CNIT 124
Advanced Ethical Hacking

Fall 2012 Sam Bowne

Scores

Schedule · Lecture Notes · Projects · Links · Home Page

Catalog Description

Advanced techniques of defeating computer security, and countermeasures to protect Windows and Unix/Linux systems. Hands-on labs include Google hacking, automated footprinting, sophisticated ping and port scans, privilege escalation, attacks against telephone and Voice over Internet Protocol (VoIP) systems, routers, firewalls, wireless devices, Web servers, and Denial of Service attacks.

Prerequisites: CNIT 123.

Upon successful completion of this course, the student will be able to:

Use Google and automated footprinting tools to locate vulnerable Web servers, passwords, open VNC servers, database passwords, and Nessus reports
Perform sophisticated ping and port scans with several tools, and protect servers from the scans
Enumerate resources on systems using banner-grabbing and specific attacks against common Windows and Unix/Linux services including FTP, Telnet, HTTP, DNS, and many others, and protect those services
Use authenticated and unauthenticated attacks to compromise Windows and Unix/Linux systems and install backdoors and remote-control agents on them, and protect the systems from such attacks
Enter networks through analog phone systems, defeating many authentication techniques, and defend networks from such attacks
Penetrate PBX, voicemail, Virtual Private Network (VPN), and Voice over Internet Protocol (VoIP) systems, and defend them
Perform new wireless attacks, including denial-of-service and cracking networks using Wi-Fi Protected Access (WPA) and WPA-2
Identify firewalls and scan through them
Perform classical and modern Denial of Service (DoS) attacks, and defend networks from them
Locate Web server vulnerabilities, exploit them, and cure them
Describe many ways Internet users are attacked through their browsers and other Internet clients, and the protective measures that can help them

Textbook

Hacking Exposed, Seventh Edition by Stuart McClure, Joel Scambray, and George Kurtz -- ISBN-10: 0071780289 (Available Aug. 3, 2012) Buy from Amazon

Schedule
Date	Quiz	Topic
Sat 8-18		Ch 1: Footprinting
Sat 8-25		Ch 2: Scanning
*Fri 8-31*	*Last Day to Add Classes*
*Sat 9-1*	*Holiday - No Class*
Sat 9-8	Quiz on Ch 1 & 2 Proj 1 &2 due	Ch 3: Enumeration
Sat 9-15	Quiz on Ch 3 Proj 3 & 4 due	4: Hacking Windows (part 1)
Sat 9-22	No Quiz Proj 5 due	Ch 4: Hacking Windows (part 2)
Sat 9-29	Quiz on Ch 4 Proj 6 & 7 due	Ch 5: Hacking Unix/Linux
Sat 10-6	Quiz Ch 5 Proj 8 & 9 due	Ch 6: Cybercrime and APTs)
Sat 10-13	Quiz on Ch 6 Proj 10 & 11 due	Ch 7: Remote Connectivity and VoIP
Sat 10-20	Quiz on Ch 7 Proj 12 due	Ch 8: Wireless Hacking
Sat 10-27	Quiz on Ch 8 Proj 13 due	Ch 9: Hacking Hardware
Sat 11-3	Quiz on Ch 9 No Proj due	Ch 10: Web and Database Hacking
*Sat 11-10*	*Holiday - No Class*
Mon, Nov 12 - Wed, Nov 14	gogoNET LIVE! 3 conference at San Jose State University (extra credit)
Tue 11-13		Wardriving 6 PM SCIE 200 (20 pts. extra credit)
*Thu 11-15*	*Last Day to Withdraw*
Sat 11-17	Quiz on Ch 10 Proj 14 & 15 due	Ch 11: Mobile Hacking
*Sat 11-24*	*Holiday - No Class*
Sat 12-1		Guest Speaker: Matt Linton, NASA Ames Winner of 2012 National Cybersecurity Innovation Award No Quiz, no Project due
Sat 12-8	Class cancelled for BayThreat Proj 16 due; All Extra Credit Proj due
Sat 12-15		*Final Exam*

