the course, you should expect the following:
- Spending a lot of time researching.
- Do not expect the admins or even other students to give you answers easily.
- Plan to make a commitment to this and have an open mindset to learning new things.
- Know your tools! There are certain tools that you cannot use for the exam. However, that does not mean you should skip over them. Take some time to understand them because you may have to use them on an actual engagement or in the field.
- Remember Offensive Security motto: TRY HARDER
Elearnsecurity Exam Guide Questions
As of now Offensive Security has restricted the following tools:
- Commercial tools or services (Metasploit Pro, Burp Pro, etc.)
- Automatic exploitation tools (e.g. db_autopwn, browser_autopwn, SQLmap, SQLninja etc.)
- Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Canvas, Core Impact, SAINT, etc.)
- Features in other tools that utilize either forbidden or restricted exam limitations
Reference: https://support.offensive-security.com/oscp-exam-guide/
Most importantly: Have fun! You will learn a lot from this course, take your time to understand the material and this guide. Do not forget to take breaks and spend time away from the electronics. Trust me you do not want to burn yourself out.
Course Syllabus:
The 2nd most important resource that I used to help me prepare for the course:https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf
From the syllabus I will breakdown each section by providing you the resources I used to prepare for the course. Once I finish going through the syllabus, I will also be providing some extra resources that came in handy. You don’t need to use this guide in order; feel free to jump around as it suits you.
- Getting Comfortable with Kali Linux
- Essential Tools in Kali
- Passive Reconnaissance
- Active Reconnaissance
- Vulnerability Scanning
- Buffer Overflows
- Working with Public Exploits
- File Transfer
- Privilege Escalation
- Client-Side Attacks
- Web Application Attacks
- Password Attacks
- Tunneling/Pivoting
- Introduction to the Metasploit Framework
- Antivirus Bypassing
Kali Linux Revealed and Online Course: A good foundational course that helped me understand more about Kali Linux and it has a nice Linux Fundamentals section as well.
- Book Link: https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf
- Online Course Link: https://kali.training/lessons/introduction/
Bash Scripting: The bash Guide: A good guide to get you into the bash scripting
Linux Journey: A huge guide to learn about a variety of different things in Linux. All the lessons are free.
Explainshell: Awesome resource that parses a variety of man pages from Ubuntu Manage Repository. It breaks down the commands you are using, but it is best to refer to the man pages if you have any questions: .
Hands on challenge to get comfortable with Linux:
- Overthewire Bandit: https://overthewire.org/wargames/bandit/
- Cmdchallenge.com: https://cmdchallenge.com/
- HackerRank Linux Shell: https://www.hackerrank.com/domains/shell
Books:
- The Linux Command Line (2nd Edition is coming soon!): https://nostarch.com/tlcl2
- Linux for Hackers: https://nostarch.com/linuxbasicsforhackers
Netcat: The TCP/IP Swiss Army tool. Experiment with this tool and understand what it does because you will be using this almost every day during the time in your course.
- SANS Netcat Cheatsheet: https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
Ncat: A better version of netcat in my opinion. Supports SSL communication and it is part of Nmap.
TCPDump: Command line base Network Analysis Tool. Very useful and good to know if you are on a system that does not have a gui interface. Here is a good cheat sheet I used for tcpdump when I needed to troubleshoot my exploits: https://www.andreafortuna.org/technology/networking/tcpdump-a-simple-cheatsheet/
- Daniel Miessler TCPDump Guide: https://danielmiessler.com/study/tcpdump/
Wireshark: GUI based Network Analysis tool. There a lot of free PCAP’s samples online that you can use to understand how Wireshark works. Be careful with downloading some of these PCAP files because they may contain malware on them :D
PCAP Samples:
- Netresec: https://www.netresec.com/?page=pcapfiles
- Malware Traffic Analysis: https://www.malware-traffic-analysis.net/
- Packettotal (Just like virustotal but for PCAP Analysis): https://packettotal.com/
Take some time to learn about these tricks and techniques. They will certainly come in handy!
Google Dorks: Using various google searches that you can find that may expose sensitive information about a target.
