(Hac-King-Do)

{ Level-1 Training Certification }

Section 0. Legal Disclaimer

Legal Disclaimer
- As a condition of your use of this Web site, you warrant to Computer Security Student, LLC that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
- © 2015 No content replication of any kind is allowed without express written permission.

Section 1. Hac-King-Do

What is Hac-King-Do?
- Computer Security Student, LLC is pleased to offer a unique training certification in "Hac-King-Do (HKD)", which is a "Cyber Security Martial Arts Framework."
- As you might know, becoming a Cyber Security Professional does not happen over night. There is a Karate Kid "Wax On / Wax Off" approach that not only needs to occur from the ground up to create a strong foundation, but also requires daily practice to acquire discipline.
Hands-On Philosophy
- Hac-King-Do bridges the gap between theory and actual hands-on experience. Computer Security Student, LLC offers hundreds of technical labs in the following subjects:
  - Building, Installing and/or Securing Operating Systems: Fedora, Ubuntu, CentOS, BackTrack 5R1, Kali, Windows XP, Windows 7, Windows 2K8, and more.
  - Installing and Securing Applications: SSH, Apache, Samba, NFS, Mail, DNS and more.
  - Performing Penetration Testing against both Operating Systems and Applications.
  - Performing Vulnerability Assessment against both Operating Systems and Applications.
  - Illustrating the following exploitation techniques: Password attacks, Trojan Horse Creation, Social Engineering, Buffer Overflows, Backdoors, Rootkits, Zero-Day Vulnerabilities, Web Injections, Man-in-the-Middle Attacks, and much more.
  - Performing Web injection techniques against the following capture the flag web applications: DVWA, Mutillidae, and bWAPP.
  - Performing Forensic Analysis and Assessments against the above Operating Systems and Applications.
- Go To Curriculum
Become the Expert
- Instead of just reading about a new exploit, would it not be great to prove the concept? Instead of just letting a scanner tell you if you are vulnerable, would it not be great to actually know why or why not a computer device is actually vulnerable? In addition to the previous questions, would it not be great to be your departments go-to resident expert that provides a business impact analysis to the executive chain when ever a vulnerability is discovered?
  - I hope your answers are yes to the above rhetorical questions.
  - If your answers are yes, please review Section 4, which outlines our Level 1 Cyber Security Martial Arts Framework.

Section 2. What is the Battleground?

What is the Battleground?
- Undisturbed, the internet is a digital symphony of 0s and 1s lawfully participating in various communication protocols using the Open System Interconnect (OSI) Model.
  - The enemy manipulates these 0s and 1s and/or protocols to achieve an adverse result that usually deviates for the original design implementation.
  - The results are numerous: Denial of Service, Information Stealing, Webpage Graffiti, Computer/Application Damage via virus/worm, Webbots, rootkits, and much more.
Who is Sun Tzu?
- Sun Tzu was an ancient Chinese military general, strategist and philosopher who authored the Art of War, an influential ancient Chinese book on military strategy.
- In the same way you prepare from physical warfare, you can also use his teachings to prepare for Cyber warfare.
  - Famous Quotes
    - Before the battle is fought, you should make estimations through calculations of the battleground. In our case, the battleground is the OSI model and everything that communicates on it.
    - Whoever is first in the field and awaits the coming of the enemy will be fresh for the fight. This is accomplished by practicing layered security throughout the OSI model.
How does Hac-King-Do Apply?
- Hac-King-Do spends a lot of time illustrating various attacks in the following layers: Physical, Network, Transport, Session and Application. Knowing the theory and having the hands-on experience is a powerful combination to help protect various resources.
- Below is our Cyber Security Martial Arts Framework Curriculum that will outline the journey a student will take moving from belt to belt.

