Today was the last day of the Ethical Hacking Hackathon, held by CyberSapiens We were given 3 tasks comprising 20 challenges based on Web, Linux and Crypto. And I got 3rd place in it :). Winning a Bluetooth speaker and a certificate
The competition was very challenging and I enjoyed each and every part of it and I learned a lot of things in the workshop.
Total Summary of the Workshop + Hackathon:
- Services and scope in Cyber Security
- Importance of Cyber Security
- Pillars of Cyber Security (CIA triad)
- Confidentiality
- Integrity
- Availability
- Types of Hackers
- Basic Linux Commands
Various Stages involved in Ethical Hacking
1. Reconnaissance - Information Gathering
Sources to get it -
- through search engine
- Online Services like -
spokeo.com thatsthem.com com.lullar.com Social Media
- Username Search
knowem.com checkusernames.com namechk.com peekyou.com
- Email Address Check -
hunter.io centralops.net/co/emaildossier.aspx viewdns.info thatsthem.com/reverse-email-lookup
- Phone Number Search
truecaller.com EyeCon App
- Gathering Financial Information
google.com finance.yahoo.com
- Web Archives
archive.org cachedpages.com timetravel.mementoweb.org
- Through Job Sites
linkedIn.com monster.com naukri.com indeed.com careerbuilder.com
- Using Groups Forums and Blogs
quora.com stackexchange.com Companies blog sites Github
- Using Social Networking Site
Shodan Search Engine
to find specific types of computers connected to the internetshodan.io
- Mirroring Entire Website
httrack.com
- Whois lookup
whois.com whois.domaintools.com
- Shoulder Surfing
- Dumpster Diving
2. Scanning
- Using Owasp Zap
- Using exiftools
- Source Code Review
- Directory Lister
- robots.txt
- Google Hacking Database (GHDB)
- Burp Suite
3. Gaining Access
- Dictionary Attack
- Brute Force Attack
- Malware Attack
4. Maintaining Access
- Privilege Escalation
- Metasploit
5. Clearing Tracks
- Log files in Windows (clearev in Metasploit)
- Cookies (Cookie Editor)
- SQL Injection
Cryptography
To decrypt, encrypted files and passwords.
- Steganography
- Wireshark
Protocols
- Http & Https
- FTP
- DNS
- SMTP
- TCP, UDP
- Eavesdroppin
I learned so many new things in this workshop. Glad to be part of it.