Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,120 --> 00:00:06,300 OK before we get hands on I have to give you a little bit of death by a power point but it's for good 2 00:00:06,300 --> 00:00:07,710 reason. 3 00:00:07,710 --> 00:00:10,800 So we need to introduce the five stages. 4 00:00:10,890 --> 00:00:11,850 Ethical Hacking. 5 00:00:11,850 --> 00:00:16,530 These are the five stages that you will go through on every assessment. 6 00:00:16,530 --> 00:00:24,090 So before we do that let's first make a big note from here on we are moving into the ethical hacking 7 00:00:24,090 --> 00:00:25,370 portion of our course. 8 00:00:25,380 --> 00:00:28,080 We are going to learn malicious things. 9 00:00:28,080 --> 00:00:32,430 Please only use the information learned in this course for ethical purposes. 10 00:00:32,610 --> 00:00:39,270 Do not attack your neighbors not attack anybody that you do not have explicit permission to do so you 11 00:00:39,270 --> 00:00:41,550 can and will get into trouble for doing that. 12 00:00:42,240 --> 00:00:43,600 So with that out of the way. 13 00:00:43,740 --> 00:00:47,660 Let's talk briefly about the five stages of ethical hacking. 14 00:00:48,030 --> 00:00:55,320 So we start up at the top and we actually start with what is called reconnaissance. 15 00:00:55,320 --> 00:00:59,010 The stage is also known as information gathering. 16 00:00:59,010 --> 00:01:00,420 And there are two different types. 17 00:01:00,420 --> 00:01:07,500 There is active and passive now passive is saying like going out to Google and searching for somebody 18 00:01:07,500 --> 00:01:12,260 say you're given a client and you want to look at their Google you want to look at LinkedIn you might 19 00:01:12,260 --> 00:01:18,510 be looking for I don't know a picture of their badge or an employee's name or maybe in employees Twitter 20 00:01:18,510 --> 00:01:19,710 page. 21 00:01:19,710 --> 00:01:20,700 That's all passive. 22 00:01:20,700 --> 00:01:25,580 You're not actually going out to the company's website and doing anything active against it. 23 00:01:25,650 --> 00:01:32,530 Now active reconnaissance kind of falls into place with the second phase which is scanning in enumeration. 24 00:01:32,610 --> 00:01:34,710 Now that is active. 25 00:01:34,710 --> 00:01:40,260 That is where we go out and we take tools such as and map and Nexus and Nick DOE and you never heard 26 00:01:40,260 --> 00:01:40,860 of any of those. 27 00:01:40,860 --> 00:01:42,090 That's fine. 28 00:01:42,090 --> 00:01:46,820 Well we take those and we scan actively against a client. 29 00:01:46,830 --> 00:01:53,850 Now what we're looking for are open ports vulnerabilities different items and with what returns on these 30 00:01:53,850 --> 00:01:55,920 results when we do this scanning. 31 00:01:56,040 --> 00:02:02,460 We also perform what is called enumeration enumeration is just looking at items and digging into them 32 00:02:02,460 --> 00:02:08,880 to see if we can find anything of value say that there is a web server running on port 80. 33 00:02:09,000 --> 00:02:14,040 We see Port a Potties open and it's running something like Apache patchy point two which would be really 34 00:02:14,040 --> 00:02:15,220 really outdated. 35 00:02:15,330 --> 00:02:17,850 We would go out to Google and we would say Google. 36 00:02:17,850 --> 00:02:21,060 Do you know if a patchy one point too has any exploits for it. 37 00:02:21,450 --> 00:02:24,910 And we would do research that's the enumeration portion of it. 38 00:02:24,930 --> 00:02:31,770 So once we do our information gathering we do our scanning enumeration and then we move into the gaining 39 00:02:31,830 --> 00:02:33,820 access portion. 40 00:02:33,870 --> 00:02:36,450 This is also known as exploitation. 41 00:02:36,600 --> 00:02:41,970 We will run an exploit against the client or against the vulnerable service or whatever it may be to 42 00:02:41,970 --> 00:02:48,420 try to gain access into a machine or into a network into an environment etc.. 43 00:02:48,420 --> 00:02:52,250 Once we have that access the process starts to repeat. 44 00:02:52,410 --> 00:02:58,070 We do scanning an enumeration again and we also want to maintain that access. 45 00:02:58,080 --> 00:02:58,440 Right. 46 00:02:58,440 --> 00:03:06,150 So if we were to get kicked out OK or a user shuts down their computer how do we maintain that access 47 00:03:06,150 --> 00:03:10,070 and when they turn their computer back on we still have access to it. 48 00:03:10,110 --> 00:03:12,810 And then lastly there is the covering tracks. 49 00:03:12,810 --> 00:03:19,200 You want to delete any logs that you may leave behind you want to delete any kind of malware that you 50 00:03:19,200 --> 00:03:22,260 upload which is more important as a pen tester. 51 00:03:22,260 --> 00:03:27,710 Any accounts that you create for any reason you wanted delete those as well. 52 00:03:27,750 --> 00:03:30,470 You really just want to clean up is a good way of putting it. 53 00:03:30,600 --> 00:03:33,260 Covering tracks is the more hacker way of putting it. 54 00:03:33,270 --> 00:03:36,770 But as a penetration tester you really just want to clean up. 55 00:03:36,900 --> 00:03:44,340 So we're going to go heavily through steps one through three in this course we'll also cover four and 56 00:03:44,340 --> 00:03:49,860 five of briefly but the process and methodology never changes. 57 00:03:49,860 --> 00:03:55,860 Regardless if you're doing network if you're doing web app or if you're doing a different type of assessment 58 00:03:56,130 --> 00:03:59,910 it's all similar in this five stages of hacking. 59 00:03:59,910 --> 00:04:07,800 The tools might change the attack methods might change but the overall methodology is always the same. 60 00:04:07,830 --> 00:04:12,630 So that's how we're also going to structure this course we're going to go in first and we're going to 61 00:04:12,630 --> 00:04:17,910 talk about information gathering and reconnaissance then we're going to move into scanning enumeration 62 00:04:18,270 --> 00:04:24,750 and then we'll start with exploitation and do that repeatedly to we get it inside of our heads and it 63 00:04:24,750 --> 00:04:27,020 feels almost second nature right. 64 00:04:27,030 --> 00:04:34,230 Once we have all that done we'll do some practice boxes you know give it a go see how we do we'll move 65 00:04:34,230 --> 00:04:42,090 into the internal side of things with Active Directory we'll start working with our Web applications 66 00:04:42,120 --> 00:04:46,710 and our wireless and we will touch on the maintaining access and covering tracks but you're going to 67 00:04:46,710 --> 00:04:52,030 see this methodology over and over and you might also get this question on an interview you know to 68 00:04:52,050 --> 00:04:57,360 describe the five stages so it's important to know these it's just something that every ethical hacker 69 00:04:57,360 --> 00:04:59,280 can rattle off pretty quickly. 70 00:04:59,280 --> 00:05:00,900 So have the written down. 71 00:05:00,920 --> 00:05:01,670 Think about it. 72 00:05:01,670 --> 00:05:07,460 Keep your wheels spinning and let's go ahead and move onto our first section which is going to be information 73 00:05:07,460 --> 00:05:13,970 gathering slash reconnaissance and some cool tools some google fu and just what kind of information 74 00:05:13,970 --> 00:05:16,190 we could actually gather on a potential client. 7769