- SANS Google Dork Cheatsheet: https://www.sans.org/security-resources/GoogleCheatSheet.pdf
- Google Hacking Database: https://www.exploit-db.com/google-hacking-database
- Netcraft: https://netcraft.com/
Email Harvesting:
- theharvester: https://github.com/laramies/theharvester
- recon-ng: https://bitbucket.org/LaNMaSteR53/recon-ng/overview
Additional Resources: Tools I did not use in the lab but I used them for preparation and they have come in handy for other tests.
- Domaintools: http://whois.domaintools.com/
- MX Toolbox: https://mxtoolbox.com/DNSLookup.aspx
Introduction to DNS: If you do not know what DNS is or how it works, here is a great guide that I used to better understand it from Digital Ocean: https://www.digitalocean.com/community/tutorials/an-introduction-to-dns-terminology-components-and-concepts
If you think you have a good understanding of what DNS is then you will also need to understand how to perform forward and reverse lookups. In addition, you should also know how zone transfers work and how to perform them. Performing these tests will certainly help you better understand what your targets are in the lab. For more information about these techniques check out this article here: https://resources.infosecinstitute.com/dns-enumeration-techniques-in-linux/#gref
Tools for DNS Enumeration:
- Dnsrecon Created by Darkoperator: https://github.com/darkoperator/dnsrecon
Network Scanning:
Nmap: A tool that you should 100% totally learn about. You will probably use this everyday (If not most of the time while you are in the lab). I highly recommend you take some time to learn what the tool does, how each command switch works, each scanning technique you can run, and any other capabilities. Nmap is a powerful tool that has the ability to determine what hosts are online, what services they are running, what operating system is running on that host, and dozens of characteristics. In addition, one of the most powerful features that you should also learn is the Nmap Scripting Engine (NSE). With NSE scripts you have the ability automate a wide variety of networking tasks for your scans including vulnerability detection and exploitation. Here are my resources that I used to learn more about Nmap:
- Nmap Official Guide: I used this more than the man pages. I highly recommend purchasing the full book since the official guide is missing a few chapters, such as “Detecting and Subverting Firewalls and Intrusion Detection Systems”, “Optimizing Nmap Performance”, “Port Scanning Techniques and Algorithms”, “Host Discovery (Ping Scanning)”, and more. https://nmap.org/book/toc.html
- Link for Nmap Network Scanning Book (if you want to purchase it): https://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717
- SANS Nmap Cheatsheet: https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf
- Nmap Scripting Engine (NSE): https://nmap.org/book/man-nse.html
- ZephrFish Nmap Blog: https://blog.zsec.uk/nmap-rtfm/
Service Enumeration:
There are a variety of services running on so many systems…take the time to understand them! Do not just scan them and move on. Take some time to look at each of them because they could be a key for you to obtain shell access on a system!
Abatchy provided a link from 0day security that gave me a lot of ideas and things to look for that I may have missed when I skipped some the of the services in the lab. You can find that resource here: http://0daysecurity.com/penetration-testing/enumeration.html
Highoncoffee Penetration Testing Cheatsheet: https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
I did not spend too much time in this section for preparation because vulnerability scanners are simple and easy to configure. In addition, the purpose of a vulnerability scanner is to identify security holes in services or in a operating system. These scanners rely on a database that contains the necessary information needed to conduct a scan. A word of caution! Be careful when you use vulnerability scanners on your targets because there is a chance that some of the plugins or features can cause an impact to your target such as taking down that service, locking out user accounts, and even crash the system. In the syllabus the tool recommends that you use OpenVAS since it is a full-featured vulnerability scanner. However, there are other vulnerability scanners out there and I highly recommend playing with Nessus: https://www.tenable.com/products/nessus/nessus-professional
The reason why I am stating that you should use Nessus is because it is more stable on Kali Linux and it has simple straightforward interface. I also was able to use the Nessus Home key for most of my testing and to help me get more familiar with how these vulnerability scanners work. Nessus is a real popular tool for vulnerability scanning in the infosec world and I certainly encourage you to play with it!
For instructions on how to install Nessus on Kali Linux you can find it here: https://www.tenable.com/blog/getting-started-with-nessus-on-kali-linux
For obtaining a Nessus key you can grab one here: https://www.tenable.com/products/nessus-home
My favorite section to learn about! The material provided in the PWK was fantastic and really straightforward. Throughout the internet you will probably find a variety of different resources to help you understand how buffer overflows work. With that being said I will provide some of my notes and resources that helped me understand how buffer overflows.
