Ethical Hacking

November 15th & 16th – SANS PenTest HackFest

November 12, 2021 By William Bailey Leave a Comment

If you choose to attend SANS PenTest HackFest, let us know what you thought of the event. What were the key lessons you learned?

There’s an additional event in November that offers two days of content on Penetration Testing and Hacking.

Note that these additional event(s) are optional, not required for this course, but as you’ll find in InfoSec, you’ll continue to network with others in industry throughout your career.

SANS is hosting their “PenTest HackFest Summit (Links to an external site.)“, either on-site in Bethesda, MD, or online. SANS offers additional training courses during the week, but the summit is FREE to attend.

Also note that if you hold other certifications, you can earn up to 12 CPEs, or 6 per day, for LIVE attendance. (You will have access to watch the sessions later, but won’t earn CPEs for on-demand viewing)

November 12th & 13th – BSides Delaware

November 12, 2021 By William Bailey Leave a Comment

If you choose to attend BSides, let us know what you thought of the event. What were the key lessons you learned?

BSides Delaware is happening this weekend. Security BSides refers to themselves as “the first grass roots, DIY, open security conference in the world!”

Typically this event was held in Wilmington, De, but due to Covid-19, the event is being hosted virtually, via Discord. Registration is either Free, or you can choose to donate.

While this isn’t required for this course, if you’re looking into continuing with ethical hacking, penetration testing, this annual event is a great place to learn more, and via Discord this year, network with others in the field!

Main Site (Links to an external site.)

Registration (Links to an external site.) (Required to obtain access to Discord, or if claiming CPE credit)

Schedule (Links to an external site.)

Streams (Links to an external site.) (Watch Online)

Wiki

Week 10 – Web Application Hacking

November 3, 2021 By William Bailey 15 Comments

This week we turn our attention to tools that can be used to manipulate web-based applications. There are subscription-based services to test your skills, but during this week we look at two in particular – Web Security Dojo and Security Shepherd.

How has your experience been with these tools this week? Did you have any “a-ha!” moments? What lessons have you learned?

Also refer to this week’s Handouts for details on SQL.

FYI – Def Con Nashville (Remote Meetings)

August 31, 2021 by William Bailey Leave a Comment

One of the benefits of Covid-19 has been that many in-person events have gone virtual.

I just found out that Def Con Nashville (@defcin615) is hosting a series of ~2 hour long meetings, with a meeting this evening, August 31st!

The Skype link (the same room they’ll be using for at least the next three months): join.skype.com/PsWTdoX5dR1p

The August 31st meeting discusses OSINT, which bridges the Google Hacking we discussed last night, and into our topic for next week, Reconnaissance.

This is not a course requirement, but when I find additional materials or event(s) that may be helpful, I will share the information.

Week 02: In the News – Current Breach or Incident Article

August 30, 2021 by William Bailey 7 Comments

Ethical Hacking involves continuing education. This past weekend, some gathered in Chicago Illinois at BlueTeamCon to learn about hacks that others have discovered, exchange techniques, etc. So, while we didn’t get to go to Chicago, we can still read articles, and learn from those articles.

Please reply to this post with an article of a current breach or incident. If possible, let’s try to stay focused on how Network Architecture and/or Google Hacking was involved.

Wireless Network – Point of Entry

November 15, 2019 by William Bailey 7 Comments

I will start off this week’s discussion regarding wireless with an article that describes how a Las Vegas casino was hacked because of a fish tank that was connected to the Internet, and also a hack in which “smart pads” connected to insecure Wifi were used as the entry point.

https://money.cnn.com/2017/07/19/technology/fish-tank-hack-darktrace/index.html

Can you find other example(s) that demonstrate how wireless networks were the entry point in a successful breach / attack.

Handouts

Week 11 – Cloud Computing

November 8, 2019 by William Bailey 10 Comments

During our class, we discussed the various cloud service models. While Amazon (AWS), Microsoft (Azure), and Google Cloud services are secure, research a published article, and describe how cloud infrastructure has been compromised. Was the failure due to the cloud provider, cloud consumer, cloud carrier, or a cloud broker? How does this information benefit an ethical hacker?

Week 11 Slide Handouts

Week 02: Overview

September 6, 2019 by William Bailey 6 Comments

During the second week:

We continue discussing the Rules of Engagement

We review the importance of Networking Infrastructure
We discuss Google Hacking – How to Customize Google Searches to Get Better Results
- For those black box engagements, the client’s not providing the information.

Class Slides

Based on this week’s readings:

a. One key point you took from each assigned reading. (One or two sentences per reading)

b. One question that you would ask your fellow classmates that facilitates discussion.

Week 03: Reconnaissance

September 5, 2019 by William Bailey 13 Comments

One of the topics this week is about Reconnaissance, or learning about the target. You may be hired to think just like an outsider, someone trying to “hack” their way in. Remember that some of the “hacking” techniques may not require specific coding. There are so many methods, that for this week’s question, everyone needs to post a unique method of performing reconnaissance in order to earn full points. Describe the method of reconnaissance, and if possible, provide an example of a “hack” or other breach that can be tied back to the information learned due to reconnaissance.

I’ll start with an example that you’re likely seeing on television as part of New Jersey Transit’s “See Something, Say Something” campaign. The commercial promotes security awareness, with several suspicious actors. One of the scenes shows two people along the road, possibly looking at their potential target, but more specifically, another actor taking pictures, and the scene is shown from the viewpoint where we see that the pictures being taken are those of the CCTV system. Why? By taking pictures of the facility, the outsider is learning about the physical security controls of the facility, and can plan the attack to avoid the line of sight from these cameras.

Canadian University Scammer

August 27, 2019 by William Bailey 8 Comments

Just to kick things off. Here’s an article describing scammers using phishing techniques netted 11 million Canadian (9 Million US).

https://motherboard.vice.com/en_us/article/yww4xy/a-canadian-university-gave-dollar11-million-to-a-scammer

The article says this is not technically hacking. I don’t agree, but what do you think?

For those with an audit background, it also points out that anti-fraud controls were either not in place, or not effective.

Welcome to MIS5211 Fall 2021 – Ethical Hacking

August 19, 2016 by William Bailey

Welcome to the online section of MIS5211! Although this class is online, over the next semester we will be interacting with each other and working on group projects.

I’ve set this post for each of us to introduce ourselves:

What is your preferred name? Are you a Robert that wants to be called Bob, or vice-versa? Let us know!
Where are you based? Tell us about your City or Town.
What is your current experience in ethical hacking?
What do you hope to leave this class with?
Are you currently employed in IT or IT Security? You don’t have to divulge your employer, and may be restricted from telling outsiders, but what industry segment do you work in?
What “fun fact” do people not know about you?

Please join in, and post a reply with a bit about yourself.

Class Slides

Main Content