During the last months I have been taking the course Introduction to Hacking of the Hack4u platform. This course oriented in a fundamentally practical way has more than 50h of content and in my case, I have done more than 100h of practice.

Although I thought I had a basic level thanks to the courses I had done previously, this course has opened my eyes and made me understand how vast and deep the world of cybersecurity is and that I am just skimming the tip of the iceberg.
Even though the name of the course makes it seem like a small thing, I have learned a lot of concepts and techniques.

In my opinion, it is an excellent course to get you started in the world of cybersecurity, since the concepts are explained in a very clear and understandable way. However, it is required to have at least an intermediate level of Linux.

Below you can see the course content:

Basic Concepts

  • IP addresses (IPV4 and IPV6)
  • MAC addresses (OUI and NIC)
  • Common protocols (UDP, TCP) and the famous Three-Way Handshake
  • The OSI model – What is it and how is network activity structured in layers?
  • Subnetting – What is a subnet mask and how is it interpreted?
  • Subnetting – CIDRs and total host computation
  • Subnetting – Subnet masks, class types and interpreting network prefixes
  • Subnetting – Interpretation of network ranges that the client offers us to audit
  • Subnetting – Strange networks and special cases
  • TIPS on subnetting and fast addressing calculation in networks

Recognition

  • Nmap and its different scanning modes
  • Firewall evasion techniques (MTU, Data Length, Source Port, Decoy, etc.)
  • Using nmap scripts and categories to apply reconnaissance
  • Creating your own Lua scripts for nmap
  • Alternatives for port enumeration using file descriptors
  • Discovering hosts on the local network (ARP and ICMP) and Tips
  • Target validation (Setting a target in HackerOne)
  • Email discovery
  • Image recognition
  • Subdomain enumeration
  • Credentials and security breaches
  • Identification of technologies on a web page
  • Fuzzing and file enumeration on a web server
  • Google Dorks / Google Hacking (18 most used Dorks)
  • Identification and external verification of operating system version

Configuring local labs in Docker

  • Introduction to Docker
  • Installing Docker on Linux
  • Defining the basic Dockerfile structure
  • Creating and building images
  • Loading instructions in Docker and deploying our first container
  • Common commands for container management
  • Port Forwarding in Docker and using mounts
  • Deploying vulnerable machines with Docker-Compose
  • Docker Quiz

Enumeration of common services and content managers

  • Enumeration of the FTP service
  • SSH service enumeration
  • HTTP and HTTPS service enumeration
  • Enumeration of SMB service
  • Enumeration of Content Management Systems (CMS) – WordPress
  • Enumeration of Content Management Systems (CMS) – Joomla
  • List of Content Management Systems (CMS) – Drupal
  • Enumeration of Content Management Systems (CMS) – Magento
  • Note taking with Obsidian

Basic concepts of enumeration and exploitation

  • Introduction to vulnerability exploitation
  • Reverse Shells, Bind Shells and Forward Shells
  • Types of payloads (Staged and Non-Staged)
  • Types of exploits (Manual and Automated)
  • System Enumeration
  • Introduction to BurpSuite
  • OWASP TOP 10 and Web Vulnerabilities
  • SQL Injection (SQLI)
  • Cross-Site Scripting (XSS)
  • XML External Entity Injection (XXE)
  • XML External Entity Injection (XXE)
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Log Poisoning (LFI -> RCE)
  • Cross-Site Request Forgery (CSRF)
  • Server-Side Request Forgery (SSRF)
  • Server-Side Template Injection (SSTI)
  • Client-Side Template Injection (CSTI)
  • Padding Oracle Attack (Padding Oracle)
  • Type Juggling Attack
  • NoSQL Injections
  • LDAP Injections
  • Deserialization Attacks
  • LaTeX Injections
  • API Abuse
  • File Upload Abuse
  • Prototype Pollution
  • Full Zone Transfer Attacks (AXFR)
  • Mass-Asignment Attack / Parameter Binding Attacks
  • Open Redirect
  • Enumeration and exploitation of WebDAV
  • Enumeration and exploitation of SQUID Proxies
  • ShellShock Attack
  • XPath Injections
  • Insecure Direct Object Reference (IDORs)
  • Cross-origin resource sharing (CORS)
  • SQL Truncation attack (SQL Truncation)
  • Session Puzzling / Session Fixation / Session Variable Overloading
  • Enumeration and exploitation of Json Web Tokens (JWT)
  • Race Condition
  • CSS Injections (CSSI)
  • Python – Yaml Deserialization Attack (DES-Yaml)
  • Python – Deserialization Pickle Attack (DES-Pickle)
  • GraphQL Introspection, Mutations and IDORs

Privilege escalation techniques

  • Abusing privileges at the Sudoer level
  • SUID privilege abuse
  • Cron task detection and exploitation
  • PATH Hijacking
  • Python Library Hijacking
  • Abusing incorrectly implemented permissions
  • Capabilities detection and exploitation
  • Kernel Exploitation
  • Abuse of special user groups
  • Abuse of internal system services
  • Abuse of specific binaries
  • Dynamically Linked Shared Object Library Hijacking
  • Docker Breakout

Buffer overflow

  • Introduction to Buffer Overflow
  • Setting up our test lab and installing Immunity Debugger
  • Initial Fuzzing phase and taking control of the EIP register
  • Shellcode space allocation
  • Generating Bytearrays and detecting Badchars
  • Searching for OpCodes to enter the ESP and load our Shellcode
  • Use of NOPs, stack offsets and Shellcode interpretation to achieve RCE
  • Modifying the Shellcode to control the command you want to run
  • Exploiting a new binary to reinforce what we have learned
  • Operating and manually creating Shellcodes

Additional Material

  • Introduction to Metasploit
  • Introduction to SQLMap
  • Introduction to Pivoting

Reporting and report writing

  • Creating a professional report in LaTeX