Corelan Team: A huge shout out to these guys because their articles from information security to exploit development are absolutely incredible!They have an article they posted about Stack Based Overflows that gave me a better understanding of identifying a buffer overflow in an application:
- Part 1: https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
- Part 2: https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
Once I finished reading the articles I decided to start going through write-ups and forums where people manually identified buffer overflows in certain applications. With these walkthroughs I used Exploit-DB to check if they had the vulnerable application in many cases. I won’t provide any of these walkthroughs but I will at least provide the binaries that you can use to manually identify buffer overflows.
- Windows Binaries (Recommend that you run these on Windows 7/XP 32 bit):
- Vulnserver: https://samsclass.info/127/proj/vuln-server.htm
- Minishare 1.4.1: https://www.exploit-db.com/exploits/636
- Savant Web Server 3.1: https://www.exploit-db.com/exploits/10434
- Freefloat FTP Server 1.0: https://www.exploit-db.com/exploits/40673
- Core FTP Server 1.2: https://www.exploit-db.com/exploits/39480
Linux Binaries:
- Linux Buffer Overflow: https://samsclass.info/127/proj/lbuf1.htm
Vulnerable Boxes:
- Brainpan 1: https://www.vulnhub.com/entry/brainpan-1,51/
- Pinky’s Palace version 1: https://www.vulnhub.com/entry/pinkys-palace-v1,225/
Other Resources:
- Whitepaper Introduction to Immunity Debugger: https://www.sans.org/reading-room/whitepapers/malicious/basic-reverse-engineering-immunity-debugger-36982
- Buffer Overflows for Dummies: https://www.sans.org/reading-room/whitepapers/threats/buffer-overflows-dummies-481
- Vortex Stack Buffer Overflow Practice: https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/
- Smashing the Stack For Fun and Profit: http://www-inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf
There will come a time that you will need to use a public exploit on your target to see if you can obtain a shell on it. With that exploit you may need to modify shellcode or even parts of the exploit to match with your system to obtain a connection from your target.A word of advice:
Before you download a public exploit I would consider you take some time to review the code and understand what the exploit is suppose to actually too. If you do not understand how the code works…do some research!!! I am absolutely positive you can find proof of concepts online and walkthroughs that will explain how the exploit actually works. Not all exploits are going to work right out of the box you will need to configure them to make sure they can reach back to your attacking system. If you do not review the exploit code or make any modifications, then you are running risk that the exploit will fail, crash your target system/service, or it may allow other users to connect into the system.
Places to find exploits:
Tools for finding exploits:
- Searchsploit: a command line search tool for Exploit-DB that has a repo of Exploit Database with you.
Command Examples:
searchsploit MS-17-010
: finds all cases/exploits linked to MS17-010
searchsploit -x /usr/share/exploitdb/exploits/windows/remote/43970.rb
: The -x command switch allows you to examine the exploit code or information about the exploit. You can also upload nmap xml files to Searchsploit so it can find available exploits that match your target.
Play with some of the other command switches that Searchsploit has because it will make it much easier for you to find exploits on your kali box.
Depending on the target system you obtain access too you may not have the ability to transfer exploits or other tools you need to that system. With this being said you will need to figure out some techniques to transfer files to and from your target system. Here are a few guides I used to get a better understanding of how to transfer files onto Windows and Linux systems:
Awakened: Transfer files from Kali to the target machinehttps://awakened1712.github.io/oscp/oscp-transfer-files/
Ropnop Transferring Files from Linux to Windows (post-exploitation):https://blog.ropnop.com/transferring-files-from-kali-to-windows/
One tool that I also found interesting to transfer files on windows systems is using bitsadmin. The tool is a command-line tool that you can use to create download or upload jobs and monitor their progress. You can find examples on how to use the tool here: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/bitsadmin-examples
Another tool you can check out is Impacket. This tool contains a variety of programming classes that you can use to interact with target networks to parse raw data or you can be able to use their scripts to transfer files to or from your target host.
Also check out python modules like these:
Python -m SimpleHTTPServer 80
: Spins up a webserver in the directory you are located on port 80.Python3 -m http.server 80
: Spins up a python version 3.X web server in the directory you are located on port 80.Python -m pyftpdlib -p 21 -w
: spins up a FTP server in the directory you are located on port 21 and it allows anonymous login access.Python3 -m pyftpdlib -p 21 -w
: spins up a Python 3.X FTP server in the directory you are located on port 21 and it allows anonymous login access.
