Enroll in the complete course on Udemy!
Welcome all. This is an introduction to ethical hacking for 2016-2017. And before I continue any further, some of you may know me from the previous ethical hacking course, and this one will be significantly more advanced as opposed to that one. That being said, the requirements for this one will be also significantly different. But before we continue any further, let me just go over a few things. First of all, my throat is getting dry, because this is like the fifth time that I’m attempting this and certain people, certain very rude people keep interfering. But anyway, there a few considerations to make here. So the first one, is what can you expect to learn from this course? Well, you can expect to…I will show you basically, how you can compromise systems, monitor a traffic in the air, fight against encryption, what you can do with encrypted traffic, how you can attempt to decrypt it. Some of it you will be able to decrypt, I will show you various methods, Listening booths in the middle, and how to take off certain layers of encryption, and extract the useful information from the data which is out there in the air. I will show you various methods how to compromise systems in general, like PCs, servers, phones, smartphones that is. And we also may play around a little bit with the GSM network and see some of the vulnerabilities there. That’s a 2G network, so you have 2G, 3G and 4G. 2G is the GSM and 4G is the LTE. Anyway, we will be most likely, I will most likely at a certain point in time also talk a little bit about social engineering and you will see the practical aspect of that as well. But, there are two kind of considerations that you should make when taking this course. So, moral side of things and legal considerations. So, just because you will be able to do something, and I will teach you how to do some serious damage with the knowledge that you get you will be able to do some serious damage, but it doesn’t mean that you should. There really is no need for you to do so. And just think about it, you don’t want anybody messing with your stuff, so don’t mess with anybody else’s stuff. There really is no need, or justified reason for you to do it. Legal aspects, legal considerations. In most countries, it is illegal to mess around with systems you don’t have permission to mess around on systems that you yourself do not own. Just to give you a stupid example, it’s illegal to mess around with your neighbors Wi-Fi. It’s illegal to connect to it without that person’s permission, who owns it. So even these small, I would say, inevitable things are taken into consideration by law. Not to speak of breaking into the servers or taking information from the phones, personal information from the phones and other kinds. That’s all covered as well. So you can get into a lot of trouble if you misuse the knowledge. I will give you a lot of knowledge here, I will show you how to do various things. Please, do not abuse the knowledge. Use the knowledge, do not abuse it. Ok, that being said, let’s go over to the other side. Besides of the cute puppy up there that my friend drew, sitting over there smiling, for some strange reason. He doesn’t want to come on camera, God knows why. You will have software and hardware requirements for this course, so those are the two. You have three requirements, one is software, one is hardware and the third one is, your current knowledge, your current amount of knowledge, so to say. Let’s get into the operating systems. So, Windows and OSX are completely incompatible for our purpose. On OSX you lack a large amount of tools and you lack hardware compatibility in the first place, even though you have a Unix-like Shell, it’s really not a system that you want to use for this purpose. Windows as well, Windows is even worse. You don’t have the degree of anonymity while using Windows is not really that good. With Linux, is open source, you know all the traffic that’s coming out, that’s going in, to monitor, to know exactly what it is, all of it can be decrypted. With Windows, you will have…I notice a lot of unauthorized duplications from my machines, and it’s closed source, you don’t know what is going on in the background, you don’t know the source code. And you might say, “Well, I know the source code of Linux but I’m not a developer, I have no idea what it means” It doesn’t matter, a lot of other people know what it means, a lot of other people who made it. Somebody who says something out there on the forums, if there was funny going on there. I don’t what’s going on with Windows, under the hood, and I don’t know what’s going on with OSX under the hood, and therefore I generally don’t like using them for anything unless I am practically forced to do so. My primary operating system that I use in my daily basis for productivity work, with pen testing and development is Linux, and it has the largest, practically the best tools for development and for pen testing. It doesn’t matter which distribution you are using, you should be able to install pretty much all the tools on all the distributions out there. Anyway, you will need a machine where you will have Linux installed. So, we will need Linux as an operating system installed. I will tell you which distro to choose, I will make suggestions and I will show you how to install it. Now, to answer the questions in advance, yes, you can have a virtual machine on Windows or OSX. Yes, you can have a bootable USB with persistence storage, and yes, you can have dual boot on Windows and OSX, all these three setups are…first of all, you’re gonna encounter a lot of problems with dual boot, with both Windows and especially OSX. Linux dual booting with OSX and Windows is a huge problem, especially with the UEFI Bios. Some of you might argue and say, “Well, it’s not, I’ve succeeded in doing it” Yes, I’ve succeeded in doing it, it works, but, it’s a hassle to get it to work, or at least it was a hassle for me, the process is buggy, you will encounter a lot of problems and a lot of your problems I cannot replicate them and not know how to solve. I can’t replicate them and therefore I don’t know how to solve them, because the dual boot behaves differently on different machines with different BIOSes. On different motherboards that is. So, have a machine which has Linux installed as a single operating system. All these other optional setups, like dual boot, live USB, virtual machines, I’ll go ahead and create these videos for you and I’ll post them on Youtube as optional setups, but that’s not the setup that I will be using, that’s just something that I will post there for you, so you can have a look, but it will not be a part of this course at all. They will be on Youtube, they will be completely free, no need to registering or anything like that. If you want have that kind of setup you can go, have a look at it, but I make no guarantees there. Ok, so, in terms of hardware, First, what you need to consider is driver compatibility. Driver compatibility has