• Swedish criminal code, Chapter 4, paragraphs 8 and 9c
• Rules for the use of IT resources at Linköping University (scroll down to get the English version)
• UN cybercrime treaty
• The US Computer Fraud and Abuse Act
• EFF's Coders’ Rights Project, Reverse Engineering FAQ
• Dataintrång att olovligen installera datorprogram?
• Polisanmälda dataintrång, BRÅ, 2022, English summary
• I. Rydlund, "Otillåtet eller inte? En analys av dator- och datarelaterade gärningar ur ett brottsbalksperspektiv, Examensarbete, Lunds universitet, 2004, pdf
• Digital Millennium Copyright Act
• Weigle, Katherine (2018) "How the Digital Millennium Copyright Act Affects Cybersecurity", Intellectual Property Brief: Vol. 9 : Iss. 1 , Article 1. online

• List of notable incidents - At least the 2000s and onwards.
• Marcus Hutchins - stopped WannaCry but was also arrested for the Kronos malware.
• The New York Times Magazine: HacK, CouNterHaCk, 1999
• C. C. Palmer, Ethical Hacking, IBM Systems Journal, 2001
• The EC-Council's Code of Ethics
• ISO/IEC 29147 Vulnerability Disclosure
• Google Project Zero Disclosure Deadlines
• OWASP Vulnerability Disclosure Cheat Sheet

• HackerSploit - Penetration testing bootcamp - Penetration testing terminology (video)

• OTW - The Hacker Methodology
  
  • IppSec Popcorn walkthrough (video) - Walks through how to hack a vulnerable-by-design machine from Hack The Box, from port scan to root.
• How to solve it
• LiveOverflow - The Secret step-by-step Guide to learn Hacking (video)
• RSA Conferece - How the Best Hackers Learn Their Craft (video)
• Common exploits and attacks - A starting point for the course

Out of the vast amount of hacking-related tools available, there are a select few that will be useful throughout most of the course. These tools are:

• Netcat/nc ,Netcat cheat sheet, and using netcat for file transfer
• SSH: Alternative 1, Alternative 2,
  • SSH Forwarding - Have a compromised system relay traffic on your behalf, for example.
• cURL - Web requests from the command line.
• Wget - Download web content.
• Python HTTP server, quick setup for serving files, e.g., from your system

Course setup

• VirtualBox User manual
  • Virtual networking
• Kali Linux

TryHackMe Rooms

TryHackMe offers many high-quality introductions to various hacking topics within their free tier. Below is a selection of topics that should serve as a good foundation for the hacking project in this course.

• Pentesting Fundamentals
• Tutorial
• OpenVPN
• Linux fundamentals part 1
• Introductory networking
• Web application security
• Hacker methodology
• Introductory research
• Vulnerabilities 101
• Kenobi
• Vulnversity

Networking basics

• The TCP/IP Guide - Comprehensive online reference book
• Networking basics for hackers
  
• Some common ports
• ip - View and configure networking.
• ss - Socket Statistics.
• nmap - Network scanning and enumeration.
• File copying
  • SCP
  • rsync
  • sftp
• Deprecated Linux network commands and their replacements

Web basics

• MDN Web Docs - When you need to look up web concepts
• How the web works
• Introduction to databases
• Introduction to web servers
• Web application technologies for hackers
  
  • HTTP status codes
  • HTTP methods 
  • Common architectures: LAMP, MAMP, and WAMP
• HTML basics
• CSS basics
• JavaScript basics
  
  • JavaScript environment variables
• Working with JSON
• Serialization / Deserialization

Linux essentials

• Some forensics and penetration testing distributions
  
  • Kali Linux
    • Tools in the Kali Distribution
  • Parrot OS
• The filesystem hierarchy

• Kali Linux Revealed - PDF version is free.
• Linux Basics for Hackers - Online, Print
• The Bash Guide
• The Art of Command Line
• Bash shortcuts cheat sheet