Back to Top

Lectures
Policy
Student Agreement
Code of Ethics
Ch 1: Footprinting PPT Ch 2: Scanning PPT Ch 3: Enumeration PPT Ch 4: Hacking Windows PPT Ch 5: Hacking UNIX PPT Ch 6: Cybercrime and APTs PPT Ch 7: Remote Connectivity and VoIP PPT Ch 8: Wireless Hacking PPT Ch 9: Hacking Hardware PPT Ch 10: Web and Database Hacking PPT Ch 11: Mobile Hacking PPT

Back to Top

Projects (may be revised)
Proj 1: HTTP Headers (15 pts) Proj 2: Tamper Data (20 pts) Proj 3: Protecting Apache with modsecurity (15 pts) Proj 4: Snort (15 pts) Proj 5: fwknop: Single Packet Authorization (20 pts) Proj 6: Encrypting an Image in ECB and CBC Modes (15 pts.) SQL Injection Projects Proj 7: SQLol (20 pts) Proj 8: Havij (10 pts) Proj 9: sqlmap (10 pts) Proj 10: Fixing a SQL Injection Vulnerability (10 pts) Proj 11: Fixing MySQL with Parameterized Queries (10 pts.) Proj 12: Linux Password Hashes (15 pts.) Proj 13: OpenVPN on Linux (15 pts.) Proj 14: Breaking into Gmail with CSRF using Hamster & Ferret on BackTrack 5 (15 pts.) Proj 15: ARP Poisoning to Hack Gmail on Switched Networks (15 pts.) Proj 16: Stealing Cookies with Persistent XSS (10 pts.) Extra Credit Projects Proj 1x: Independent Project (variable points) Proj 2x: Ubuntu Virtual Server on Amazon Web Services (15 pts.) Proj 3x: Microsoft Azure (15 pts.) Proj 4x: Setting Up an IPSec L2TP VPN server on Ubuntu (15 pts.) Proj 5x: Calculating NTLM Hashes (10 pts.) More Projects are coming, of course

Projects (may be revised)

Proj 1: HTTP Headers (15 pts)
Proj 2: Tamper Data (20 pts)
Proj 3: Protecting Apache with modsecurity (15 pts)
Proj 4: Snort (15 pts)
Proj 5: fwknop: Single Packet Authorization (20 pts)
Proj 6: Encrypting an Image in ECB and CBC Modes (15 pts.)

SQL Injection Projects
Proj 7: SQLol (20 pts)
Proj 8: Havij (10 pts)
Proj 9: sqlmap (10 pts)
Proj 10: Fixing a SQL Injection Vulnerability (10 pts)
Proj 11: Fixing MySQL with Parameterized Queries (10 pts.)
Proj 12: Linux Password Hashes (15 pts.)
Proj 13: OpenVPN on Linux (15 pts.)
Proj 14: Breaking into Gmail with CSRF using Hamster & Ferret on BackTrack 5 (15 pts.)
Proj 15: ARP Poisoning to Hack Gmail on Switched Networks (15 pts.)
Proj 16: Stealing Cookies with Persistent XSS (10 pts.)

Extra Credit Projects

Proj 1x: Independent Project (variable points)
Proj 2x: Ubuntu Virtual Server on Amazon Web Services (15 pts.)
Proj 3x: Microsoft Azure (15 pts.)
Proj 4x: Setting Up an IPSec L2TP VPN server on Ubuntu (15 pts.)
Proj 5x: Calculating NTLM Hashes (10 pts.)