In this section you will find a lot of techniques that range from getting administrative access from a kernel exploit or through a misconfigured service. The possibilities are endless, and make sure you find the ones that will work for you. In order to get an understanding of this section I recommend applying your knowledge through Vulnhub or Hackthebox to improve your skills in this area. I know there are scripts for automating this process but at some points those scripts can miss something very important on your target that you need to escalate your privileges. Something you should keep in mind :D.
For this section I am going to break into two parts: Windows and Linux Privilege Escalation Techniques.
Windows Privilege Escalation Guides:
Fuzzysecurity Windows Privilege Escalation Fundamentals: Shout out to fuzzysec for taking the time to write this because this is an amazing guide that will help you understand Privilege escalation techniques in Windows. http://www.fuzzysecurity.com/tutorials/16.html
Pwnwiki Windows Privilege Escalation Commands: http://pwnwiki.io/#!privesc/windows/index.md
Absolomb’s Security Blog: Windows Privilege Escalation Guidehttps://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Pentest.blog: Windows Privilege Escalation Methods for Pentestershttps://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Windows Privilege Escalation Tools:
JAWS (Created by 411Hall): A cool windows enumeration script written in PowerShell. https://github.com/411Hall/JAWS/commits?author=411Hall
Windows Exploit Suggester (Created by GDSSecurity): A python script that compares target patch against Microsoft vulnerability database to detect any missing patches on the target.https://github.com/GDSSecurity/Windows-Exploit-Suggester
Windows Exploit Suggester Next Generation: https://github.com/bitsadmin/wesng
Sherlock (Created by RastaMouse): Another cool PowerShell script that finds missing software patches for local privilege escalation techniques in Windows. https://github.com/rasta-mouse/Sherlock
Other Resources for Windows Privilege Escalation Techniques: https://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194
Linux Privilege Escalation Guides: The only guide I probably ever used to help me understand privilege escalation techniques in Linux systems was from g0tmi1k post. This blog is a must that everyone should have for preparing for the OSCP in my opinion. You can find his guide here: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
GTFOBins (I have to thank Ippsec for sharing this with me): Contains a curated list of Unix binaries that that have the ability to be exploited by an attacker to bypass local security restrictions on a Linux system.https://gtfobins.github.io/
Linux Privilege Escalation Tools:
LinEnum: A great Linux privilege escalation checker that is still maintained by the guys at rebootuser.com. You can find there tool here: https://github.com/rebootuser/LinEnum
- Linux Exploit Suggester 2: https://github.com/jondonas/linux-exploit-suggester-2
One thing that I will mention is if you want to practice your Linux privilege escalation, I highly recommend you take a look at Lin.Security vulnerable box created by in.security! The box was designed to help people understand how certain applications and service that are misconfigured can be easily abused by an attacker. This box really helped me improved my privilege escalation skills and techniques on Linux systems.
- Main Link: https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/
- Backup: https://www.vulnhub.com/entry/linsecurity-1,244/
Running Client-Side Attacks usually require client interaction so it’s good to have an understanding of how this works and also how you can set one up. For instance, check out the Client Side Attack Section in Metasploit Unleashed: https://www.offensive-security.com/metasploit-unleashed/client-side-attacks/
This section is the one I spent most of time preparing for PWK and OSCP. In this section you need to understand the following web attacks:
cross-site scripting (XSS): OWASP:https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
SQL Injections: OWASP: https://www.owasp.org/index.php/SQL_Injection
Pentest Monkey SQL Cheat Sheets: http://pentestmonkey.net/category/cheat-sheet/sql-injection
File Inclusion Vulnerabilities.https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/
Tools for finding Web Vulnerabilities and conducting Web Attacks:
Burp Suite:
A popular web application vulnerability scanner that contains a variety of features and plugins to identify web vulnerabilities on certain web applications. The tool uses an interception proxy that connects to your browser to route traffic through the Burp Suite proxy client. Once the interception proxy is configured you can start capturing and analyzing each request to and from the target web application. With these’s captured requests a penetration tester can analyze, manipulate, and fuzz individual HTTP requests in order to identify potential parameters or injection points manually.
