TDDE61 Ethical hacking
Resources
This list is based on the corresponding reading list from the KTH course. The list is still being curated.
Ethics and the Law
Legal and policy information
- Swedish criminal code, Chapter 4, paragraphs 8 and 9c
- Rules for the use of IT resources at Linköping University (scroll down to get the English version)
- UN cybercrime treaty
- The US Computer Fraud and Abuse Act
- EFF's Coders’ Rights Project, Reverse Engineering FAQ
- Dataintrång att olovligen installera datorprogram?
- Polisanmälda dataintrång, BRÅ, 2022, English summary
- I. Rydlund, "Otillåtet eller inte? En analys av dator- och datarelaterade gärningar ur ett brottsbalksperspektiv, Examensarbete, Lunds universitet, 2004, pdf
- Digital Millennium Copyright Act
- Weigle, Katherine (2018) "How the Digital Millennium Copyright Act Affects Cybersecurity", Intellectual Property Brief: Vol. 9 : Iss. 1 , Article 1. online
Ethical guidelines
- List of notable incidents - At least the 2000s and onwards.
- Marcus Hutchins - stopped WannaCry but was also arrested for the Kronos malware.
- The New York Times Magazine: HacK, CouNterHaCk, 1999
- C. C. Palmer, Ethical Hacking, IBM Systems Journal, 2001
- The EC-Council's Code of Ethics
- ISO/IEC 29147 Vulnerability Disclosure
- Google Project Zero Disclosure Deadlines
- OWASP Vulnerability Disclosure Cheat Sheet
Basics
Getting started with hacking
-
HackerSploit - Penetration testing bootcamp - Penetration testing terminology (video)
- OTW - The Hacker Methodology
- IppSec Popcorn walkthrough (video) - Walks through how to hack a vulnerable-by-design machine from Hack The Box, from port scan to root.
- How to solve it
- LiveOverflow - The Secret step-by-step Guide to learn Hacking (video)
- RSA Conferece - How the Best Hackers Learn Their Craft (video)
- Common exploits and attacks - A starting point for the course
Out of the vast amount of hacking-related tools available, there are a select few that will be useful throughout most of the course. These tools are:
- Netcat/nc ,Netcat cheat sheet, and using netcat for file transfer
- SSH: Alternative 1, Alternative 2,
- SSH Forwarding - Have a compromised system relay traffic on your behalf, for example.
- cURL - Web requests from the command line.
- Wget - Download web content.
- Python HTTP server, quick setup for serving files, e.g., from your system
Course setup
TryHackMe Rooms
TryHackMe offers many high-quality introductions to various hacking topics within their free tier. Below is a selection of topics that should serve as a good foundation for the hacking project in this course.
- Pentesting Fundamentals
- Tutorial
- OpenVPN
- Linux fundamentals part 1
- Introductory networking
- Web application security
- Hacker methodology
- Introductory research
- Vulnerabilities 101
- Kenobi
- Vulnversity
Networking basics
- The TCP/IP Guide - Comprehensive online reference book
- Networking basics for hackers
- Some common ports
- ip - View and configure networking.
- ss - Socket Statistics.
- nmap - Network scanning and enumeration.
- File copying
- Deprecated Linux network commands and their replacements
Web basics
- MDN Web Docs - When you need to look up web concepts
- How the web works
- Introduction to databases
- Introduction to web servers
- Web application technologies for hackers
- HTML basics
- CSS basics
- JavaScript basics
- Working with JSON
- Serialization / Deserialization
Linux essentials
- Kali Linux Revealed - PDF version is free.
- Linux Basics for Hackers - Online, Print
- The Bash Guide
- The Art of Command Line
- Bash shortcuts cheat sheet
- Joe Collins - Beginner's Guide to the Bash Terminal (video)
- MIT The Missing Semester - Lecture 1: Course Overview + The Shell (video) - From ~4:00 and onwards.
- FactorPad 100 Linux commands playlist
Windows
- Windows security documentation
- The net command
- File and folder permissions
- Windows root directory structure
Windows command lines
- PowerShell
- PowerShell for pentesters: part 1, part 2, part 3, part 4
- Using Powershell for file transfers
- Windows command line (cmd)
- Basic CMD for pentesters
Linux cheat sheet
Getting help
- whatis - Display a brief description of a command.
- man <command> - Open the manual.
- <command> -h; <command> --help - The help parameters for most commands.
Navigation
- File System Hierarchy (FHS)
- cd - Change directory.
- ls - List contents.
- pwd - Print current path.
- find - Search through the system.
- clear - Clears the screen. Ctrl + L
- pushd, popd - Temporary relocation to a directory and return.
Viewing data
- cat - Dump content to terminal.
- head - Read start.
- tail - Read end.
- less - Progresare interrupts. Ctrl + c = interrupt.
- kill - Send signals to processes. Uses PID.
- pgrep/pkill - Find and signal based on process names.
Service management
- Systemd
- systemctl - Services management. For example, start, stop, restart, and status.
- Cron and Crontab - Schedule tasks on a system
Multi-tasking
- jobs - Display suspended or backgrounded processes.
- fg
- bg
- Ampersand (&) at the end of a command
- tmux, cheat sheet - Run multiple terminals in one window, among other things.
Package management
- which - Where a "command" is installed.