been an issue for a very long time with Linux, but lately it hasn’t been a problem almost at all, because Linux nowadays supports pretty much most of the devices out there without any problems, with open source drivers, and open source drivers, yeah, they tend to work, really, really, really well with most devices out there. There are still hiccups here and there, but, it works. However, you will need to make sure that your system that you are using in terms of hardware components is compatible with the Linux kernel. You do this by basically getting the list of components of the PC and just typing in on the net, like, wireless card, what number, drivers for Linux, and it’s gonna tell you, yes, they do exist or no, they do not exist. If you type in, like, graphic card, this graphic card driver’s for Linux. Yes, they do exist or they do not exist, so that’s some of the checkups that you need to make. In general, if the drivers exist for, I mean if you have drivers in one distribution and if they’re open source you can have them for pretty much all the distributions without any problems. Next up is really important, so router access, you will need access to your home router, you will need to be able to access it. A lot of ISPs these days, they tend to block the user access to the home router. I don’t know why they do this, most likely because they don’t want a ton load of people messing around with the configuration of the routers. And they don’t know what they’re doing, so they mess things up and they call support and it takes valuable time and effort and it costs them money. So they just lock the router. But, if you don’t have access to your router, what you can do is just give them a call or write an email, asking that you would like to have a permission, that you would like them to unlock the router and they will tell you: “Okay, but you can do that at your own risk” Most likely if you mess something up, they will charge you some small amount to restore the original configuration. But, you can basically back your router up, once they unlock it. And just create a backup file and you can use that as a restore point in case you don’t know how to restore the internet connection in your house. However, you will need access to your router because we’re gonna be configuring, we’re gonna be opening up this machine to the outside world, so it will be accessible from outside world. This will be necessary for certain setups, I will show you how to configure the router and to configure….what you need to do is pretty much the same on every router, however, the interfaces on the routers will vary, but it’s quite simple, there isn’t much up to it. Wireless cards, this is also you will need to keep in mind, they need to be, not only compatible with Linux, but they need to be compatible with Aircrack and Reaver, so Aircrack-ng and Reaver. Some wireless cards function well, other do not, you can look it up on the net which ones do and which ones do not. In the final account of things, you can just go ahead and use the one that you have and see how it works out. Chances are that it will work, but again, that’s some of the information that you will look up on the net. You see, first of all you establish which chipset does your wireless card use, you can do this by typing in the model of your wireless card on the manufacturer’s website and the manufacturer will have the chipset listed there. Then you check whether that chipset has compatible drivers for Linux, and whether that chipset is supported by Reaver and Aircrack-ng. All this information is listed on the sites. So you just use your favourite search engine and, I assure you, you will find these results without bigger difficulties. If you fail by some crazy chance to do so just go with the flow and see what happens. See if it works out or if it doesn’t. The CPU, now the CPU that you have should support virtualization options, that means for Intel, you will need VT-d and for AMD you will need AMD-Vi. These are the flags which tell you if the processor is capable of virtualization. That’s the simplest explanation I can give in that regard. Make sure that your, it will be nice if your CPU supported virtualization so that you can do everything that I do as well. How do you check this? Well, you go to the manufacturer’s website and again, you see whether it’s supported or not, you can even ask the manufacturer with an email if it supports virtualization or not, just give them a call, I mean, and ask them quite literally, just give them the model number and they will be able to tell it to you, yes or no, without any problems really. Now, RAM, it will be good if this machine where Linux will be installed would have at least 4GB of RAM. Linux doesn’t necessarily requires 4GB, it’s gonna run with less than 2GB without any difficulties. It’s not RAM hungry like Windows and OSX are, but it would be good if you had more than 4. Why more than 4? For smoother operations of virtual machines, because we’re gonna have some of them, which we’re gonna set up there, and that we will use as our own small virtual servers, as our own pocket environments, where we shall conduct our research and where we will…the servers which we will use in order to go through the course, we’ll build our own environments where we will perform whatever it is that we need to do. USB, have a USB lying around, some USB, it may not be a big USB, it may not be a 3.0 USB or anything like that, pretty much any USB stick will do. What will you need it for? One of the basic things that we might need it for…I can show you how to make a cryptographic key, how you can convert it a USB into a crypto key, when you plug your USB into a laptop, you basically unbox or unencrypt your drives and it unlocks your PC. And then you can have another layer of security on top of that and it can request for a password confirmation as well. So that’s really good security for you right there. In addition to all of this, I will also show you how to monitor traffic, how to protect yourselves, how to secure your environment, how to figure out what’s going on on the network. where to post listening, where to listen for the network traffic, how to figure out what is going on and such things. And in addition to all of this, my final thing that I would like to state here, is the disclaimer. I am not in any way responsible for what you do with the knowledge that I give you, I’m giving you this knowledge in good faith, this knowledge is presented here in good faith, that you will use it properly and that you will not abuse it in any way. As all of this is for educational purposes so that you will gain knowledge, not so that you go messing around with your neighbor’s Wi-Fi. I mean, just don’t that, it’s quite stupid, you have nothing to gain and you can get into a lot of trouble for no reason of whatsoever. So, that’s it, I’m gonna go head bid you all farewell and wish you a ton lot of luck with this course and I hope that you have a lot of fun as we go through a lot of these things.