More Projects are coming, of course

Back to Top

Links
Links CEH Certification Resources CEH Tips CEH: Certified Ethical Hacker - Taking the Exam CEH: Practice Exams CEH: TechExams -- Certified Ethical Hacker (CEH) exam EC-Council - Certified Ethical Hacker (312-50) Practice Exam - This is the one I used Links for Chapter Lectures Ch 4a: Metasploit Module Search Page Ch 4b: How to get started with writing an exploit for Metasploit Ch 4c: Msfconsole one-liner example Ch 4d: Scanner HTTP Auxiliary Modules - Metasploit Unleashed Ch 4e: Metasploit: The New Metasploit Browser Autopwn:... Ch 4f: Simple Take Over of Windows Server 2008 via ms09-050 Ch 5a: DNS Request Types Ch 5b: 10 Linux DIG Command Examples for DNS Lookup Ch 5c: Open Resolver Project Ch 5d: Public DNS Server List Ch 5e: DNS AXFR scan data Ch 5f: DNS Hacking (Beginner to Advanced) - InfoSec Resources Ch 5g Wildcard DNS record - Wikipedia Ch 5h: Network tools for every sys admin Ch 5i: The Strange History of Port 0 Ch 7a: HowToDecrypt802.11 - The Wireshark Wiki Ch 7b: security - WEP/WPA/WPA2 and wifi sniffing - Server Fault Ch 7c: Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2) Ch 7d: Details of Key Derivation for WPA Ch 8a: An Improved Reflective DLL Injection Technique Ch 8b: DLL injection - Wikipedia Ch 8c: Windows DLL Injection Basics--Clear Explanation with Good Figures Ch 8d: stephenfewer/ReflectiveDLLInjection -- Code from 2013 Ch 8e: Using Cadaver as a WebDAV Client Ch 8f: WebDAV - Wikipedia Ch 8g: helper: webdav xampp (= 1.7.3 default credentials Ch 8h: How To Install and Secure phpMyAdmin on Ubuntu 14.04 Ch 8i: Docker Internals - Google Slides Ch 8j: Docker: Understand the architecture Ch 8k: Docker vs Virtualization Ch 8l: UnionFS - Wikipedia Ch 8m: Docker Hub Ch 8o: Docker Container Breakout Proof-of-Concept Exploit \| Docker Blog Ch 8p: The Docker exploit and the security of containers \| Xen Project Blog Ch 8q: Docker breakout: brute-forcing a 32-bit number! Ch 8r: Docker security Ch 8s: Docker Addresses More Security Issues and Outlines "Pluggable" Approach Ch 8t: Dump Windows password hashes efficiently Ch 8u: Recovering Windows 7 Registry Hives/Files Ch 8v: How To Install Bkhive on Kali 2 Ch 8w: Transferring files from Kali to Windows (post exploitation) Ch 9a: Yahoo Mail eliminates passwords as part of a major redesign (Oct., 2015) Ch 9b: Teen says he hacked CIA director\'s AOL account (Oct., 2015) Ch 9c: Packetstorm Wordlists for password cracking Ch 9d: Openwall wordlists collection for password recovery, password cracking, and password strength checking Ch 9e: Why passwords have never been weakerand crackers have never been stronger (2012) Ch 9f: "thereisnofatebutwhatwemake"Turbo-charged cracking comes to long passwords (2013) Ch 9g: Cracking 16 Character Strong passwords in less than an hour (2013) Ch 9h: How the Bible and YouTube are fueling the next frontier of password cracking (2013) Ch 10a: Adobe Reader Metasploit Modules Ch 10b: CCSF Application Form (pdf) Ch 10b: CCSF Application (pdf, can be poisoned with Metasploit) Ch 11a: Update Social Engineering Toolkit on Kali Linux - YouTube Ch 12a: Notepad Plus Plus Download Ch 12b: VirusTotal - Free Online Virus, Malware and URL Scanner Ch 12c: How to Evade AV Detection