Bugcrowd University has a webinar that Jason Haddix created explaining about burp suite and how you can use it. You can find this recording here: https://www.bugcrowd.com/resource/introduction-to-burp-suite/
SQL Injection Tools: I would not recommend using these tools until you have a clear understaning about SQL Databases and how a SQL Injection works. These tools below make it easy to automate the process for conducting a SQL Injection but it is possible that they can causes issues to a targets SQL Database. Here are a list of tools that I have played with to get a better understanding of how you can automate SQL Injections:
- SQLmap: https://github.com/sqlmapproject/sqlmap/wiki/Usag
- NoSQLMap: https://github.com/codingo/NoSQLMap
- SQLNinja: http://sqlninja.sourceforge.net/
Nikto (Created by Chris Sullo): A web server scanner which performs comprehensive tests against web servers for multiple items. This tool can be able to scan for vulnerbalilities on the web application, checks for server configuration that include multiple index files, HTTP server options, and will attempt to identify installed the version of the web server, and any plugins/software that is running on it. Please keep this in mind that this tool is can be very noisy when scanning a targets web server.
Link: https://cirt.net/Nikto2
- Web Directory Scanners:
These tools are designed to brute force site structure including directories and files in websites. These tools can be able to identify hidden directory scrtuctures or webpages that can come in handy when you are in the labs or during your assessment.
- Dirsearch: https://github.com/maurosoria/dirsearch
- Dirbuster: https://tools.kali.org/web-applications/dirbuster
- Gobuster: https://github.com/OJ/gobuster
- Wfuzz: https://github.com/xmendez/wfuzz
Hands on areas to improve your web attack skills:
- Metasploitable 2: Contains Vulnerable Web Services such as Multidae and the Damn Vulnerable Web App (DVWA) that you can use to improve your web skills.
Link to download the machine: https://metasploit.help.rapid7.com/docs/metasploitable-2
Backup Link: https://www.vulnhub.com/entry/metasploitable-2,29/
Exploitability Guide: https://metasploit.help.rapid7.com/docs/metasploitable-2-exploitability-guide
OWASP Juice Shop: Another vulnerable web application that contains a variety of challenges to improve your web skills. https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
Overthewire Natas: A set of wargame challenges that are web base that you will need to complete in order to move to the next round. I really enjoyed their challenges when I did them! http://overthewire.org/wargames/natas/
Other resources: Hack This Site: https://www.hackthissite.org/
In this section you need to understand the basics of password attacks. Identify the differences between Windows (NTLM) hashes and Linux hashes. In addition, you will also need to understand the different tools that you can use to conduct online and offline password attacks. Here is a list of resources that I have used that helped me better understand how password cracking works:
Introduction to Password Cracking: https://alexandreborgesbrazil.files.wordpress.com/2013/08/introduction_to_password_cracking_part_1.pdf
Elearnsecurity Exam Guide Exams
Offline Tools for Password Cracking:
Hashcat: https://hashcat.net/hashcat/ Sample Hashes to test with Hashcat: https://hashcat.net/wiki/doku.php?id=example_hashes
- John the Ripper: https://www.openwall.com/john/
- Metasploit Unleashed using John the Ripper with Hashdump: https://www.offensive-security.com/metasploit-unleashed/john-ripper/
Online Tools for Password Cracking:
- THC Hydra: https://github.com/vanhauser-thc/thc-hydra
- Medusa: http://h.foofus.net/?page_id=51
Wordlist generators:
- Cewl: https://digi.ninja/projects/cewl.php
- Crunch: https://tools.kali.org/password-attacks/crunch
Wordlists:
- In Kali: /usr/share/wordlists
- Seclists: apt-get install seclists You can find all of his password lists here: https://github.com/danielmiessler/SecLists/tree/master/Passwords
Online Password Crackers:
I usually went for these first to see if they had the hash cracked in their database. However, don’t use these online crackers as your main tools for everything. Uploading a hash from an engagement can be a huge risk so make sure you use your offline tools to crack those types of hashes. Here is a list of online hash crackers that I found online that you can use to crack hashes:
Other Resources for Password Cracking:
- Pwning Wordpress Passwords: https://medium.com/bugbountywriteup/pwning-wordpress-passwords-2caf12216956
