Week Zero

White Hat - Introduction to Ethical Hacking Tools

Abstract

As a learning example of ethical hacking tools and techniques this 4 day introduction will go through the passive recon of a real world scenario.

This attack will emulate the 2015 Ukranian power grid attack 1 in terms of intended impact. The point of origin will borrow from the approach used to deliver the Stuxnet virus to Iran nuclear facilities in 2008 2.

Both incidents target critical infrastructure and the sabotage of programmable logic controllers.

Scenario

You are a hacktivist group that plans on disrupting power to wealthly neighborhoods. Your goal is to coordinate a power outage with defacing of the Dominion Power website to include a manifesto concerning income inequality.

Concepts and Vocabulary:

  • Cyber Kill Chain 3
  • SCADA Networks and Critical Infrastructure 4
  • OSINT: Open Source Intelligence Tools 5 6
  • Target Selection (Pair wise comparison function) 7
  • Social Engineering 8
  • Phishing 9
  • Scanning, Enumeration, and Footprinting 10
  • Advanced Persistent Threat 11

Schedule

  • Week 1: [Recon] Information Gathering and Social Engineering
  • Week 2: [Recon] Phishing and Fingerprinting
  • Week 3: [Recon] Footprint and Enumeration
  • Week 4: [Exploit] Web Server / Owasp

Resources

OSINT

Social Engineering

Phishing

Vulnerability Database(s)

Fingerprinting and Footholds

Enumeration

Web App Security

Games and Practice