with Veil-Evasion Ch 13a: Post-Mortem of a Metasploit Framework Bug Ch 13b: Post Exploitation Using NetNTLM Downgrade Attacks Ch 13c: Mount shadow volumes on disk images - ForensicsWiki Ch 13d Shell is coming ...: Metasploit: Getting outbound filtering rules by tracerouting Ch 13e: 5 Step To Capture Windows User Login Using Metasploit Keylogger Ch 13f: Windows Capture Winlogon Lockout Credential Keylogger \| Rapid7 Ch 13g: Metasploit: Capturing Windows Logons with Smartlocker Ch 13h: Windows 8.1 stops pass-the-hash attacks Ch 13i: Pass-the-Hash is Dead: Long Live Pass-the-Hash Ch 13j: Using claims-based access control for compliance and information governance (2011) Ch 13k: Windows Internals - showing token structure Ch 13l: Access token stealing Ch 13m: Access Tokens (Windows) Ch 13n: What's in a Token (Part 2): Impersonation - TechNet Blogs Ch 13o: Fun with Incognito - Metasploit Unleashed Ch 13s: PSExec Demystified Ch 13t: 4 Ways to Capture NTLM Hashes in Network Ch 13p: Excellent explanation of NTLMv2 Ch 13q: NTLMv2 cracking speed estimates Ch 13r: Fast Introduction to SOCKS Proxy - EtherealMind Ch 15a: HowToDecrypt802.11 - The Wireshark Wiki Ch 15b: WPA 4-way handshake - Wireshark Q&A Miscellaneous Links Learn Python the Hard Way Fuzzing for SQL injection with Burp Suite Intruder - USE FOR PROJECTS Pythonista on the App Store on iTunes -- INTERESTING FOR PROJECTS Pythonista: Using pipista to install modules How to Build a DNS Packet Sniffer with Scapy and Python Bypassing Antivirus with Shellter 4.0 on Kali Linux -- GOOD 124 PROJECT Online JavaScript beautifier -- deobfuscates code! -- IMPORTANT FOR MALWARE ANALYSIS Android Security: Adding Tampering Detection to Your App Old Links PwnWiki.io -- USEFUL RED TEAM TIPS Hacking Secret Ciphers With Python (Free E-Book) Introduction to Cryptography Video Lessons by Christof Paar - YouTube Cryptography Textbook Slides RSA is 100x slower than AES (figures 9-13) How to Create a Bootable Ubuntu USB Drive, for Mac, in OS X EDB (Evan's Debugger) Alternatives and Similar Software - AlternativeTo.net How to install 32 bit software on a 64 bit Kali Linux system How to Reverse Engineering with Radare2 -- INTERESTING FOR PROJECTS OSCP study material : Georgia Weidman's book recommended A book for those interested in PWK/OSCP -- Georgia Weidman's book recommended Scapy Documents Metasploitable 2 Exploitability Guide \| Rapid7 Metasploitable 2 enumeration - Hacking Tutorials Metasploitable 2 vulnerability assessment - Hacking Tutorials Running Metasploitable2 on VirtualBox The Kali Linux Certified Professional \| Kali Linux Monitor Apache Web Server Using Mod_status -- WORKS ON UBUNTU Understanding Python's "with" statement PSExec for Lateral Movement Unable to Contact IP Driver, error code 5 Windows 2008 Server hosted on Vmware How to Make a Domain User the Local Administrator for all PCs Post-Exploitation in Windows: From Local Admin To Domain Admin (efficiently) \| pentestmonkey Pass-the-hash attacks: Tools and Mitigation (2010) PSExec Pass the Hash - Metasploit Unleashed How to download a file using windows command line mouse pointer is offset up and to the left -- VMware Communities -- USEFUL TROUBLESHOOTING The "SYSTEM" challenge -- Decoder's Blog Attack Methods for