Ethical Hacking Course

I’ve been teaching about Information Security for the last two months in Cáceres, Spain. The first month was about Security Courses on Networks and Systems and the second month was about Ethical Hacking. It has been rewarding because, although most material was got from my daily job, I’ve had to read, learn and test many tools and attacks to be able to show and explain everything clearly, which I really like. Therefore, I’m going to write an overview about what we have been learning for the last month in the Ethical Hacking Course.

The first day of the course, we were talking about ethics and cybersecurity, which is very important if we don’t want to be punished or going to the jail. We also spoke about many tools and techniques to audit information systems for the first week like Hping, Nmap, Wireshark, Tcpdump, Network Miner, etc. In addition, we had time for the first week to see and explain latest important vulnerabilities like Heartbleed, Apache Struts and Shellshock as well as testing with vulnerabilities assessment systems like Greenbone and OpenVAS into Kali Linux and OSSIM.

Shellshock vulnerability
The second week was loaded of intrusion techniques. First, we were playing with ARP Spoofing attacks to make MITM attacks and sniffing traffic with Wireshark. We also used Cain & Abel to steal passwords as well as we learnt about IP Spoofing and Session Hijacking. What’s more, students liked Armitage to attack easily, which was tested against Metasploitable. In addition, we were also learning about information gathering and footprinting where we installed and tested tools like Anubis, FOCA, Maltego and Nslookup.

Session Hijacking
Once students knew basic concepts about Ethical Hacking, we started the third week with advanced concepts like Domain Generation Algorithms (DGA) to bypass blacklists and domain reputation systems, and we also talked about the DNS technique called Fast-Flux to hide C&C servers. We were also talking about Open Source Intelligence (OSINT) and the power of search engines, where we used many filters into the Google Search Engine, and we also searched into IoT sources like Shodan, Censys and ZoomEye.

Fast-Flux Network
We were installing and testing many tools for the third week. For instance, we also used lots of network scanners like zmap, fping and zenmap. Moreover, we were talking about the Smurf Attack and we also made social engineering attacks with Social-Engineering Toolkit (SET) where we launched a Windows Powershell attack and we cloned webpages for phishing attacks. In addition, password cracking was another unit for the third week where we learnt how to use bruteforce tools like THC Hydra, John the Ripper and CeWL.

Smurf Attack
For the end of the course, the forth week, we made labs about pivoting with SSH tunnels to route traffic through a compromised host to hack an internal server, and we also created a backdoor for Android systems. This course got to the end speaking about OWASP – Top 10 and Web Application Vulnerabilities, as well as speaking about cracking WPA wireless passwords and DoS Attacks.

SSH Pivoting
Regards my friends and I hope to see you in the next Information Security course.