Ethical Hacking

William Bailey

Ethical Hacking

MIS 5211.701 ■ Fall 2020 ■ William Bailey

William Bailey

Week 03: Virtualization

by 17 Comments

This Discussion Question thread has been created to discuss how we’re succeeding with virtualization.

  • What platform did you choose?  (Windows, Linux, Mac)
  • Which virtualiation platform(s) did you use? (Vmware, VirtualBox, Hyper-V, or your own server farm?)
  • What guest operating system(s) did you install so far?
  • What advantages or disadvantages do you see about these choices?
  • What was the most important “Aha” moment?
  • Did you encounter any challenges or other difficulties?  (it’s ok to run into an issue, as long as one learns from it!)

 

 

Week 2: In the News

by 34 Comments

During the week, research an article that describes a recent breach (hack) of an organization.  Of special interest this week, does the article discuss whether the organization had conducted some sort of vulnerability scans, penetration tests, and/or red or blue team exercises?

When citing the article, include the URL, so that others can read the rest of the article.

Week 1: In the News

by 19 Comments

During the week, research an article that describes a recent breach (hack) of an organization.  Of special interest this week, does the article discuss whether the organization had conducted some sort of vulnerability scans, penetration tests, and/or red or blue team exercises?

When citing the article, include the URL, so that others can read the rest of the article.

Welcome to MIS5211 Fall 2020 – Ethical Hacking

by 7 Comments

Welcome to the online section of MIS5211!  Although this class is online, over the next semester we will be interacting with each other and working on group projects.

As we prepare for the first Webex on Thursday, I’ve set this post for each of us to introduce ourselves:

  1. What is your preferred name?  Are you a Robert that wants to be called Bob, or vice-versa?  Let us know!
  2. Where are you based?  Tell us about your City or Town.
  3. What is your current experience in ethical hacking?
  4. What do you hope to leave this class with?
  5. Are you currently employed in IT or IT Security?  You don’t have to divulge your employer, and may be restricted from telling outsiders, but what industry segment do you work in?
  6. What “fun fact” do people not know about you?

Please join in, and post a reply with a bit about yourself.

Canadian University Scammer

by 6 Comments

Just to kick things off.  Here’s an article describing scammers using phishing techniques netted 11 million Canadian (9 Million US).

https://motherboard.vice.com/en_us/article/yww4xy/a-canadian-university-gave-dollar11-million-to-a-scammer

The article says this is not technically hacking.  I don’t agree, but what do you think?

For those with an audit background, it also points out that anti-fraud controls were either not in place, or not effective.

Week 12: Wireless Network – Point of Entry

by 40 Comments

I will start off this week’s discussion regarding wireless with an article that describes how a Las Vegas casino was hacked because of a fish tank that was connected to the Internet, and also a hack in which “smart pads” connected to insecure Wifi were used as the entry point.

https://money.cnn.com/2017/07/19/technology/fish-tank-hack-darktrace/index.html 

For this week, find another example that demonstrates how wireless networks were the entry point in a successful breach / attack.

Week 07: In the News – Social Engineering

by 48 Comments

Social Engineering involves acting and using psychology to get information from a target.  As a follow-up to our discussions regarding social engineering, research an article of an incident where social engineering was essential for the incident / breach to have occurred.

In your post, include the URL so that others can read the article being referenced.

Week 08: SUDO CVE-2019-14287

by 8 Comments

During this week we discussed the risks of malware that obtains the ability to operate within the kernel, and a Linux vulnerability  reported regarding SUDO when the SUDOers file is set up to allow all users except root to run certain programs as “SuperUserDO”, e.g. vi, the text editor.

https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html

With this week’s topic about malware, what does this vulnerability mean in regards to the likelihood and/or impact of the damage posted by malware?

 

Week 6: Metasploit

by 44 Comments

This week we discussed Metasploit Framework, and some of the vulnerabilities we demonstrated were from 2008.  For this week’s discussion, relate to the class a “hack” that involved a vulnerability that had been “in the wild” for at least six months.

NOTE: This is also the “In The News” for this week.

Note: Because we will be covering social engineering next week, this week’s hacks should be limited to technical attacks.