Hackathon on Ethical Hacking!

15 June 2022

Hackathon on Ethical Hacking!

Today was the last day of the Ethical Hacking Hackathon, held by CyberSapiens We were given 3 tasks comprising 20 challenges based on Web, Linux and Crypto. And I got 3rd place in it :). Winning a Bluetooth speaker and a certificate

The competition was very challenging and I enjoyed each and every part of it and I learned a lot of things in the workshop.

Total Summary of the Workshop + Hackathon:

  • Services and scope in Cyber Security
  • Importance of Cyber Security
  • Pillars of Cyber Security (CIA triad)
    1. Confidentiality
    2. Integrity
    3. Availability
  • Types of Hackers
  • Basic Linux Commands

Various Stages involved in Ethical Hacking

1. Reconnaissance - Information Gathering

Sources to get it -

  • through search engine
  • Online Services like -
    spokeo.com
    thatsthem.com
    com.lullar.com
    Social Media
    
  • Username Search
    knowem.com
    checkusernames.com
    namechk.com
    peekyou.com
    
  • Email Address Check -
    hunter.io
    centralops.net/co/emaildossier.aspx
    viewdns.info
    thatsthem.com/reverse-email-lookup
    
  • Phone Number Search
    truecaller.com
    EyeCon App
    
  • Gathering Financial Information
    google.com
    finance.yahoo.com
    
  • Web Archives
    archive.org
    cachedpages.com
    timetravel.mementoweb.org
    
  • Through Job Sites
    linkedIn.com 
    monster.com 
    naukri.com
    indeed.com 
    careerbuilder.com
    
  • Using Groups Forums and Blogs
    quora.com
    stackexchange.com
    Companies blog sites
    Github
    
  • Using Social Networking Site
  • Shodan Search Engine

    to find specific types of computers connected to the internet
    shodan.io
    
  • Mirroring Entire Website
    httrack.com
    
  • Whois lookup
    whois.com
    whois.domaintools.com
    
  • Shoulder Surfing
  • Dumpster Diving

2. Scanning

  • Using Owasp Zap
  • Using exiftools
  • Source Code Review
  • Directory Lister
  • robots.txt
  • Google Hacking Database (GHDB)
  • Burp Suite

3. Gaining Access

  • Dictionary Attack
  • Brute Force Attack
  • Malware Attack

4. Maintaining Access

  • Privilege Escalation
  • Metasploit

5. Clearing Tracks

  • Log files in Windows (clearev in Metasploit)
  • Cookies (Cookie Editor)
  • SQL Injection

Cryptography

To decrypt, encrypted files and passwords.

  • Steganography
  • Wireshark

Protocols

  • Http & Https
  • FTP
  • DNS
  • SMTP
  • TCP, UDP
  • Eavesdroppin

I learned so many new things in this workshop. Glad to be part of it.