• Joe Collins - Beginner's Guide to the Bash Terminal (video)
• MIT The Missing Semester - Lecture 1: Course Overview + The Shell (video) - From ~4:00 and onwards.
• FactorPad 100 Linux commands playlist

• Windows security documentation
• The net command
• File and folder permissions
• Windows root directory structure
  

Windows command lines

• PowerShell
• PowerShell for pentesters: part 1, part 2, part 3, part 4
  
• Using Powershell for file transfers
• Windows command line (cmd)
• Basic CMD for pentesters

Getting help

• whatis - Display a brief description of a command.
• man <command> - Open the manual.
• <command> -h; <command> --help - The help parameters for most commands.

Navigation

• File System Hierarchy (FHS)
• cd - Change directory.
• ls - List contents.
• pwd - Print current path.
• find - Search through the system.
• clear - Clears the screen. Ctrl + L
• pushd, popd - Temporary relocation to a directory and return.

Viewing data

• cat - Dump content to terminal.
• head - Read start.
• tail - Read end.
• less - Progresare interrupts. Ctrl + c = interrupt.
• kill - Send signals to processes. Uses PID.
• pgrep/pkill - Find and signal based on process names.

Service management

• Systemd
  • systemctl - Services management. For example, start, stop, restart, and status.
• Cron and Crontab - Schedule tasks on a system

Multi-tasking

• jobs - Display suspended or backgrounded processes.
• fg
• bg
• Ampersand (&) at the end of a command
• tmux, cheat sheet - Run multiple terminals in one window, among other things.

Package management

• which - Where a "command" is installed.
• whereis - More detailed package search.
• APT - Managing and installing software.
• DPKG - Debian Package Manager.
• Package management cheat sheet - Many commands + translations across distributions. Kali uses apt.

Text editors

• Nano - Simple and straightforward. Shortcuts and Ctrl + <key>.
• Gedit - Graphical editor, similar to typical notepad software.
• Emacs - For those who don't like Vi/Vim.
• Vi/Vim - For those who don't like Emacs. Often installed by default.
  • How to exit Vim? - Generally, press Esc twice then type ":q!" to exit without saving. Do not include quotes.
  • tutoriaLinux - Vim Basics in 8 Minutes
• The Vi/Vim v. Emacs war

• A fundamental introduction to x86 assembly programming
• x64 Architecture
• ASCII table
• Endianness
• The GCC compiler
• Understanding the insides of your program

Writing exploits

• Python structs
• The null character/byte
• Strings and null bytes in strcpy
• Buffer Overflow Exploit
• Buffer Overflow Exploitation Examples
• Smashing the stack for fun and profit, Phrack version

Exploitation and reversing tools

• checksec
• The GDB debugger, Tutorialspoint on GDB

• THC Hydra / THC Hydra FTP / THC Hydra for Online Web Form Passwords
• OWASP on testing for brute force
• Dictionary attacks

Dictionaries

• Password lists: Alternative 1, Alternative 2
• More dictionaries
• Mirai botnet dictionary
• RockYou dictionary
• Pwned Passwords (only hashes)

• A General Introduction to Cloud Computing
• Google Cloud, Amazon WS and Microsoft Azure
• The NIST Definition of Cloud Computing
• OAuth access tokens 
• JSON Web Token (JWT)
• jwt.io

Cloud security

• Pandemic 11 - Top threats to cloud computing
• MITRE Cloud Matrix
• HackTricks Cloud
  
  • GCP Pentesting
• hackingthe.cloud

• What is encoding?
• GCHQ's CyberChef
• Base64
• URL encoding
• HTML entities
• Difference between encryption and encoding
• Symmetric and Asymmetric cryptography
  
  • Symmetric v. asymmetric
  • Public key infrastructure

Hashing

• Encryption v. encoding v. hashing
• Introduction to hashing and hash algorithms (MD5, SHA-1, SHA-3)
• Linux passwords and hashes
  • /etc/passwd
  • /etc/shadow
• Windows password hashes