Gaining Domain Admin Rights in Active Directory Penetration Testing in Active Directory using Metasploit (Part 2) Attack Simulation: from No Access to Domain Admin Exploit MS17-010 vulnerability on Windows Server 2012/2016 using Metasploit and TheFatRat - YouTube HOW TO EXPLOIT ETERNALROMANCE/SYNERGY TO GET A METERPRETER SESSION ON WINDOWS SERVER 2016 Eternalromance: Exploiting Windows Server 2003 - Hacking Tutorials Network access: Named Pipes that can be accessed anonymously A Red Teamer's guide to pivoting Privilege Escalation - Metasploit Unleashed VMware Fix: Windows cannot find the Microsoft Software License Terms Meter your Ethernet connection in Windows 10 Metasploit: Module database cache not built yet, using slow search -- HANDY FIX RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation Pwning with Responder - USE IN PROJECT Gladius: Automatic Responder Cracking Seeing the unseen characters with cat! How to see hidden characters..... \| Unix Metasploit privilege escalation with udev virtual machine - Guest OS resolution (text too small) in vmware workstation 12 player metasploit - How do you send a 64 bit meterpreter stager? Locating Those Nasty Passwords in Group Policy Preferences Using PowerShell Ubuntu Apache Default MaxKeepAliveRequests is 100 Enable SSH on Kali Linux Enable SSH on Kali Linux -- Doctor Chaos The Easiest Metasploit Guide You’ll Ever Read -- MANY GOOD PROJECTS HERE Transferring files from Kali to Windows (post exploitation) Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)--GOOD FOR PROJECTS AND OSCP My First Go with BloodHound Windows Password Hashes: LM, NTLM, Net-NTLMv2, oh my! RPC_ENUM - RID Cycling Attack - TrustedSec -- Recommended by @J0hnnyXm4s CrackMapExec: post-exploitation for large Active Directory networks -- Recommended by @J0hnnyXm4s InitString / evil-ssdp Spoof SSDP replies to phish for credentials and NetNTLM challenge/response Seth: Perform a MitM attack and extract clear text credentials from RDP connections Multiple Ways to Get root through Writable File Setup of AD Penetration Lab ifconfig - How can I display eth0's IP address at the login screen on Precise Server? - Ask Ubuntu Privilege Escalation & Post-Exploitation Resources -- VERY USEFUL Multiple Ways to Bypass UAC using Metasploit Passing OSCP OSCP Journey: Exam & Lab Prep Tips ntroducing the Metasploit Vulnerable Service Emulator Installing Python 3 on Mac OS X -- The Hitchhiker's Guide to Python Pipenv & Virtual Environments -- The Hitchhiker's Guide to Python SSH on Kali New Unsorted Links Ch 5j: Zone Transfer Test Online \| HackerTarget.com When target machine dont have "nc" installed ? Don't forget there is "Whois" Malware writing - Python malware The Journey to Try Harder: TJnull's Preparation Guide for PWK/OSCP Modifying Empire to Evade Windows Defender :: Mike Gualtieri Transferring files from Kali to Windows (post exploitation)--VERY USEFUL Ricochet Security Assessment Public Report public-pentesting-reports Metasploit Cheat Sheet - Comparitech HTB boxes similar to the OSCP : oscp OSCP Practice -- Hack The Box :: Forums How to Pass OSCP Like Boss. - Parth Desani - Medium How I Passed the OSCP on the First Try My journey to pass OSCP in 3 months - NetOSec Linking provided by Blogrolling

