Pentesting: Week Zero

White Hat - Introduction to Ethical Hacking Tools


As a learning example of ethical hacking tools and techniques this 4 day introduction will go through the passive recon of a real world scenario.

This attack will emulate the 2015 Ukranian power grid attack 1 in terms of intended impact. The point of origin will borrow from the approach used to deliver the Stuxnet virus to Iran nuclear facilities in 2008 2.

Both incidents target critical infrastructure and the sabotage of programmable logic controllers.


You are a hacktivist group that plans on disrupting power to wealthly neighborhoods. Your goal is to coordinate a power outage with defacing of the Dominion Power website to include a manifesto concerning income inequality.

Concepts and Vocabulary

  • Mitre Att@ck Framework
  • Cyber Kill Chain 3
  • SCADA Networks and Critical Infrastructure 4
  • OSINT: Open Source Intelligence Tools 5 6
  • Target Selection (Pair wise comparison function) 7
  • Social Engineering 8
  • Phishing 9
  • Scanning, Enumeration, and Footprinting 10
  • Advanced Persistent Threat 11


  • Week 1: [Recon] Information Gathering and Social Engineering
  • Week 2: [Recon] Phishing and Fingerprinting
  • Week 3: [Recon] Footprint and Enumeration
  • Week 4: [Exploit] Web Server / Owasp



Social Engineering


Vulnerability Database(s)

Fingerprinting and Footholds


Attack Execution

(Thoery and example only. No practical skills exercises) * Routersploit

Web App Security

Classification Techniques, Frameworks, and Approaches

  • Mitre Att@ck Framework

Emerging Threats

Emerging Sources of Technical Talent

Security at Large

Games and Practice