Depending on your scope, some of the machines may not be directly accessible. There are systems out there that are dual homed, which allow you to connect into an internal network. You will need to know some of these techniques in order to obtain access into there non-public networks:
- Abatchy’s Port Forwarding Guide: https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide
- Windows Port Forwarding: http://woshub.com/port-forwarding-in-windows/
- SSH Tunneling Explained: https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/
- Understanding Proxy Tunnels: https://www.offensive-security.com/metasploit-unleashed/proxytunnels/
- Understanding Port forwarding with Metasploit: https://www.offensive-security.com/metasploit-unleashed/portfwd/
- Explore Hidden Networks with Double Pivoting: https://pentest.blog/explore-hidden-networks-with-double-pivoting/
- 0xdf hacks stuff. Pivoting and Tunneling: https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html
Tools to help you with Port Forwarding and Pivoting:
- Proxychains: https://github.com/haad/proxychains
- Proxychains-ng: https://github.com/rofl0r/proxychains-ng
- SSHuttle (Totally Recommend learning this): https://github.com/sshuttle/sshuttle
- SSHuttle Documentation: https://sshuttle.readthedocs.io/en/stable/
Vulnerable systems to practice pivoting:
- Wintermute: https://www.vulnhub.com/entry/wintermute-1,239/
The only guide that I used to learn more about Metasploit is Offensive Security Metasploit Unleashed course…which is free!https://www.offensive-security.com/metasploit-unleashed/
Other Resources: Metasploit The Penetration Tester’s Guide (A super awesome book to read): https://nostarch.com/metasploit
Msfvenom Cheat Sheets:
I did not spend too much time learning about this section since Metasploit encodes it payloads to bypass most anti-virus (well older versions at least). The course is pretty straight forward in this section.
Tools to play with Anti-Virus evasion:Veil-Framework: https://github.com/Veil-Framework/Veil
This concludes the resources I have used that helped me understand the course syllabus. Now I will share with you some tips and extra resources that I used during my preparation for the PWK/OSCP.
The course recommends that you are using VMware products to run the custom Kali Linux image that they have created. Windows users can purchase VMware Workstation or use their free program VMware Player. As for MAC Users you will need to use VMware Fusion. If you would like to download the custom Kali Linux System for the PWK you can find it here:
Keep in mind that Offensive Security does update their images from time to time. Personally, I only used their image for completing the lab exercises and I had a separate Kali Linux image that I customized to use for the labs and exam.
Another virtual machine I created was a Windows 7 32-bit system to spin up any vulnerable applications I needed to debug or to check if I could obtain a shell from them. You could also create a Windows 7 64-bit system as well but some of 32-bit applications may not work properly as they would on an actual 32-bit system. This practice is great to implement in case you are stuck on a windows system that is running a service that for some reason you cannot obtain a shell on.
I know I stated theses before but I am going to reiterate this:
OverTheWire Bandit:A good set of fun Linux challenges to get yourself familiarizes with bash and Linux. Abatchys walkthrough really helped me here:
- Bandit 1-5: https://www.abatchy.com/2016/10/overthewire-bandit-0-5
- Bandit 6-10: https://www.abatchy.com/2016/10/overthewire-bandit-6-10
- Bandit 11-15: https://www.abatchy.com/2016/10/overthewire-bandit-11-15
- Bandit 16-20: https://www.abatchy.com/2016/10/overthewire-bandit-16-20
- Bandit 21-26: https://www.abatchy.com/2016/10/overthewire-bandit-21-24
OverTheWire Natas: A good set of simple web application challenges. These challenges will help you understand the basics you need to identify issues in web applications. Check out this walkthrough here: https://infamoussyn.wordpress.com/2014/02/05/overthewire-natas-level-0-16-writeup-updated/
UndertheWire: Probably my favorite place for challenges because they contain a huge set of PowerShell challenges. You can find their challenges here: http://www.underthewire.tech/wargames.htm
Root-me.org: A huge place that has challenges for almost everything in cybersecurity. For instance, you will see challenges in the following areas:
- Network Forensics (Packet Analysis, Captured Traffic, Network Services)
- Programming (C, PHP, Java, Shell-coding)
- Reverse Engineering (disassemble applications)
- Web Applications and Client Challenges.
- Forensic Challenges.
Spend a few minutes going through some of these!