Section 3. Hac-King-Do: Access, Request Help & Lesson Completion

How To Access the Hac-King-Do Curriculum
- The following link illustrates how the student/user will access the Hac-King-Do Curriculum upon the completion of their registration membership.
  - Accessing the Hac-King-Do Curriculum
How To Request Help
- The following link illustrates how the student/user can Create a CSS Help Ticket if they face an issue that they cannot resolve.
  - How to Create a CSS Help Request Ticket
How To Complete Each Lesson
- In order to complete a lesson, the student/user must Create a CSS Proof of Lab Submission Ticket. The administrator will review the student/user's Submission and either (1) approve the submission -or- (2) request additional information.
- The following link illustrates how the student/user can Create a CSS Proof of Lab Submission Ticket after all steps of the Proof of Lab Section have been completed.
  - How to Create a CSS Proof of Lab Submission Ticket
Curriculum Outline
- Please continue to Section 4. Hac-King-Do: Cyber Security Martial Arts Framework (Level 1) to view the Hac-King-Do Curriculum in detail.

Section 4. Hac-King-Do: Cyber Security Martial Arts Framework (Level 1)

White Belt
	White Belt (Building VMs, Vulnerable Apps & Password Resets Techniques) Meaning White signifies a birth, or beginning, of a seed (ie., student). A white belt student is beginning their learning life cycle and is is starting their Cyber Security Journey in Hac-King-Do. Lesson Exercises BackTrack 5R1 Installing and Building a Virtual Machine Root Password Reset Techniques Grub Live CD Damn Vulnerable WXP-SP2 Installing and Building a Virtual Machine Full Patch Removal via WinBatch Script Admin Password Reset Techniques Hiren's Pogo Stick Installing Vulnerable Applications Illustrating Basic Exploits with Metasploit Example Lessons BackTrack: Lesson 1: Installing BackTrack 5 R1 Hiren's: Boot CD: Offline NT/2000/XP/Vista/7 Password Changer See More
Yellow Belt
	Yellow Belt (Advanced Metasploit Vulnerability Assessment) Meaning Yellow signifies the first beams of sunlight which shines upon the seed (i.e., student) giving it new strength with the beginning of new life. As the yellow belt student continues practicing these vulnerability and exploitation lessons their mind is opened from newly enlightened rays of knowledge. Lesson Exercises Illustrating Advanced Vulnerability Lessons with Metasploit MS08-067 MS10-018 Adobe Flash Social Engineering Toolkit Example Lessons NMAP: Lesson 3: Use ZENMAP and NMAP on BackTrack 5 R1 NESSUS: Lesson 3: Scan with Nessus on BackTrack 5R1 Metasploit: MS08-067: BackTrack5R1: Establishing A Shell To The Vulnerable Machine See More
Orange Belt
	Orange Belt (Fedora 14 Basic System Administration) Meaning Orange represents the growing power of the sun as it warms the earth to prepare for new growth in the spring. The orange belt student is starting to feel their mind open and develop new technical paradigms. Lesson Exercises Illustrating root password reset techniques (4) Installing, Configure and Securing common applications Installing and Configuring Security Layers Testing Security Layers against an attack Example Lessons Fedora: Lesson 1: Installing Fedora 14 Fedora: Lesson 19: Testing denyhosts and brutessh.py See More
Green Belt
	Green Belt (Damn Vulnerable Web App) Meaning Green signifies the growth of the seed as it sprouts from the earth reaching toward the sun and begins to grow into a plant. A green belt student continues to strengthen and acquirement new attack vectors to add to their Hac-King-Do paradigm. Lesson Exercises Installing and Configuring DVWA Basic and Advanced Command Injections Basic and Advanced Cross Site Scripting (XSS) Injections Basic and Advanced SQL Injections Man-in-the-Middle Attacks Backdoor Techniques Brute Force Password Techniques Example Lessons Damn Vulnerable Web App (DVWA): Lesson 1: How to Install DVWA in Fedora 14 Damn Vulnerable Web App (DVWA): Lesson 2: Command Execution Basic Testing See More
Blue Belt
