Ethical Hacking & Vulnerability Assessment

Objective: Understand the ethical hacking landscape, legal frameworks, and career paths.

Topics Covered:

• What is ethical hacking? White hat vs. black hat vs. grey hat
• Types of hackers and penetration testers
• Laws and regulations: Computer Fraud and Abuse Act, GDPR, Data Protection Act (Ghana)
• Scope, rules of engagement, and authorization (permission)
• Certification paths: CEH, OSCP, CompTIA Security+, eJPT
• Setting up your ethical hacking lab (VirtualBox/VMware)

Tools: VirtualBox, Kali Linux installation

Objective: Navigate Kali Linux and use essential command-line tools.

Topics Covered:

• Kali Linux overview and tool categories
• Linux file system navigation (ls, cd, pwd, cp, mv, rm)
• File permissions and user management (chmod, chown, sudo)
• Networking commands (ifconfig, ip, netstat, ping)
• Process management (ps, top, kill, systemctl)
• Installing and updating tools (apt, dpkg, git clone)

Tools: Kali Linux terminal, basic Linux commands

Objective: Gather intelligence about targets using passive and active reconnaissance.

Topics Covered:

• Passive recon: OSINT (theHarvester, Maltego, Shodan)
• WHOIS lookup, DNS enumeration (dnsrecon, dig, nslookup)
• Subdomain discovery (Sublist3r, Amass)
• Email and employee reconnaissance
• Active recon: Ping sweeps and traceroute
• Documenting findings for the reconnaissance phase

Tools: theHarvester, Maltego, Shodan, dnsrecon, Sublist3r

Objective: Discover live hosts, open ports, and running services on target networks.

Topics Covered:

• Nmap fundamentals: TCP SYN scan, UDP scan, FIN scan, XMAS scan
• Nmap scripting engine (NSE) for vulnerability detection
• Service and version detection
• OS fingerprinting with Nmap
• Netcat (nc) for banner grabbing and port scanning
• Enumeration techniques for common services (FTP, SSH, HTTP, SMB)

Tools: Nmap, Zenmap, Netcat, Nmap NSE scripts

Objective: Identify, classify, and prioritize security vulnerabilities.

Topics Covered:

• Vulnerability assessment lifecycle
• Using Nessus Essentials (free) for automated scanning
• OpenVAS vulnerability scanner setup and usage
• CVSS scoring system (Common Vulnerability Scoring System)
• Interpreting scan results: False positives vs. true positives
• Creating a vulnerability assessment report

Tools: Nessus Essentials, OpenVAS, Nmap NSE

Objective: Use Metasploit to exploit vulnerabilities and gain access to target systems.

Topics Covered:

• Metasploit architecture: msfconsole, modules, payloads, encoders
• Searching for and selecting exploits
• Configuring payloads (reverse shell, bind shell, Meterpreter)
• Exploiting known vulnerabilities (MS17-010 EternalBlue, vsftpd backdoor)
• Post-exploitation: Privilege escalation techniques
• Meterpreter commands: File system, keylogging, screenshot, persistence

Tools: Metasploit Framework (msfconsole), Meterpreter

Objective: Identify and exploit common web application vulnerabilities.

Topics Covered:

• OWASP Top 10 vulnerabilities overview
• Setting up vulnerable web apps (Damn Vulnerable Web App - DVWA, OWASP Juice Shop)
• SQL Injection (SQLi): Manual and automated exploitation
• Cross-Site Scripting (XSS): Stored, reflected, DOM-based
• Cross-Site Request Forgery (CSRF)
• Broken authentication and session management testing

Tools: Burp Suite Community, OWASP ZAP, sqlmap, DVWA

Objective: Use Burp Suite for web application penetration testing.

Topics Covered:

• Setting up Burp Suite proxy and browser configuration
• Spidering and crawling web applications
• Intruder for parameter fuzzing and brute force attacks
• Repeater for manual request manipulation
• Scanner for automated vulnerability detection
• Decoder, Comparer, and Sequencer tools

Tools: Burp Suite Community/Professional

Objective: Assess and secure wireless networks (Wi-Fi).

Topics Covered:

• Wireless standards and encryption (WEP, WPA, WPA2, WPA3)
• Putting wireless card into monitor mode
• Capturing 4-way handshake with airodump-ng
• Cracking WPA/WPA2 passwords with aircrack-ng and hashcat
• Evil twin and de-authentication attacks
• Wireless security best practices and countermeasures

Tools: Aircrack-ng suite, hashcat, airmon-ng, airodump-ng

Objective: Capture and analyze network packets to identify malicious activity.

Topics Covered:

• Capturing live traffic and saving PCAP files
• Display filters vs. capture filters
• Following TCP streams
• Analyzing ARP, DNS, HTTP, and HTTPS traffic
• Identifying suspicious patterns (port scans, brute force, data exfiltration)
• Extracting files from network captures

Tools: Wireshark, tcpdump

Objective: Understand human-based attacks and password cracking techniques.

Topics Covered:

• Social engineering attack vectors: Phishing, vishing, pretexting, baiting
• Creating phishing campaigns with Gophish or SET (Social-Engineer Toolkit)
• Password cracking: Dictionary attacks, brute force, rainbow tables
• Using John the Ripper and Hashcat
• Extracting hashes from Windows (SAM file) and Linux (/etc/shadow)
• Defensive strategies: Security awareness training, MFA, password policies

Tools: Social-Engineer Toolkit (SET), Gophish, John the Ripper, Hashcat

Objective: Write professional penetration testing reports and prepare for cybersecurity interviews.

Topics Covered:

• Structure of a penetration testing report
• Executive summary vs. technical findings
• Risk rating and prioritization (CVSS, risk matrix)
• Providing actionable remediation recommendations
• Portfolio building: Documenting your lab exercises
• Career paths: Junior pentester, SOC analyst, vulnerability analyst, red teamer
• Preparing for CEH, CompTIA Security+, and OSCP certifications

Tools: Report templates (Word, LaTeX, Dradis), portfolio tools