SEC 335 Home - Oliver-Mustoe/Oliver-Mustoe-Tech-Journal GitHub Wiki
This is my landing page for SEC-335, where you will find the following:
Taken from course Canvas:
Operating Systems and Internet-based applications are common sources of security breaches. Students will learn about the information security flaws in
software systems, vulnerabilities inherent in common network services, ways to secure Internet servers and services, and increasing security awareness in
organizations. Students will also learn the methodologies and tools used to probe networks for vulnerabilities and propose solutions. Hands-on activities
will give the necessary background to assess security. Scenarios will provide opportunities to discuss security, ethics, and incident response.
Below is a dropdown with chronological details about each week in SEC-335
- Took notes in SEC-335-W1-Notes
- Participated in class activity about ethical hacking rules
- Worked on default formatting for this and other high level classes github pages
- Completed Assignment 1.2 - Kali VM (links to technical documentation of assignment)
- Learned about rules of engagement from NASA and what "War Dialing" is
- Took notes in SEC-335-W2-Notes
- Took specific notes on Passive_Recon
- Learned how to perform OSINT on a local, medium size company
- Learned about Host Discovery in Activity 2.1 - Host Discovery
- Learned how to make my own port scanner in Lab 2.1 - Port Scanning 1
-
- Also learned about pseudo-device files
- Created a page for Dedicated NMAP commands and techniques page
- Learned more about port scanning, specifically with nmap, in Lab 2.2 - Port Scanning 2
-
- Also include commands for changing local password as well as RDP enabling
- Overall, learned a lot about nmap and how powerful of a tool it is
- As there was no lecture or required reading, I did not really take any notes (outside of the labs)
- Learned about DNS enumeration in Class Activity 3.1 - DNS Enumeration
- Learned that nslookup uses UDP by default
-
- And the “-vc” flag "Specifies to use a virtual circuit (TCP connection) to transport queries to the name server or datagrams (UDP)." - IBM
- Did not take lecture notes (Activity covers the concepts)
- Complete my first engagement with the vulnerable machine "cupcake" in Activity 4.1 - Exploiting Cupcake
- Learned about hacking laws
- Learned how to perform password guessing in Lab 5.1: Password-Guessing
- Learned about how to get into single user mode (and change root's password in the process!!!!) in Assignment 5.1 - Breaking into Kali
- Learned how to perform password cracking in Lab 6.1 Password Cracking - Linux
- Learned about webshells
- Exploited the host "Pippin" in Lab 7.1 - Exploiting Pippin
- Made a home testing lab in the assignment Assignment F.1 - Home Pentesting Lab
- Explored the Weevly webshell in Lab 8.1 - Weevely
- Explored reverse webshells in Lab 8.2 - Reverse Shells
- Use SQL injection to exploit a target "gloin" in Lab 9.2 - Exploiting Gloin
- Learned about Linux permission Vulnerabilities in Lab 10.1 - Linux - Permission Vulnerabilities
- Exploited the target Nancurinir in Lab 10.2 - Exploiting Nancurinir
- Learned how to use Metasploit in Lab 11.1 - The Metasploit Framework
Below are resources for tools that I found helpful while completing assignments (in the dropdown)
Passwords guessing & cracking (cewl, rsmangler, hydra, JtR, hashcat, content on /etc/shadow and passwd)
Below is curated technical journals that cover tools related to password guessing and cracking (shows workflow aswell):
Below are journal pages for technical assignments ordered first to last in order of completion:
- Assignment 1.2 - Kali VM
- Activity 2.1 - Host Discovery
- Lab 2.1 - Port Scanning 1
- Lab 2.2 - Port Scanning 2
- Class Activity 3.1 - DNS Enumeration
- Activity 4.1 - Exploiting Cupcake
- Lab 5.1: Password-Guessing
- Assignment 5.1 - Breaking into Kali
- Lab 6.1 Password Cracking - Linux
- Lab 7.1 - Exploiting Pippin
- Assignment F.1 - Home Pentesting Lab
- Lab 8.1 - Weevely
- Lab 8.2 - Reverse Shells
- Lab 9.2 - Exploiting Gloin
- Lab 10.1 - Linux - Permission Vulnerabilities
- Lab 10.2 - Exploiting Nancurinir
- Lab 11.1 - The Metasploit Framework