Links

CEH Certification Resources
CEH Tips
CEH: Certified Ethical Hacker - Taking the Exam
CEH: Practice Exams
CEH: TechExams -- Certified Ethical Hacker (CEH) exam
EC-Council - Certified Ethical Hacker (312-50) Practice Exam - This is the one I used

Links for Chapter Lectures
Ch 4a: Metasploit Module Search Page
Ch 4b: How to get started with writing an exploit for Metasploit
Ch 4c: Msfconsole one-liner example
Ch 4d: Scanner HTTP Auxiliary Modules - Metasploit Unleashed
Ch 4e: Metasploit: The New Metasploit Browser Autopwn:...
Ch 4f: Simple Take Over of Windows Server 2008 via ms09-050

Ch 5a: DNS Request Types
Ch 5b: 10 Linux DIG Command Examples for DNS Lookup
Ch 5c: Open Resolver Project
Ch 5d: Public DNS Server List
Ch 5e: DNS AXFR scan data
Ch 5f: DNS Hacking (Beginner to Advanced) - InfoSec Resources
Ch 5g Wildcard DNS record - Wikipedia
Ch 5h: Network tools for every sys admin
Ch 5i: The Strange History of Port 0

Ch 7a: HowToDecrypt802.11 - The Wireshark Wiki
Ch 7b: security - WEP/WPA/WPA2 and wifi sniffing - Server Fault
Ch 7c: Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2)
Ch 7d: Details of Key Derivation for WPA

Ch 8a: An Improved Reflective DLL Injection Technique
Ch 8b: DLL injection - Wikipedia
Ch 8c: Windows DLL Injection Basics--Clear Explanation with Good Figures
Ch 8d: stephenfewer/ReflectiveDLLInjection -- Code from 2013
Ch 8e: Using Cadaver as a WebDAV Client
Ch 8f: WebDAV - Wikipedia
Ch 8g: helper: webdav xampp (= 1.7.3 default credentials
Ch 8h: How To Install and Secure phpMyAdmin on Ubuntu 14.04
Ch 8i: Docker Internals - Google Slides
Ch 8j: Docker: Understand the architecture
Ch 8k: Docker vs Virtualization
Ch 8l: UnionFS - Wikipedia
Ch 8m: Docker Hub
Ch 8o: Docker Container Breakout Proof-of-Concept Exploit | Docker Blog
Ch 8p: The Docker exploit and the security of containers | Xen Project Blog
Ch 8q: Docker breakout: brute-forcing a 32-bit number!
Ch 8r: Docker security
Ch 8s: Docker Addresses More Security Issues and Outlines "Pluggable" Approach
Ch 8t: Dump Windows password hashes efficiently
Ch 8u: Recovering Windows 7 Registry Hives/Files
Ch 8v: How To Install Bkhive on Kali 2
Ch 8w: Transferring files from Kali to Windows (post exploitation)

Ch 9a: Yahoo Mail eliminates passwords as part of a major redesign (Oct., 2015)
Ch 9b: Teen says he hacked CIA director\'s AOL account (Oct., 2015)
Ch 9c: Packetstorm Wordlists for password cracking
Ch 9d: Openwall wordlists collection for password recovery, password cracking, and password strength checking
Ch 9e: Why passwords have never been weakerand crackers have never been stronger (2012)
Ch 9f: "thereisnofatebutwhatwemake"Turbo-charged cracking comes to long passwords (2013)
Ch 9g: Cracking 16 Character Strong passwords in less than an hour (2013)
Ch 9h: How the Bible and YouTube are fueling the next frontier of password cracking (2013)

Ch 10a: Adobe Reader Metasploit Modules
Ch 10b: CCSF Application Form (pdf)
Ch 10b: CCSF Application (pdf, can be poisoned with Metasploit)

Ch 11a: Update Social Engineering Toolkit on Kali Linux - YouTube

Ch 12a: Notepad Plus Plus Download
Ch 12b: VirusTotal - Free Online Virus, Malware and URL Scanner
Ch 12c: How to Evade AV Detection with Veil-Evasion

