During the last months I have been taking the course Introduction to Hacking of the Hack4u platform. This course oriented in a fundamentally practical way has more than 50h of content and in my case, I have done more than 100h of practice.
Although I thought I had a basic level thanks to the courses I had done previously, this course has opened my eyes and made me understand how vast and deep the world of cybersecurity is and that I am just skimming the tip of the iceberg.
Even though the name of the course makes it seem like a small thing, I have learned a lot of concepts and techniques.
In my opinion, it is an excellent course to get you started in the world of cybersecurity, since the concepts are explained in a very clear and understandable way. However, it is required to have at least an intermediate level of Linux.
Below you can see the course content:
Basic Concepts
- IP addresses (IPV4 and IPV6)
- MAC addresses (OUI and NIC)
- Common protocols (UDP, TCP) and the famous Three-Way Handshake
- The OSI model – What is it and how is network activity structured in layers?
- Subnetting – What is a subnet mask and how is it interpreted?
- Subnetting – CIDRs and total host computation
- Subnetting – Subnet masks, class types and interpreting network prefixes
- Subnetting – Interpretation of network ranges that the client offers us to audit
- Subnetting – Strange networks and special cases
- TIPS on subnetting and fast addressing calculation in networks
Recognition
- Nmap and its different scanning modes
- Firewall evasion techniques (MTU, Data Length, Source Port, Decoy, etc.)
- Using nmap scripts and categories to apply reconnaissance
- Creating your own Lua scripts for nmap
- Alternatives for port enumeration using file descriptors
- Discovering hosts on the local network (ARP and ICMP) and Tips
- Target validation (Setting a target in HackerOne)
- Email discovery
- Image recognition
- Subdomain enumeration
- Credentials and security breaches
- Identification of technologies on a web page
- Fuzzing and file enumeration on a web server
- Google Dorks / Google Hacking (18 most used Dorks)
- Identification and external verification of operating system version
Configuring local labs in Docker
- Introduction to Docker
- Installing Docker on Linux
- Defining the basic Dockerfile structure
- Creating and building images
- Loading instructions in Docker and deploying our first container
- Common commands for container management
- Port Forwarding in Docker and using mounts
- Deploying vulnerable machines with Docker-Compose
- Docker Quiz
Enumeration of common services and content managers
- Enumeration of the FTP service
- SSH service enumeration
- HTTP and HTTPS service enumeration
- Enumeration of SMB service
- Enumeration of Content Management Systems (CMS) – WordPress
- Enumeration of Content Management Systems (CMS) – Joomla
- List of Content Management Systems (CMS) – Drupal
- Enumeration of Content Management Systems (CMS) – Magento
- Note taking with Obsidian
Basic concepts of enumeration and exploitation
- Introduction to vulnerability exploitation
- Reverse Shells, Bind Shells and Forward Shells
- Types of payloads (Staged and Non-Staged)
- Types of exploits (Manual and Automated)
- System Enumeration
- Introduction to BurpSuite
- OWASP TOP 10 and Web Vulnerabilities
- SQL Injection (SQLI)
- Cross-Site Scripting (XSS)
- XML External Entity Injection (XXE)
- XML External Entity Injection (XXE)
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- Log Poisoning (LFI -> RCE)
- Cross-Site Request Forgery (CSRF)
- Server-Side Request Forgery (SSRF)
- Server-Side Template Injection (SSTI)
- Client-Side Template Injection (CSTI)
- Padding Oracle Attack (Padding Oracle)
- Type Juggling Attack
- NoSQL Injections
- LDAP Injections
- Deserialization Attacks
- LaTeX Injections
- API Abuse
- File Upload Abuse
- Prototype Pollution
- Full Zone Transfer Attacks (AXFR)
- Mass-Asignment Attack / Parameter Binding Attacks
- Open Redirect
- Enumeration and exploitation of WebDAV
- Enumeration and exploitation of SQUID Proxies
- ShellShock Attack
- XPath Injections
- Insecure Direct Object Reference (IDORs)
- Cross-origin resource sharing (CORS)
- SQL Truncation attack (SQL Truncation)
- Session Puzzling / Session Fixation / Session Variable Overloading
- Enumeration and exploitation of Json Web Tokens (JWT)
- Race Condition
- CSS Injections (CSSI)
- Python – Yaml Deserialization Attack (DES-Yaml)
- Python – Deserialization Pickle Attack (DES-Pickle)
- GraphQL Introspection, Mutations and IDORs
Privilege escalation techniques
- Abusing privileges at the Sudoer level
- SUID privilege abuse
- Cron task detection and exploitation
- PATH Hijacking
- Python Library Hijacking
- Abusing incorrectly implemented permissions
- Capabilities detection and exploitation
- Kernel Exploitation
- Abuse of special user groups
- Abuse of internal system services
- Abuse of specific binaries
- Dynamically Linked Shared Object Library Hijacking
- Docker Breakout
Buffer overflow
- Introduction to Buffer Overflow
- Setting up our test lab and installing Immunity Debugger
- Initial Fuzzing phase and taking control of the EIP register
- Shellcode space allocation
- Generating Bytearrays and detecting Badchars
- Searching for OpCodes to enter the ESP and load our Shellcode
- Use of NOPs, stack offsets and Shellcode interpretation to achieve RCE
- Modifying the Shellcode to control the command you want to run
- Exploiting a new binary to reinforce what we have learned
- Operating and manually creating Shellcodes
Additional Material
- Introduction to Metasploit
- Introduction to SQLMap
- Introduction to Pivoting
Reporting and report writing
- Creating a professional report in LaTeX