Hash Cracking

• HashCat
• John the Ripper
• Crack Station

• Domain Name System (DNS)
• DHCP
  • dhclient
• nmap, nmap scripts
• Telnet / more telnet
• SMB
• FTP
• SFTP
• Rsync
• SCP

Traffic interception and client-side attacks

• tcpdump
• TCPFlow
• Wireshark
  • tshark
• ARP spoofing
• DNS hijacking
• Machine-in-the-middle attacks (MITM)
• Top 12 client-side security threats
  
• BeEF (An option for the adventurous)

Wireless Networks

• Wireless for hackers
• WEP, WPA, WPS
• iw
• wpa_supplicant and its homepage
• aircrack-ng and its homepage
• airmon-ng
• airodump-ng
• WPA Packet Capture Explained
• How to Crack WPA/WPA2

Vulnerability research

• Common Vulnerabilities and Exposures (CVE)
  
  • Common Vulnerability Scoring System 3.1 (CVSS)
• National Vulnerability Database (NVD)
• Exploit Database
• SearchSploit
• Findsploit
• Vulnerability Database
• Github, Git and Git Documentation - Git and Github can be used in many interesting ways.
• HackTricks
• OpenVAS

Exploitation

• MITRE ATT&CK
• C2 frameworks for pentesting
• Metasploit (Quick installation) (Quick start)
  • Meterpreter
  • msfvenom
• Payload All The Things

Post-exploitation

• An introduction to bind and reverse shells
  
  • Reverse shells, more reverse shells, and even more reverse shells
• Upgrading shells to fully interactive TTY
  • Bracketed paste mode
  • Ctrl-C in Netcat
• Mimikatz
• log_wiper.sh

Privilege escalation

• Privilege escalation techniques
• local_exploit_suggester
• linuxprivchecker.py
• LinEnum.sh
• linPEAS
• linux-exploit-suggester
• HostEnum.ps1 (Windows PowerShell enumeration script)
• GTFOBins (A curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions)
• pspy (Monitor linux processes without root permissions)

Lateral movement

• What is lateral movement?
• Pivoting with Metasploit
• SSH port forwarding
• Credential stuffing
• Password spraying
• Pass-the-hash

• BugCrowd University
• Hacker101 on web hacking
• The Web Application Hacker's Handbook - Print,
• Open Web Application Security Project (OWASP) Foundation
  • OWASP Top 10
  • OWASP web security testing guide
• OAuth access tokens
• JSON Web Token (JWT)
  • jwt.io

Databases and SQL

• SQL tutorials: W3Schools, Tutorialspoint
  • SQL cheat sheet
• OWASP on SQL injection
• sqlmap

Enumeration and discovery

• gobuster
• WhatWeb
• SkipFish
• FireFox developer browser developer tools
• FireFox extensions
  • Wappalyzer
  • Whatruns
• Wikipedia on Web Crawler
• CloudFlare on web crawling

Proxies

• FoxyProxy extension
• BURP Suite
  • Portswigger on Crawling in Burp - No premium functions are needed to progress in the course with Burp.
• OWASP ZAP (Zed Attack Proxy) (Known difficulties with certain flags. An option for the adventurous.)
  
  • OWASP Zap Getting started

• security.stackexchange.com
• super user
• Stack overflow
• ippsec.rocks
• null-byte.wonderhowto.com
• OWASP

• HackerOne's Hacktivity

• Risky Business
• Security Now
• Darknet Diaries
• Malicious Life
• Säkerhetssnack

• Buchanan, 2020, The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics
• Greenberg, 2019, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
• Snowden, 2019, Permanent Record
• Schneier, 2019, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World
• Bilton , 2018, American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road
• Zetter, 2015, Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
• Lapsley, 2014, Exploding the Phone
• Bowden, 2011, Worm: The First Digital World War
• Stoll, 2005, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
• Gibson, 1984, Neuromancer

Page responsible: Mikael Asplund
Last updated: 2024-03-05