Ch 13a: Post-Mortem of a Metasploit Framework Bug
Ch 13b: Post Exploitation Using NetNTLM Downgrade Attacks
Ch 13c: Mount shadow volumes on disk images - ForensicsWiki
Ch 13d Shell is coming ...: Metasploit: Getting outbound filtering rules by tracerouting
Ch 13e: 5 Step To Capture Windows User Login Using Metasploit Keylogger
Ch 13f: Windows Capture Winlogon Lockout Credential Keylogger | Rapid7
Ch 13g: Metasploit: Capturing Windows Logons with Smartlocker
Ch 13h: Windows 8.1 stops pass-the-hash attacks
Ch 13i: Pass-the-Hash is Dead: Long Live Pass-the-Hash
Ch 13j: Using claims-based access control for compliance and information governance (2011)
Ch 13k: Windows Internals - showing token structure
Ch 13l: Access token stealing
Ch 13m: Access Tokens (Windows)
Ch 13n: What's in a Token (Part 2): Impersonation - TechNet Blogs
Ch 13o: Fun with Incognito - Metasploit Unleashed
Ch 13s: PSExec Demystified
Ch 13t: 4 Ways to Capture NTLM Hashes in Network
Ch 13p: Excellent explanation of NTLMv2
Ch 13q: NTLMv2 cracking speed estimates
Ch 13r: Fast Introduction to SOCKS Proxy - EtherealMind
Ch 15a: HowToDecrypt802.11 - The Wireshark Wiki
Ch 15b: WPA 4-way handshake - Wireshark Q&A

Miscellaneous Links
Learn Python the Hard Way
Fuzzing for SQL injection with Burp Suite Intruder - USE FOR PROJECTS
Pythonista on the App Store on iTunes -- INTERESTING FOR PROJECTS
Pythonista: Using pipista to install modules
How to Build a DNS Packet Sniffer with Scapy and Python
Bypassing Antivirus with Shellter 4.0 on Kali Linux -- GOOD 124 PROJECT
Online JavaScript beautifier -- deobfuscates code! -- IMPORTANT FOR MALWARE ANALYSIS
Android Security: Adding Tampering Detection to Your App

