Installing Kali Linux

• Installation on VM (VirtualBox/VMware) or via dual boot setup for penetration testing and ethical hacking.

Linux Basic Commands

• Common commands: ls, cd, pwd, cp, mv, mkdir, touch — used for basic file and directory navigation.

Intermediate Commands

• Useful tools: grep, find, chmod, chown, tar, wget, curl, top — for system management and data handling.

Linux Directory & File Permissions

• Understanding permission bits: rwx, ownership via chown, permission changes with chmod, and special bits like SUID/SGID.

Linux Utilities

• Networking and security tools: nmap, netstat, tcpdump, iptables, wireshark — essential for network analysis and monitoring.

Information Security Overview

• Introduction to protecting systems, networks, and data from cyber threats and breaches.

Cyber Kill Chain

• Stages of a cyberattack: Reconnaissance → Weaponization → Delivery → Exploitation → Installation → Command and Control → Actions on Objectives.

Hacking Concepts

• Understanding attack vectors and the types of threat actors (script kiddies, insiders, hacktivists, etc.).

Ethical Hacking Concepts

• Working within legal boundaries. Differences between white hat, black hat, and gray hat hackers.

Information Security Controls

• Three main types: Physical (e.g., locks), Administrative (e.g., policies), and Technical (e.g., firewalls).

Information Security Laws and Standards

• Key regulations and frameworks: GDPR, HIPAA, ISO/IEC 27001 — essential for compliance and risk management.

Footprinting Methodology

• Systematic approach to gather preliminary information about a target before launching an attack or security assessment.

Search Engine Footprinting

• Using advanced search queries (Google dorking) to uncover sensitive data exposed on the internet.

Web Services & WHOIS

• Gathering domain ownership, IP registration, and hosting details using WHOIS and related tools.

Social Media Footprinting

• Collecting public data from social networks to profile individuals or organizations.

DNS & Network Footprinting

• Discovering subdomains, IP ranges, and DNS records using tools like nslookup, dig, and online DNS recon tools.

Email Tracking & Metadata Analysis

• Analyzing email headers and metadata to trace origin, path, and technical details of an email.

Network Scanning Concepts

• Understanding how scanning identifies live hosts, open ports, services, and potential vulnerabilities on a network.

Scanning Tools

• Popular tools include Nmap, Netcat, and Angry IP Scanner — used for scanning, enumeration, and debugging network services.

Host Discovery

• Techniques to identify active systems on a network using ICMP, ARP, or TCP/UDP ping sweeps.

Port and Service Detection

• Scanning for open ports and identifying services and versions running on those ports using tools like Nmap’s service detection.

OS Fingerprinting

• Determining the operating system of a target machine through TCP/IP stack behavior and response analysis.

Bypassing Firewalls/IDS Detection

• Using stealth scan techniques (e.g., SYN scan, fragment packets, decoys) to avoid detection by firewalls and Intrusion Detection Systems (IDS).

NetBIOS Enumeration

• Gathering information from Windows systems such as shared resources, user names, and network services using NetBIOS.

SNMP, LDAP Enumeration

• Extracting system details from network devices using SNMP and querying directory services using LDAP for user, group, and resource information.

DNS, SMTP, NFS, NTP Enumeration

• Enumerating DNS records, email servers (SMTP), shared files (NFS), and time sync services (NTP) to gather network intelligence.

Tools

• Common enumeration tools: enum4linux, snmpwalk, rpcclient, ldapsearch — used for extracting data from remote services.

System Hacking Concepts

• Understanding the process of gaining unauthorized access to systems and escalating privileges to exploit targets.

Password Cracking

• Techniques like dictionary attacks, brute-force attacks, and rainbow tables used to uncover user credentials.

Vulnerability Exploitation

• Using frameworks like Metasploit to identify, exploit, and validate vulnerabilities on target systems.

Privilege Escalation Techniques

• Gaining higher-level access (e.g., admin/root) through misconfigurations, weak permissions, or kernel exploits.

Maintaining Access

• Deploying persistent tools such as rootkits and keyloggers to retain control over compromised systems.

Covering Tracks

• Clearing logs, modifying timestamps, and hiding processes/files to avoid detection and maintain stealth.

DoS/DDoS Techniques

• Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks overwhelm systems or networks to render them unavailable.

Botnets

• Networks of compromised devices (bots) controlled by attackers to launch large-scale DDoS attacks.

Attack Tools

• Popular tools include LOIC, HOIC, and hping3 — used to generate traffic floods and stress test networks.

Case Studies

• Examples include the 2018 GitHub DDoS (1.3 Tbps) and 2016 Dyn DNS attack (via Mirai botnet) that disrupted major services.

Countermeasures

• Mitigation techniques: rate limiting, web application firewalls (WAF), intrusion prevention systems (IPS), and content delivery networks (CDN).