TCM Security - Practical Ethical Hacker Course
As I am pursuing ethical hacking/penetration testing roles, I decided to enroll into TCM and complete their pathway in preparation to take their PNPT cert in the future.
So far it has been a great learning experience, the layout, material, and video instructions are great. It is also really helpful for a detailed note taker, like myself, as I can pause, jot down notes, practice in my VM, and then continue on with the lesson.
I am halfway through the course right now, however, I could be getting it done much faster if I was wanting to I fell. Although I really want that cert next to my name, I also know that I need to make sure that I am mastering the material and then moving on. I cannot tell you how many people that were in my cohort that were on tryhackme and blasting through rooms, then realizing that they retained ZERO information.
They really seem to be doing a great job preparing you not only for applying what they teach in the real-world, but also prepping you to succeed on the certification. Well this is a work in progress, and none is being done here! Until next time!
Want to be a pentester? Well you need a place to hack... "ethically of course"
After starting with Oracle VirtualBox and getting my feet wet in penetration testing, I saw someone in a VMWare Workstation Pro and decided to switch. I now have Kali Linux and 3 other virtual machine to practice penetration testing against installed.
I am really looking forward to building my new desktop and having the hardware to keep growing my virtual hacking lab. While both are popular virtualization platforms, VMWare Workstation Pro offers some features and capabilities that can be advantageous for penetration testing:
- Performance: VMWare Workstation Pro generally provides better performance than VirtualBox, particularly when running multiple virtual machines (VMs) simultaneously. This can be beneficial during penetration testing, as testers often need to run multiple VMs for different tasks.
- Advanced features: VMWare Workstation Pro offers a more extensive set of features than VirtualBox, which can be useful in penetration testing. These features include advanced networking options, 3D graphics acceleration, snapshot management, and support for a wider range of virtual hardware.
- Integration with other VMWare products: If the penetration tester is already using other VMWare products (such as vSphere or Fusion), VMWare Workstation Pro provides better integration with these tools. This can streamline workflow and improve efficiency during testing.
- Support for more operating systems: VMWare Workstation Pro supports a wider range of guest operating systems, which can be useful for penetration testers who need to test various platforms.
- Commercial support: VMWare Workstation Pro is a commercial product and offers official support, which can be helpful in case of issues or technical difficulties. VirtualBox, on the other hand, is primarily community-supported, which may not be sufficient for professional needs.
- Cloning and templating: VMWare Workstation Pro offers more advanced cloning and templating options, which can be useful for quickly deploying multiple VMs with similar configurations during penetration testing.
While VMWare Workstation Pro offers several advantages, it’s worth noting that it’s a paid product, whereas VirtualBox is free and open-source. Penetration testers should consider their specific needs and budget when choosing between the two platforms.
GIVE ME ROOT
One of the labs that I went through in the TCM Security was practicing against a VM provided by vulnhub called Kioptrix.
- I started with finding the machine on my network on my Kali machine to gather it’s IP, then a basic nmap scan, focusing on all possible port is the -p-, and also added -A to see version, OS, fingerprinting, etc.
- With that scan I saw port 80 was open, quickly went to Firefox, and typed in the http:{IP} and was presented with a default webpage using Apache, PHP, and looked around for poor hygiene and if there were any vulnerabilities.
- I found a link that had an error page with an information disclosure that in the header shows the Apache version number. I proceeded to then use Nikto to further investigate possible vulnerabilities. Using nikto -h {HOST IP}, -h meaning host, sent back a list of vulnerabilities that could be exploited as well. This took my down the road and found mod_ssl/2.8.4 – mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0082, OSVDB-756.
- Now moving to port 139 and seeing that it is running SMB, heading over to smbclient in the terminal, I was going to try and see if this would work. Typing in smbclient -L \\\\{IP}\\ and just hitting enter for the root password I saw two shares, IPC$ and ADMIN$. I tried to connect directly to ADMIN$, however I was not able to. I was however able to connect to IPC$, however after trying to move further I was denied, DANG! It was time to go into metasploit and get to further enumerating!
- Using the after searching smb and finding the SMB version Samba Unix (Samba 2.2.1a). With searchsploit I was able to then gather information about samba 2.2/trans2open. In Metasploit it is now time to look for those exploits. GOT IT!
- Now time to go through the options, set the correct payload which for me was shell_reverse_tcp. Moving to shelling the target/Exploiting vulnerable Samba and HOT DIGGIDY DOG! We got whoami to say that coveted word we want, ROOT!
- So moving on to the next vulnerability, port 443 and Apache. After finding the version and going back to searchsploit, we are given an OpenSSL reverse exploit. Going to GitHub and downloading the current version, I then ran OpenF*!& and was able to shell the target and again gain ROOT!
Overall, this was a great hands-on experience in the penetration testing process and learned the importance of a systematic approach to identifying and exploiting vulnerabilities in a controlled environment. This knowledge can be applied to more complex and advanced CTF challenges in the future, as well as real-world penetration testing scenarios.
Cyber Threat Intelligence 101
Embracing Cybersecurity: Completing the Cyber Threat Intelligence 101 Certification
As I embark on my journey to break into the cybersecurity industry, I am committed to continuously learning and enhancing my skills. Recently, I had the opportunity to complete the Cyber Threat Intelligence 101 certification, which provided me with valuable insights into the world of cyber threat intelligence. This certification has equipped me with a foundation level of knowledge in essential CTI concepts and has further motivated me to pursue a career in this dynamic field.
Course Overview:
The Cyber Threat Intelligence 101 course served as an introductory program, designed to provide a brief but comprehensive understanding of cyber threat intelligence. It also served as a precursor to the extensive CREST CPTIA preparation course, the Cyber Threat Intelligence Practitioner. Throughout the course, I delved into various aspects of CTI, gaining valuable insights into the following areas:
1. Threat Actors/Vectors:
The course enabled me to explore the diverse landscape of threat actors and vectors operating in the digital realm. I learned about the different types of threats, their motivations, and the techniques they employ to compromise information systems. This knowledge has heightened my ability to identify potential risks and develop effective countermeasures.
2. The Intelligence Lifecycle:
Understanding the intelligence lifecycle is crucial for any aspiring cybersecurity professional. I acquired knowledge about the various stages involved in intelligence gathering, analysis, dissemination, and feedback. This comprehensive understanding enables me to contribute to proactive threat detection and response strategies.
3. Legal and Ethical Considerations:
The realm of cyber threat intelligence operates within a framework of legal and ethical boundaries. This course emphasized the importance of conducting intelligence activities while adhering to applicable laws, regulations, and ethical guidelines. I now possess a deep appreciation for the legal and ethical dimensions of CTI, ensuring that my work is carried out in a responsible and principled manner.
Certification Achievement:
Upon completion of the Cyber Threat Intelligence 101 course, I underwent a rigorous assessment process. The course commenced with a baseline assessment to gauge my knowledge level, and concluded with a final examination. I am proud to announce that I successfully passed the final exam and was awarded the arcX Foundation Level Threat Intelligence Analyst (FTIA) certification.
Conclusion:
Completing the Cyber Threat Intelligence 101 certification has been an invaluable experience in my journey towards establishing a career in cybersecurity. This achievement highlights my commitment to continuous learning and professional growth within the industry. Equipped with a solid foundation in CTI concepts, I am ready to leverage my knowledge to contribute effectively to the identification and mitigation of cyber threats. As I embark on new challenges and expand my expertise, I am excited to embrace the evolving landscape of cybersecurity and make a meaningful impact in the field of cyber threat intelligence.