	Blue Belt (Metasploitable) Meaning Blue signifies the blue sky as the plant continues to grow toward it. A blue belt student moves up higher in rank just as the plant grows taller towards the blue sky. The student is fed additional knowledge through continual practice. Lesson Exercises Install and Configuring Physical Exploitation Techniques Buffer Overflow Privilege Escalation Operating System Password Cracking Database Brute Force and Table Enumeration Example Lessons Metasploitable Project: Lesson 1: Downloading and Configuring Metasploitable Project: Lesson 10: Exploiting Samba, Obtain Hashes, John the Ripper See More
Brown Belt
	Brown Belt (Ubuntu 12.04 Basic System Administration) Meaning Brown represents the ripening of the seed, a maturing and harvesting process. A brown belt is an advanced student whose techniques are beginning to mature, and they are beginning to understand the fruits of their hard work. Lesson Exercises Illustrating root password reset techniques (4) Installing, Configure and Securing common applications Installing and Configuring Security Layers Testing Security Layers against an attack Example Lessons Ubuntu: Lesson 1: Installing Ubuntu Desktop 12.04 LTS Ubuntu: Lesson 2: Use Ubuntu 12.04 Grub to boot into single user mode See More
Red Belt
	Red Belt (Mutillidae) Meaning Red signifies the red-hot heat of the Sun as the plant continues growing toward it. As a red belt student acquires more detailed knowledge, just as the plant grows slowly toward the Sun, so the red belt student learns to be more cautious with his knowledge and physical abilities. Red is a sign of danger, and the red belt is beginning to become dangerous with their knowledge and abilities. Lesson Exercises Installing and Configuring Mutillidae Basic and Advanced Command Injections Basic and Advanced Cross Site Scripting (XSS) Injections Basic and Advanced SQL Injections Man-in-the-Middle Attacks Backdoor Techniques Brute Force Password Techniques Example Lessons Mutillidae: Lesson 1: How to Install Mutillidae on Fedora 14 Mutillidae: Lesson 6: SQL Injection, Burpsuite, cURL, Man-In-The-Middle See More
Red Belt Black Stripe
	Red Belt Black Stripe (Mutillidae) Meaning Red signifies the red-hot heat of the Sun. The Black Stripe signifies the future blossom of becoming a Black Belt. Lesson Exercises Installing and Configuring Damn Vulnerable Windows 7. Binding a Payload to Putty with msfpayload and msfencode. Advanced Metasploit Lessons. Forensics memory dump captures of live attacks. Example Lessons Metasploit: Using msfpayload & msfencode: Kali 1.0: msfencode Putty with msfpayload on Windows 7 Metasploit: CVE-2007-6377: Kali 1.0: BadBlue 2.72b PassThru Overflow, MimiKatz, WinPMEM Memory Dump See More
Black Belt
	Black Belt (Forensic Techniques) Meaning Black signifies the darkness beyond the Sun. A black belt seeks new, more profound knowledge of the Hac-King-Do. As the student begins to teach others, he/she plants new seeds and helps them grow and mature. His/Her students, many whom will form roots deep into Hac-King-Do, blossom and grow through the ranks in a never-ending process of self-growth, knowledge, and enlightenment. Lesson Exercises Window's Data Recovery (FTK, Foremost, Hiren's) Linux Data Recovery (Autopsy, Foremost, Hiren's) Windows Memory Acquisition (Helix) Linux Memory Acquisition (Lime) Memory Analysis (Volatility) Data Hiding Techniques (bmap) Web History Analysis Steganography Example Lessons Volatility: Lesson 3: Analyzing A Metasploit Memory Capture from Windows XP SP2 Autopsy: Lesson 1: Analyzing Deleted JPEGs See More
Black Belt Gold Stripe
	Black Belt Gold Stripe (Forensic Techniques) Meaning Black signifies the darkness beyond the Sun. The Gold Stripe signifies the creation of eternal light from darkness. The Hac-King-Do student starts down the road of reverse engineering and creating attack vectors. Lesson Exercises Learn how to Fuzz. Learn how to determine how many bytes it takes to crash software. Learn how to determine the OFFSET to override the EIP. Learn how to extract a JMP ESP static memory location from SHELL32.dll. Learn how to established control of the EIP. Learn how to test the hexadecimal sequence list for bad characters. Learn how to create a payload. Learn how to encode the payload in perl output. Learn how to successfully overflow the buffer and place the payload into memory thus allowing us to connect remotely with netcat. Example Lessons Buffer Overflow: Lesson 1: PCMan's FTP Server 2.0.7 Buffer Overflow Explained Buffer Overflow: Lesson 2: Create PCMan Metasploit Module, Attack, and Capture Memory See More

($10.00 USD/Month)