Old Links
PwnWiki.io -- USEFUL RED TEAM TIPS
Hacking Secret Ciphers With Python (Free E-Book)
Introduction to Cryptography Video Lessons by Christof Paar - YouTube
Cryptography Textbook Slides
RSA is 100x slower than AES (figures 9-13)
How to Create a Bootable Ubuntu USB Drive, for Mac, in OS X
EDB (Evan's Debugger) Alternatives and Similar Software - AlternativeTo.net
How to install 32 bit software on a 64 bit Kali Linux system
How to Reverse Engineering with Radare2 -- INTERESTING FOR PROJECTS
OSCP study material : Georgia Weidman's book recommended
A book for those interested in PWK/OSCP -- Georgia Weidman's book recommended
Scapy Documents
Metasploitable 2 Exploitability Guide | Rapid7
Metasploitable 2 enumeration - Hacking Tutorials
Metasploitable 2 vulnerability assessment - Hacking Tutorials
Running Metasploitable2 on VirtualBox
The Kali Linux Certified Professional | Kali Linux
Monitor Apache Web Server Using Mod_status -- WORKS ON UBUNTU
Understanding Python's "with" statement
PSExec for Lateral Movement
Unable to Contact IP Driver, error code 5 Windows 2008 Server hosted on Vmware
How to Make a Domain User the Local Administrator for all PCs
Post-Exploitation in Windows: From Local Admin To Domain Admin (efficiently) | pentestmonkey
Pass-the-hash attacks: Tools and Mitigation (2010)
PSExec Pass the Hash - Metasploit Unleashed
How to download a file using windows command line
mouse pointer is offset up and to the left -- VMware Communities -- USEFUL TROUBLESHOOTING
The "SYSTEM" challenge -- Decoder's Blog
Attack Methods for Gaining Domain Admin Rights in Active Directory
Penetration Testing in Active Directory using Metasploit (Part 2)
Attack Simulation: from No Access to Domain Admin
Exploit MS17-010 vulnerability on Windows Server 2012/2016 using Metasploit and TheFatRat - YouTube
HOW TO EXPLOIT ETERNALROMANCE/SYNERGY TO GET A METERPRETER SESSION ON WINDOWS SERVER 2016
Eternalromance: Exploiting Windows Server 2003 - Hacking Tutorials
Network access: Named Pipes that can be accessed anonymously
A Red Teamer's guide to pivoting
Privilege Escalation - Metasploit Unleashed
VMware Fix: Windows cannot find the Microsoft Software License Terms
Meter your Ethernet connection in Windows 10
Metasploit: Module database cache not built yet, using slow search -- HANDY FIX
RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation
Pwning with Responder - USE IN PROJECT
Gladius: Automatic Responder Cracking
Seeing the unseen characters with cat!
How to see hidden characters..... | Unix
Metasploit privilege escalation with udev
virtual machine - Guest OS resolution (text too small) in vmware workstation 12 player
metasploit - How do you send a 64 bit meterpreter stager?
Locating Those Nasty Passwords in Group Policy Preferences Using PowerShell
Ubuntu Apache Default MaxKeepAliveRequests is 100
Enable SSH on Kali Linux Enable SSH on Kali Linux -- Doctor Chaos
The Easiest Metasploit Guide You’ll Ever Read -- MANY GOOD PROJECTS HERE
Transferring files from Kali to Windows (post exploitation)
Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)--GOOD FOR PROJECTS AND OSCP
My First Go with BloodHound
Windows Password Hashes: LM, NTLM, Net-NTLMv2, oh my!
RPC_ENUM - RID Cycling Attack - TrustedSec -- Recommended by @J0hnnyXm4s
CrackMapExec: post-exploitation for large Active Directory networks -- Recommended by @J0hnnyXm4s
InitString / evil-ssdp Spoof SSDP replies to phish for credentials and NetNTLM challenge/response
Seth: Perform a MitM attack and extract clear text credentials from RDP connections
Multiple Ways to Get root through Writable File
Setup of AD Penetration Lab
ifconfig - How can I display eth0's IP address at the login screen on Precise Server? - Ask Ubuntu
Privilege Escalation & Post-Exploitation Resources -- VERY USEFUL
Multiple Ways to Bypass UAC using Metasploit
Passing OSCP
OSCP Journey: Exam & Lab Prep Tips
ntroducing the Metasploit Vulnerable Service Emulator
Installing Python 3 on Mac OS X -- The Hitchhiker's Guide to Python
Pipenv & Virtual Environments -- The Hitchhiker's Guide to Python
SSH on Kali

New Unsorted Links
Ch 5j: Zone Transfer Test Online | HackerTarget.com
When target machine dont have "nc" installed ? Don't forget there is "Whois"
Malware writing - Python malware
The Journey to Try Harder: TJnull's Preparation Guide for PWK/OSCP
Modifying Empire to Evade Windows Defender :: Mike Gualtieri
Transferring files from Kali to Windows (post exploitation)--VERY USEFUL
Ricochet Security Assessment Public Report
public-pentesting-reports
Metasploit Cheat Sheet - Comparitech
HTB boxes similar to the OSCP : oscp
OSCP Practice -- Hack The Box :: Forums
How to Pass OSCP Like Boss. - Parth Desani - Medium
How I Passed the OSCP on the First Try
My journey to pass OSCP in 3 months - NetOSec

Linking provided by Blogrolling

Back to Top

Last Updated: 8 am 12-4-12

CNIT 124Advanced Ethical Hacking

Fall 2012 Sam Bowne

Scores

Schedule · Lecture Notes · Projects · Links · Home Page

Catalog Description

Textbook

Schedule

Lectures

Projects (may be revised)

SQL Injection Projects

Extra Credit Projects

More Projects are coming, of course

Links

Links

CEH Certification Resources

Links for Chapter Lectures

Miscellaneous Links

Old Links

New Unsorted Links

CNIT 124
Advanced Ethical Hacking