SANS Holiday Hack Challenges: https://www.holidayhackchallenge.com/past-challenges/
I know some of you are reading this are probably skeptical on why I added this…well to be honest the cybersecurity careers that we are in are not a normal 7am-3pm job…it is a lifestyle. I understand for many of us that it is hard to set some time to do all of the things in this field and that is totally OK! If you have the time or if you already can, set some time out of your busy schedule to do a CTF. Go ahead and hack all of the things that many of these CTFs provide as challenges. Trust me you will learn some cool things in a CTF that not even a class may be able to teach you. Personally, competing in CTFs did help me in this course and also it gave me a better understanding of what things I should be looking for instead of jumping into rabbit holes!
Also do not be scared to compete in a CTF if it is your first time! Everyone has to start somewhere in their journey you just have to keep pushing forward. So, go out there and find some CTFs whether they are local to you or online make some time and have confidence in doing them.
If you cannot find any local CTFs check out CTFTime for online competitions that you can participate in. A lot of the cyber competitions in the past few years really helped me build my skills and I still go out once in awhile to find a CTF to compete in for fun 😊.
A great place to practice your skills and to make some possible profit as well! There are many bug bounty programs like Bugcrowd and Hackerone that you can participate for free. If you have never participated in bug bounty before check out Bugcrowd University as they provide a vast amount of material and resources to help you get started: https://www.bugcrowd.com/university/
Boot-to-Root Vulnerable Machines! These machines are excellent to help you build your skills for pentesting. There are places where you can download them and run them on your system to begin practice or places where you can connect to their range and start hacking into the targets they have. Most of them result in obtaining root or Administrative/System level access in the end. Personally, my two favorite places are Hackthebox and Vulnhub.
Hackthebox:
An online penetration testing platform that contains a variety of machines to help you improve your penetration testing skills. For those who have not gone through the registration you will need to pass a challenge to generate yourself an activation code. Once you have generated your activation code, then you will have the ability to access their range. In the free tier you are allowed to play with the 20 active machines they have and they cycle a new system in the range every week and retire an old one there as well. If you want to access to their retired machines you will have to get VIP access. It is a very affordable in my opinion, and worth it to invest in. If you do not have the funds to invest into Hackthebox, do not worry because you can certainly find these walkthroughs online (once the boxes are retired). One place I would definitely recommend to look at is IppSec Hackthebox Walkthroughs on YouTube! I love watching his videos because he goes through step by step on how to obtain access onto the target and how to escalate your privileges to obtain root access. Each box has a different scenario and IppSec always has something extra to throw in when he is doing his walkthroughs.
With that being said I created a list of all of boxes that I did in Hackthebox that I thought were OSCP Like. You can find them here and also check out IppSec playlist he created from the list I recommended to start watching!
I will continue to be updating this list in the future, and if you would like to keep it around you can find it here and on NetSecFocus: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=1839402159
HTB Boxes to Prepare for OSCP (Youtube Playlist): https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf
I want to give a huge thanks to ch4p and g0blin for starting Hackthebox! I am glad that I got to talk to you guys and I am grateful that we were able to help you guys out. I look forward to seeing you guys grow and will soon submit a box for you guys in the future!
Vulnhub:
Just like Hackthebox, except you have to download the vulnerable machines and run them on your local system. You will need VMware or VirtualBox (I recommend VMware workstation) to run these vulnerable systems. Please make sure that you are running these vulnerable systems on an isolated network and not on a public network.
Thanks to g0tmi1k and his team for hosting this site and to the creators who submit these vulnerable machines. I have also created a list of vulnhub machines that I have found to be OSCP-Like as well. You can find them here and on NetSecFocus:
I will continue to update this list and if you would like a copy for review you can certainly find it here: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=0
Rooting Vulnerable Machines is extremely important when you are preparing for PWK/OSCP because you can’t depend on theoretical knowledge to pass. Improving your hands-on skills will play a huge key role when you are tackling these machines.
Elearnsecurity Exam Guide 2020
As of August 15th, 2018, all OSCP exams have a proctored exam. This means that a student will be monitored by an Offensive Security staff member through a screen sharing and webcam service. If you would like to learn more about this new proctoring process you can find it here: https://www.offensive-security.com/offsec/proctoring/Before I took my exam, I had to go through a variety of things to make sure I was prepared to take my 1st attempt. Even with my preparation, I lost 30 mins of my actual exam time due to troubleshooting the applications for the proctor on my end. With that being said, here are my tips to help you guys prepare for the proctoring section when you are ready to take the exam:
- Make sure your system is able to meet the software/hardware requirements that offensive security provides in order to run these services. You can find that information here: https://support.offensive-security.com/proctoring-faq/
- Test your webcam to make sure it works. If you do not have a webcam for your system you can also use a spare laptop that has a webcam and connect the webcam session onto that system.
