# Practical Ethical Hacking ## Networking Refresher I used my own notes on these subjects, added some of Heaths notes. [Networking](https://cybersec.th4ntis.com/networking) - [TCP, UDP, 3-Way Handshake](https://cybersec.th4ntis.com/networking/3-way-handshake) - [OSI Model](https://cybersec.th4ntis.com/networking/osi-model) - [Common Ports](https://cybersec.th4ntis.com/networking/common-ports-and-protocols) - [Subnetting](https://cybersec.th4ntis.com/networking/subnetting) ## Intro to Linux ### Lab Setup The previous section was setting up Kali, [I've done this prior](https://cybersec.th4ntis.com/lab-setup/kali-vm) so I skipped this section. I used the [pre-made VM](https://www.kali.org/get-kali/#kali-virtual-machines) (using [7-Zip](https://www.7-zip.org/download.html) to extract it) using the VMWare Pro software. ### Intro to Linux [I've worked with Linux prior to this](https://cybersec.th4ntis.com/linux), so I have my own notes on these sections as well: [Common Commands](https://cybersec.th4ntis.com/linux/common-commands) - [Permissions](https://cybersec.th4ntis.com/linux/permissions) - [Sudo](https://cybersec.th4ntis.com/linux/sudo) - [Files and File contents](https://cybersec.th4ntis.com/courses/pnpt/broken-reference) ### Scripting with Bash {% file src="" %} ## Intro to Python {% file src="" %} ## The Ethical Hacker Methodology {% file src="" %} ## Information Gathering (Reconnaissance) I have a section on [OSINT](https://cybersec.th4ntis.com/osint) and [OSINT tools/methods](https://cybersec.th4ntis.com/osint/osint-tools) here. {% file src="" %} ## Scanning and Enumeration As I have worked with these tools prior, I have other notes here as well. [Nmap](https://cybersec.th4ntis.com/courses/pnpt/broken-reference) - [Dirb/Dirbuster](https://cybersec.th4ntis.com/courses/pnpt/broken-reference) - [GoBuster](https://cybersec.th4ntis.com/courses/pnpt/broken-reference) - [Metasploit](https://cybersec.th4ntis.com/courses/pnpt/broken-reference) {% file src="" %} ## Vuln Scanning with Nessus As I have worked with Nessus prior, my notes in general can be found [here](https://cybersec.th4ntis.com/courses/pnpt/broken-reference). {% file src="" %} ## Exploitation Basics {% file src="" %} ## New Capstone {% file src="" %} {% file src="" %} For Dev I did need to change the VM settings to NAT and run `dhclient` to get an IP. {% file src="" %} {% file src="" %} For Black Pearl I did need to change the VM settings to NAT and run `dhclient` to get an IP. {% file src="" %} ## Introduction to Exploit Development (Buffer Overflows) {% file src="" %} ## Active Directory Overview {% file src="" %} For their lab you will need roughly: * 1x Win Server * 2x Windows Workstations * 60GB Disk Space * 16GB RAM There is a Cloud Alternative by Kamran Bilgrami that can be found here: [Building Free Active Directory Lab in Azure](https://kamran-bilgrami.medium.com/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f) I have done this in the past so my notes and setup can be found: [Lab Setup](https://cybersec.th4ntis.com/lab-setup) [Windows Server VM](https://cybersec.th4ntis.com/lab-setup/windows-server-vm) - [Windows User VM](https://cybersec.th4ntis.com/lab-setup/windows-user-vm) ## Attacking AD: Initial Attack Vectors {% file src="" %} ## Attacking Active Directory: Post-Compromise Enumeration {% file src="" %} ## Attacking Active Directory: Post-Compromise Attacks {% file src="" %} ## We've Compromised the Domain - Now What? {% file src="" %} ## Additional Active Directory Attacks {% file src="" %} ## Active Directory Case Studies He goes over Blog posts about case studies about pentests. * [You spent how much on security?](https://tcm-sec.com/pentest-tales-001-you-spent-how-much-on-security/) * [Digging Deep](https://tcm-sec.com/pentest-tales-002-digging-deep) ## Post Exploitation {% file src="" %} ## Web Application Enumeration, Revisited {% file src="" %} ## Find & Exploit Common Web Vulnerabilities COMING SOON