-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathProgram
117 lines (81 loc) · 5.48 KB
/
Program
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
Class 1) Hardware, OS and Architecture: Introduction
- Introduction differents hardware: PC, Android, Server, Raspberry, IoT,Modem, Router, Switch, Firewall.
- Introduction differents Architecture and OSes: x86, X64, ARM, WIN SERV, UBUNTU, RASBIAN
Practices:
- Unbuild and identify parts and components of a Dell PowerEdge 2950
- Install a Fresh Ubuntu
- Install Rasbian on a raspberry
----------------------------------
Class 2) Network & infrastructure: Introduction
- Introduction to network from Macro to Micro: Web to local network
- Technical principles: IP/RANGE, DNS, DHCP, Router, Switch, Firewall, IDS / IPS, VPN, TOR.
- Secure Online Navigation: Encryption capsule principles.
Practices:
- Set up a network using a Modem, a router and DHCP
- Establish a IP Plan with the class computers
- Assign static IP to computers as per the IP Plan
- Deploy a firewall
- Login and connect to the firewall
- Look up for the rules and trigger alerts.
Scenario:
You have been assigned the set up of an office network including various devices such as servers, computers, firewalls and IoT devices.
Once the netwok designed and planned you will have to deploy it´s infrastructure including modem, router, switches and connect the devices as per their IP Plan, computers, servers, mobile devices including all OSes , Mac, Windows, Linux, Android.
Once the network you will have to locate in the firewall the established rules and accordingly trigger alerts.
----------------------------------
Class 3) Web and Technologies: Introduction
- Introduction to Webapp and DBs
- Discovery of technologies and webapps with DOJO & DVWA VM
- Presentation DB & Dumps
Practices:
- Create a DB with class elements
- Perform a vulnerability assesment on a website
- Hack the website´s DB
Scenario:
You have been tasked with performing a vulnerability assesment on a website.
----------------------------------
Class 4) Hardware, OS and Architecture: Level 1
- Linux Kali: SSH, Bash & Terminal principles
- Windows: Server 2003, Install and config
- MAC-OSX: Install and config
Practices:
- Terminal navigation, install from APT, Install github clone, chmod, execute a software
- Clone the class github repository into /OPT/HACKADEMY from the terminal
- Scan the windows server 2003 for vulnerabilities and exploit
----------------------------------
Class 5) Network & infrastructure: Level 1
- Different connections and protocol to network: TCP / UDP / RDP / WIFI / WEP / WPA ...
- Network Scan and Recon principles
- NMAP - ZENMAP introduction
Practices:
- Break WiFi encryption and connect to network
- Scan the network and identify connected device
- Identify the IDS and the Firewall, hack them offline
- Rescan and perform recon on the devices that you found, note the differences.
Scenario:
You have a recognition assignement with no physical access to the assets nor the offices. You must break the wireless encryption, penetrate the network and scan for assets.
You will notice that an IDS and a Firewall protects the network, you will have to take them offline and provide accurate details on your network recognition,
identifying the devices, opened ports and running services of the devices found on the network will be expected.
----------------------------------
Class 6) Web and Technologies: Level 1
- CMS, APACHE, TOMCAT, PHP, MYSQL intro
- Vulnerabilities in web technologies, how to identify them
Practices:
- Scan the webserver and identify the technologies
- Find the vulnerabilities related to the webapps
- Document the vulnerabilities
Scenario:
You have been assigned a web application recognition in order to prepare a further attack, you must create a detail report on all vulnerabilities you have found, document them with the ressources you have discovered during the class. All vulnerabilities must be documented with the corresponding CVE reference and level of criticity.
----------------------------------
Class 7) Hardware, OS and Architecture: Level 2
- Corporate / Infrastructure networks
- Network protocols FTP, TELNET, RDP and their vulnerabilities
- BruteForce and Password list generator
Practices :
- 2 Teams: Osint & Hack
- Osint practice recon on infrastructure target, Hack team performs penetration into network
- Osint Team must find the login and password hint
- Hack Team create the password list given Osint provided intels
- Hack Team launch brute force attack against FTP, TELNET, RDP protocols and available devices.
Scenario:
In this scenario the class will be divided in two teams, one team will be tasked with hacking (Hacking Team) the second team will provide intelligence support (Osint Team). The objective of this scenario is to retrieve a file on a server, while the Osint Team investigate the target in order to find hint and generate the materials for the Hack Team (Password list, Recon Intel, Company users etc...). During this time the Hack team will have to penetrate the network, scan it and identify the services that will allow them to eventually retrive the file. The Osint Team should have by then provided the materials needed to bruteforce into the suspected services and/or devices. Once located, retrieve the file in local.
----------------------------------