Hacking and Networks
Practical Ethical Hacking
The following blog posts are notes that I have taken while I was working through TCM Sec Academy’s “Practical Ethical Hacking” course. The list has the same struture as the course, but the notes reflect my own preferences. I have left out or shortened stuff that I knew already, and I may add additional information from other sources over time. Just reading my notes is surely no substitute for taking the course.
The first half of the course is available free of charge on youtube.
Notekeeping
Networking Refresher
Introduction to Linux
Introduction to Python
The Hacker Methodology
Information Gathering (Reconnaissance)
- An Overview of Passive Recon(naissance)
- Identifying Our Target
- Discovering Email Adresses
- Gathering Breached Credentials with Breach-Parse
- Hunting Breached Credentials with DeHashed
- Hunting Subdomains (Parts 1 and 2)
- Identifying Website Technologies
- Information Gathering with Burp Suite
- Google Fu
- Utilizing Social Media
Scanning & Enumeration
- Installing Kioptrix
- Scanning with Nmap
- Enumerating HTTP and HTTPS
- Enumerating SMB
- Enumerating SSH
- Researching Potential Vulnerabilities
Vulnerability Scanning with Nessus
Exploitation Basics
Other
SQL Injection
- https://www.geeksforgeeks.org/authentication-bypass-using-sql-injection-on-login-page/
- https://www.hackingarticles.in/beginner-guide-sql-injection-part-1/
- https://www.tutorialspoint.com/sqlite/sqlite_injection.htm
- https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-prevent-sql-injection-attacks/
- https://www.exploit-db.com/papers/17934
- https://portswigger.net/web-security/reference/obfuscating-attacks-using-encodings
- https://websec.ca/kb/sql_injection
- https://bobby-tables.com/
Reverse Engineering
Python Vulnerabilities