- The ScreenConnect application needs to be running on your main system that you will be using to connect to your exam.
- You can use multiple monitors for the exam. Keep in mind that the proctor must be able to see them and that they are connected to your system. The proctor will notify you about how many screens they see and you will need to confirm them with the number monitors you are using. If you use a system that has a monitor and it is not connected to the ScreenConnect application, then you will not be able to use that monitor for the exam.
- Be prepared and log into your webcam and screenconnect sessions 30 mins before your exam.
- Proctors cannot provide any assistance during the exam.
- You can take breaks, a nap, or grab a cup of coffee during your exam. Just make sure you notify the proctor when you leave and when you return for your exam.
- Also be dressed for your exam. I think that is pretty simple to understand why.
For any other questions you may have you can check out Offensive Security FAQ for Proctored Exams here: https://www.offensive-security.com/faq/
NetSecFocus Learning Resources:
Books:
- Kali Linux Revealed: https://www.kali.org/download-kali-linux-revealed-book/
- Attacking Network Protocols: https://nostarch.com/networkprotocols
- Red Team Field Manual: https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504
- Hash-Crack-Password-Cracking-Manual v3: https://www.amazon.com/Hash-Crack-Password-Cracking-Manual/dp/1793458618
- The Hacker Playbook Series: https://securepla.net/hacker-playbook/
- The Web Application Hacker Handbook: http://mdsec.net/wahh/
- Violent Python: https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
- Black Hat Python: https://nostarch.com/blackhatpython
Courses that can help you prepare for OSCP:
eLearnSecurity: eLearnSecurity offers affordable security training and a large amount of labs that you can practice in their hera lab network. They have their own certifications as well that you can take. These are the following courses that I took to help me prepare for OSCP.
- Penetration Testing Student (PTS): https://www.elearnsecurity.com/course/penetration_testing_student/
- Penetration Testing Professional (PTP): https://www.elearnsecurity.com/course/penetration_testing/
- Web Application Penetration Testing (WAPT): https://www.elearnsecurity.com/course/web_application_penetration_testing/
SANS:SANS provides a wide variety of information security courses. Each of their courses are taught by very smart instructors who have been in this field for a very long time. However, these courses can be expensive if you are unable to get someone to pay for them. You can also try to apply for the SANS workforce training as well to be able to take their courses at a discount. I have taken most of the SANS course and I feel that the following courses below really helped me get a better understanding of what Pentesting is like in the actual field. Here are the courses that I would recommend if you are looking to prepare for OSCP.
- SANS 560: https://www.sans.org/course/network-penetration-testing-ethical-hacking
- SANS 542: https://www.sans.org/course/web-app-penetration-testing-ethical-hacking
Pentesterlabs: A lot of web app pentesting material in this course: https://pentesterlab.com/
Pentester Academy: https://www.pentesteracademy.com/topics
Other OSCP guides:
Other Links:
Elearnsecurity Exam Guide Exam
Welcome! You have arrived to the end of this journey (well not your OSCP journey if you decide to pursue it!). If you read this entire guide, I certainly give you props for doing so. If you read only parts of it, then I still give you props because the main thing that is important to me is that you learned something from it! I hope you are able to use my guide in your OSCP journey and are able to learn some new things, just like I did when I started mine. If this guide was able to help you let me know I want your feedback for sure. I thanked a lot of people for helping me with my journey in this guide and I want to thank them again for their time and contributions for helping me learn and grow in the cyber-security field. If anyone has any questions about this guide or feedback please let me know as you can reach out to me on twitter or on NetSecFocus!
-TJNullTwitter: https://twitter.com/TJ_Null
Github: https://github.com/tjnull
Netsec Focus: Tjnull
Hackthebox Discord AMA: https://www.youtube.com/watch?v=41DIav25Mp4
Bugcrowd: https://www.bugcrowd.com/researcher-spotlight-ambassador-tony-aka-tj-null/
P.S: Considering this journey as an extra mile, I am going to have to insist at this point for you to…… Try Harder! -Offensive Security