# Practical Ethical Hacking

## Networking Refresher

I used my own notes on these subjects, added some of Heaths notes.

[Networking](/networking.md) - [TCP, UDP, 3-Way Handshake](/networking/3-way-handshake.md) - [OSI Model](/networking/osi-model.md) - [Common Ports](/networking/common-ports-and-protocols.md) - [Subnetting](/networking/subnetting.md)

## Intro to Linux

### Lab Setup

The previous section was setting up Kali, [I've done this prior](/lab-setup/kali-vm.md) so I skipped this section.

I used the [pre-made VM](https://www.kali.org/get-kali/#kali-virtual-machines) (using [7-Zip](https://www.7-zip.org/download.html) to extract it) using the VMWare Pro software.

### Intro to Linux

[I've worked with Linux prior to this](/linux.md), so I have my own notes on these sections as well:

[Common Commands](/linux/common-commands.md) - [Permissions](/linux/permissions.md) - [Sudo](/linux/sudo.md) - [Files and File contents](broken://pages/PDQNnE0sPv6Uo5RSKneW)

### Scripting with Bash

{% file src="/files/D2gUx3vEVvYsysY1Qw76" %}

## Intro to Python

{% file src="/files/lGT6o4pDghuUcgrZZDyO" %}

## The Ethical Hacker Methodology

{% file src="/files/qZ6LqIbmVhgBOCsuul7g" %}

## Information Gathering (Reconnaissance)

I have a section on [OSINT](/osint.md) and [OSINT tools/methods](/osint/osint-tools.md) here.

{% file src="/files/jC69Mf8cUw8XaOyb7F9p" %}

## Scanning and Enumeration

As I have worked with these tools prior, I have other notes here as well.

[Nmap](broken://pages/t58tVHvNE7B0YE9CplwY) - [Dirb/Dirbuster](broken://pages/73dyQbNelo8jyezZxP4h) - [GoBuster](broken://pages/Z1pf47H3Okq0RzlT25Ip) - [Metasploit](broken://pages/F3w4jNZ4X2fG2Q3z9w8I)

{% file src="/files/24vtihxuQkNqHiwKI04e" %}

## Vuln Scanning with Nessus

As I have worked with Nessus prior, my notes in general can be found [here](broken://pages/Lb84SFFtdmb9W4bNpEUo).

{% file src="/files/TwabUa1ja6VGZ2QJkAEY" %}

## Exploitation Basics

{% file src="/files/Dl3MjImFqGe92VVELWZT" %}

## New Capstone

{% file src="/files/Jw8R91hwxgeJ5Z6OVTJ0" %}

{% file src="/files/kVCvEpq4Vx01olLbJ3E1" %}

For Dev I did need to change the VM settings to NAT and run `dhclient` to get an IP.

{% file src="/files/ZXmdEdRCaFNNCVd0OBn0" %}

{% file src="/files/m32eTXupx2P1IW5weskj" %}

For Black Pearl I did need to change the VM settings to NAT and run `dhclient` to get an IP.

{% file src="/files/qZ8xFrB1Eh6iW51PuMl5" %}

## Introduction to Exploit Development (Buffer Overflows)

{% file src="/files/vAgCpv632ZPeTi89bZCU" %}

## Active Directory Overview

{% file src="/files/1o5HjD8aS9OZ1xf4bpjS" %}

For their lab you will need roughly:

* 1x Win Server
* 2x Windows Workstations
* 60GB Disk Space
* 16GB RAM

There is a Cloud Alternative by Kamran Bilgrami that can be found here: [Building Free Active Directory Lab in Azure](https://kamran-bilgrami.medium.com/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f)

I have done this in the past so my notes and setup can be found: [Lab Setup](/lab-setup.md)

[Windows Server VM](/lab-setup/windows-server-vm.md) - [Windows User VM](/lab-setup/windows-user-vm.md)

## Attacking AD: Initial Attack Vectors

{% file src="/files/Zjgf4TElqGZkZysaHUcL" %}

## Attacking Active Directory: Post-Compromise Enumeration

{% file src="/files/SNCNzig58Ecx1D1GdVsU" %}

## Attacking Active Directory: Post-Compromise Attacks

{% file src="/files/y4JVoVQbZHVR0er41Ouu" %}

## We've Compromised the Domain - Now What?

{% file src="/files/8oa14sNZShdHiiNgjDdD" %}

## Additional Active Directory Attacks

{% file src="/files/wkpoJaFAWw5gUkc3hxpW" %}

## Active Directory Case Studies

He goes over Blog posts about case studies about pentests.

* [You spent how much on security?](https://tcm-sec.com/pentest-tales-001-you-spent-how-much-on-security/)
* [Digging Deep](https://tcm-sec.com/pentest-tales-002-digging-deep)

## Post Exploitation

{% file src="/files/lWDXJDJZceO35TiUEgQe" %}

## Web Application Enumeration, Revisited

{% file src="/files/JX8xMJIR7IuQycLydDPt" %}

## Find & Exploit Common Web Vulnerabilities

COMING SOON


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cybersec.th4ntis.com/courses/pnpt/practical-ethical-hacking.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.