1
00:00:00,120 --> 00:00:06,300
OK before we get hands on I have to give you a little bit of death by a power point but it's for good

2
00:00:06,300 --> 00:00:07,710
reason.

3
00:00:07,710 --> 00:00:10,800
So we need to introduce the five stages.

4
00:00:10,890 --> 00:00:11,850
Ethical Hacking.

5
00:00:11,850 --> 00:00:16,530
These are the five stages that you will go through on every assessment.

6
00:00:16,530 --> 00:00:24,090
So before we do that let's first make a big note from here on we are moving into the ethical hacking

7
00:00:24,090 --> 00:00:25,370
portion of our course.

8
00:00:25,380 --> 00:00:28,080
We are going to learn malicious things.

9
00:00:28,080 --> 00:00:32,430
Please only use the information learned in this course for ethical purposes.

10
00:00:32,610 --> 00:00:39,270
Do not attack your neighbors not attack anybody that you do not have explicit permission to do so you

11
00:00:39,270 --> 00:00:41,550
can and will get into trouble for doing that.

12
00:00:42,240 --> 00:00:43,600
So with that out of the way.

13
00:00:43,740 --> 00:00:47,660
Let's talk briefly about the five stages of ethical hacking.

14
00:00:48,030 --> 00:00:55,320
So we start up at the top and we actually start with what is called reconnaissance.

15
00:00:55,320 --> 00:00:59,010
The stage is also known as information gathering.

16
00:00:59,010 --> 00:01:00,420
And there are two different types.

17
00:01:00,420 --> 00:01:07,500
There is active and passive now passive is saying like going out to Google and searching for somebody

18
00:01:07,500 --> 00:01:12,260
say you're given a client and you want to look at their Google you want to look at LinkedIn you might

19
00:01:12,260 --> 00:01:18,510
be looking for I don't know a picture of their badge or an employee's name or maybe in employees Twitter

20
00:01:18,510 --> 00:01:19,710
page.

21
00:01:19,710 --> 00:01:20,700
That's all passive.

22
00:01:20,700 --> 00:01:25,580
You're not actually going out to the company's website and doing anything active against it.

23
00:01:25,650 --> 00:01:32,530
Now active reconnaissance kind of falls into place with the second phase which is scanning in enumeration.

24
00:01:32,610 --> 00:01:34,710
Now that is active.

25
00:01:34,710 --> 00:01:40,260
That is where we go out and we take tools such as and map and Nexus and Nick DOE and you never heard

26
00:01:40,260 --> 00:01:40,860
of any of those.

27
00:01:40,860 --> 00:01:42,090
That's fine.

28
00:01:42,090 --> 00:01:46,820
Well we take those and we scan actively against a client.

29
00:01:46,830 --> 00:01:53,850
Now what we're looking for are open ports vulnerabilities different items and with what returns on these

30
00:01:53,850 --> 00:01:55,920
results when we do this scanning.

31
00:01:56,040 --> 00:02:02,460
We also perform what is called enumeration enumeration is just looking at items and digging into them

32
00:02:02,460 --> 00:02:08,880
to see if we can find anything of value say that there is a web server running on port 80.

33
00:02:09,000 --> 00:02:14,040
We see Port a Potties open and it's running something like Apache patchy point two which would be really

34
00:02:14,040 --> 00:02:15,220
really outdated.

35
00:02:15,330 --> 00:02:17,850
We would go out to Google and we would say Google.

36
00:02:17,850 --> 00:02:21,060
Do you know if a patchy one point too has any exploits for it.

37
00:02:21,450 --> 00:02:24,910
And we would do research that's the enumeration portion of it.

38
00:02:24,930 --> 00:02:31,770
So once we do our information gathering we do our scanning enumeration and then we move into the gaining

39
00:02:31,830 --> 00:02:33,820
access portion.

40
00:02:33,870 --> 00:02:36,450
This is also known as exploitation.

41
00:02:36,600 --> 00:02:41,970
We will run an exploit against the client or against the vulnerable service or whatever it may be to

42
00:02:41,970 --> 00:02:48,420
try to gain access into a machine or into a network into an environment etc..

43
00:02:48,420 --> 00:02:52,250
Once we have that access the process starts to repeat.

44
00:02:52,410 --> 00:02:58,070
We do scanning an enumeration again and we also want to maintain that access.

45
00:02:58,080 --> 00:02:58,440
Right.

46
00:02:58,440 --> 00:03:06,150
So if we were to get kicked out OK or a user shuts down their computer how do we maintain that access

47
00:03:06,150 --> 00:03:10,070
and when they turn their computer back on we still have access to it.

48
00:03:10,110 --> 00:03:12,810
And then lastly there is the covering tracks.

49
00:03:12,810 --> 00:03:19,200
You want to delete any logs that you may leave behind you want to delete any kind of malware that you

50
00:03:19,200 --> 00:03:22,260
upload which is more important as a pen tester.

51
00:03:22,260 --> 00:03:27,710
Any accounts that you create for any reason you wanted delete those as well.

52
00:03:27,750 --> 00:03:30,470
You really just want to clean up is a good way of putting it.

53
00:03:30,600 --> 00:03:33,260
Covering tracks is the more hacker way of putting it.

54
00:03:33,270 --> 00:03:36,770
But as a penetration tester you really just want to clean up.

55
00:03:36,900 --> 00:03:44,340
So we're going to go heavily through steps one through three in this course we'll also cover four and

56
00:03:44,340 --> 00:03:49,860
five of briefly but the process and methodology never changes.

57
00:03:49,860 --> 00:03:55,860
Regardless if you're doing network if you're doing web app or if you're doing a different type of assessment

58
00:03:56,130 --> 00:03:59,910
it's all similar in this five stages of hacking.

59
00:03:59,910 --> 00:04:07,800
The tools might change the attack methods might change but the overall methodology is always the same.

60
00:04:07,830 --> 00:04:12,630
So that's how we're also going to structure this course we're going to go in first and we're going to

61
00:04:12,630 --> 00:04:17,910
talk about information gathering and reconnaissance then we're going to move into scanning enumeration

62
00:04:18,270 --> 00:04:24,750
and then we'll start with exploitation and do that repeatedly to we get it inside of our heads and it

63
00:04:24,750 --> 00:04:27,020
feels almost second nature right.

64
00:04:27,030 --> 00:04:34,230
Once we have all that done we'll do some practice boxes you know give it a go see how we do we'll move

65
00:04:34,230 --> 00:04:42,090
into the internal side of things with Active Directory we'll start working with our Web applications

66
00:04:42,120 --> 00:04:46,710
and our wireless and we will touch on the maintaining access and covering tracks but you're going to

67
00:04:46,710 --> 00:04:52,030
see this methodology over and over and you might also get this question on an interview you know to

68
00:04:52,050 --> 00:04:57,360
describe the five stages so it's important to know these it's just something that every ethical hacker

69
00:04:57,360 --> 00:04:59,280
can rattle off pretty quickly.

70
00:04:59,280 --> 00:05:00,900
So have the written down.

71
00:05:00,920 --> 00:05:01,670
Think about it.

72
00:05:01,670 --> 00:05:07,460
Keep your wheels spinning and let's go ahead and move onto our first section which is going to be information

73
00:05:07,460 --> 00:05:13,970
gathering slash reconnaissance and some cool tools some google fu and just what kind of information

74
00:05:13,970 --> 00:05:16,190
we could actually gather on a potential client.