Compilation of Resources from TCM's Udemy Course

Practical-Ethical-Hacking-Resources

Compilation of Resources from TCM’s Udemy Course

General Links

Link to Website: https://www.thecybermentor.com/

Link to course: https://www.udemy.com/course/practical-ethical-hacking/

Link to discord server: https://discord.gg/RHZ7UF7

FAQ: https://a.udemycdn.com/2020-02-11_19-58-08-4cc3085ee09e86c772bbea22300f4bb8/original.pdf?nva=20200310064315&token=0d866d71c6ffd2e7e0a40

Note Keeping

KeepNote: http://keepnote.org/

CheryTree: https://www.giuspen.com/cherrytree/

GreenShot: https://getgreenshot.org/downloads/

FlameShot: https://github.com/lupoDharkael/flameshot

OneNote: https://products.office.com/en-us/onenote/digital-note-taking-app?rtc=1

Joplin: https://github.com/laurent22/joplin

Networking Refresher

Seven Second Subnetting: https://www.youtube.com/watch?v=ZxAwQB8TZsM

Setting up our Lab

VMware: https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html

VirtualBox: https://www.virtualbox.org/wiki/Downloads

Kali Download: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/

Shared Drive: https://drive.google.com/open?id=1pIh9t_e6CyjaaZgtA_K1okZkcHhrXncX

Mid-Course Capstone

Cracking Hashes with Hashcat: https://youtu.be/eq097dEB8Sw

Attacking Active Directory: Initial Attack Vectors

mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/

Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/

Attacking Active Directory: Post-Compromise Enumeration

PowerView Cheat Sheet: https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

Attacking Active Directory: Post-Compromise Attacks

Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/

Mimikatz: https://github.com/gentilkiwi/mimikatz

Active Directory Security Blog: https://adsecurity.org/

Harmj0y Blog: http://blog.harmj0y.net/

Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab

Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab

eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/

Web Application Enumeration, Revisited

sumrecon: https://github.com/thatonetester/sumrecon

Testing the Top 10 Web Application Vulnerabilities

OWASP Top 10: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

OWASP Testing Checklist: https://github.com/tanprathan/OWASP-Testing-Checklist

OWASP Testing Guide: https://www.owasp.org/images/1/19/OTGv4.pdf

Installing Docker on Kali: https://medium.com/@airman604/installing-docker-in-kali-linux-2017-1-fbaa4d1447fe

OWASP Juice Shop: https://github.com/bkimminich/juice-shop

OWASP A1-Injection: https://www.owasp.org/index.php/Top_10-2017_A1-Injection

OWASP A2-Broken Authentication: https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication

OWASP A3-Sensetive Data Exposure: https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure

OWASP A4-XML External Entities: https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)

OWASP A5-Broken Access Control: https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control

OWASP A6-Security Misconfigurations: https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration

OWASP A7-Cross Site Scripting: https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS)

DOM Based XSS: https://www.scip.ch/en/?labs.20171214

XSS Game: https://xss-game.appspot.com/

OWASP A8-Insecure Deserialization: https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization

OWASP A9-Using Components with Known Vulnerabilities: https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities

OWASP A10-Insufficient Logging & Monitoring: https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring

Legal Documents and Report Writing

Sample Pentest Report: https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report

Demo Report: https://a2.udemycdn.com/2019-12-22_08-33-23-a60e56f8b03913823c087f209565635d/original.pdf?nva=20200310074458&token=00f19e2dcbfff2a1d1a99

Tools

Hunter.io

• Site: https://hunter.io/

theHarvester

• Github: https://github.com/laramies/theHarvester

breach-parse

• Github: https://github.com/hmaverickadams/breach-parse

Hashcat:

• Github: https://github.com/hashcat/hashcat
• Installing on Windows: https://www.erobber.in/2017/04/hashcat-for-windows.html

mitm6:

• Github: https://github.com/fox-it/mitm6

mimikatz:

• Github: https://github.com/gentilkiwi/mimikatz

sumrecon

• Github: https://github.com/thatonetester/sumrecon

Course Notes, Courtesy of Enigma

Course Notes: https://onedrive.live.com/view.aspx?resid=42005F2B73E92A16!16546&authkey=!ACt7HgbJMllFQ8o