- whereis - More detailed package search.
- APT - Managing and installing software.
- DPKG - Debian Package Manager.
- Package management cheat sheet - Many commands + translations across distributions. Kali uses apt.
Text editors
- Nano - Simple and straightforward. Shortcuts and Ctrl + <key>.
- Gedit - Graphical editor, similar to typical notepad software.
- Emacs - For those who don't like Vi/Vim.
- Vi/Vim - For those who don't like Emacs. Often installed by default.
- How to exit Vim? - Generally, press Esc twice then type ":q!" to exit without saving. Do not include quotes.
- tutoriaLinux - Vim Basics in 8 Minutes
- The Vi/Vim v. Emacs war
Ethical hacking and penetration testing
Binary exploitation and reversing
- A fundamental introduction to x86 assembly programming
- x64 Architecture
- ASCII table
- Endianness
- The GCC compiler
- Understanding the insides of your program
Writing exploits
- Python structs
- The null character/byte
- Strings and null bytes in strcpy
- Buffer Overflow Exploit
- Buffer Overflow Exploitation Examples
- Smashing the stack for fun and profit, Phrack version
Exploitation and reversing tools
Brute forcing and dictionary attacks
- THC Hydra / THC Hydra FTP / THC Hydra for Online Web Form Passwords
- OWASP on testing for brute force
- Dictionary attacks
Dictionaries
- Password lists: Alternative 1, Alternative 2
- More dictionaries
- Mirai botnet dictionary
- RockYou dictionary
- Pwned Passwords (only hashes)
Cloud Computing
- A General Introduction to Cloud Computing
- Google Cloud, Amazon WS and Microsoft Azure
- The NIST Definition of Cloud Computing
- OAuth access tokens
- JSON Web Token (JWT)
- jwt.io
Cloud security
Encoding and Encryption
- What is encoding?
- GCHQ's CyberChef
- Base64
- URL encoding
- HTML entities
- Difference between encryption and encoding
- Symmetric and Asymmetric cryptography
Hashing
- Encryption v. encoding v. hashing
- Introduction to hashing and hash algorithms (MD5, SHA-1, SHA-3)
- Linux passwords and hashes
- Windows password hashes
Hash Cracking
Networking
Traffic interception and client-side attacks
- tcpdump
- TCPFlow
- Wireshark
- ARP spoofing
- DNS hijacking
- Machine-in-the-middle attacks (MITM)
- Top 12 client-side security threats
- BeEF (An option for the adventurous)
Wireless Networks
- Wireless for hackers
- WEP, WPA, WPS
- iw
- wpa_supplicant and its homepage
- aircrack-ng and its homepage
- airmon-ng
- airodump-ng
- WPA Packet Capture Explained
- How to Crack WPA/WPA2
Vulnerability identification and exploitation
Vulnerability research
- Common Vulnerabilities and Exposures (CVE)
- National Vulnerability Database (NVD)
- Exploit Database
- SearchSploit
- Findsploit
- Vulnerability Database
- Github, Git and Git Documentation - Git and Github can be used in many interesting ways.
- HackTricks
- OpenVAS
Exploitation
- MITRE ATT&CK
- C2 frameworks for pentesting
- Metasploit (Quick installation) (Quick start)
- Payload All The Things
Post-exploitation
- An introduction to bind and reverse shells
- Upgrading shells to fully interactive TTY
- Mimikatz
- log_wiper.sh
Privilege escalation
- Privilege escalation techniques
- local_exploit_suggester
- linuxprivchecker.py
- LinEnum.sh
- linPEAS
- linux-exploit-suggester
- HostEnum.ps1 (Windows PowerShell enumeration script)
- GTFOBins (A curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions)
- pspy (Monitor linux processes without root permissions)
Lateral movement
- What is lateral movement?
- Pivoting with Metasploit
- SSH port forwarding
- Credential stuffing
- Password spraying
- Pass-the-hash
Web applications and web hacking
- BugCrowd University
- Hacker101 on web hacking
- The Web Application Hacker's Handbook - Print,
- Open Web Application Security Project (OWASP) Foundation
- OAuth access tokens
- JSON Web Token (JWT)
Databases and SQL
- SQL tutorials: W3Schools, Tutorialspoint
- OWASP on SQL injection
- sqlmap
Enumeration and discovery
- gobuster
- WhatWeb
- SkipFish
- FireFox developer browser developer tools
- FireFox extensions
- Wikipedia on Web Crawler
- CloudFlare on web crawling
Proxies
- FoxyProxy extension
- BURP Suite
- Portswigger on Crawling in Burp - No premium functions are needed to progress in the course with Burp.
- OWASP ZAP (Zed Attack Proxy) (Known difficulties with certain flags. An option for the adventurous.)
General hacking and security
Forums
Bug bounties
PodCasts
General knowledge
- Buchanan, 2020, The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics
- Greenberg, 2019, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
- Snowden, 2019, Permanent Record
- Schneier, 2019, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World
- Bilton , 2018, American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road
- Zetter, 2015, Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
- Lapsley, 2014, Exploding the Phone
- Bowden, 2011, Worm: The First Digital World War
- Stoll, 2005, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
- Gibson, 1984, Neuromancer
Page responsible: Mikael Asplund
Last updated: 2024-03-05