ComputerSecurityStudent (CSS) [Login] [Join Now]




|GET STARTED >> Our Curriculum >> Current Page |Views: 89552

(Hac-King-Do)

{ Level-1 Training Certification }


Section 0. Legal Disclaimer
  1. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to Computer Security Student, LLC that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2015 No content replication of any kind is allowed without express written permission.

     

Section 1. Hac-King-Do
  1. What is Hac-King-Do?
    • Computer Security Student, LLC is pleased to offer a unique training certification in "Hac-King-Do (HKD)", which is a "Cyber Security Martial Arts Framework."
    • As you might know, becoming a Cyber Security Professional does not happen over night.  There is a Karate Kid "Wax On / Wax Off" approach that not only needs to occur from the ground up to create a strong foundation, but also requires daily practice to acquire discipline.

  2. Hands-On Philosophy
    • Hac-King-Do bridges the gap between theory and actual hands-on experience.  Computer Security Student, LLC offers hundreds of technical labs in the following subjects:
      • Building, Installing and/or Securing Operating Systems: Fedora, Ubuntu, CentOS, BackTrack 5R1, Kali, Windows XP, Windows 7, Windows 2K8, and more.
      • Installing and Securing Applications: SSH, Apache, Samba, NFS, Mail, DNS and more.
      • Performing Penetration Testing against both Operating Systems and Applications.
      • Performing Vulnerability Assessment against both Operating Systems and Applications.
      • Illustrating the following exploitation techniques: Password attacks, Trojan Horse Creation, Social Engineering, Buffer Overflows, Backdoors, Rootkits, Zero-Day Vulnerabilities, Web Injections, Man-in-the-Middle Attacks, and much more.  
      • Performing Web injection techniques against the following capture the flag web applications: DVWA, Mutillidae, and bWAPP.
      • Performing Forensic Analysis and Assessments against the above Operating Systems and Applications.
    • Go To Curriculum
  3. Become the Expert
    • Instead of just reading about a new exploit, would it not be great to prove the concept?  Instead of just letting a scanner tell you if you are vulnerable, would it not be great to actually know why or why not a computer device is actually vulnerable?  In addition to the previous questions, would it not be great to be your departments go-to resident expert that provides a business impact analysis to the executive chain when ever a vulnerability is discovered?
      • I hope your answers are yes to the above rhetorical questions. 
      • If your answers are yes, please review Section 4, which outlines our Level 1 Cyber Security Martial Arts Framework.

       

Section 2. What is the Battleground?
  1. What is the Battleground?
    • Undisturbed, the internet is a digital symphony of 0s and 1s lawfully participating in various communication protocols using the Open System Interconnect (OSI) Model.
      • The enemy manipulates these 0s and 1s and/or protocols to achieve an adverse result that usually deviates for the original design implementation.
      • The results are numerous: Denial of Service, Information Stealing, Webpage Graffiti, Computer/Application Damage via virus/worm, Webbots, rootkits, and much more.


  2. Who is Sun Tzu?
    • Sun Tzu was an ancient Chinese military general, strategist and philosopher who authored the Art of War, an influential ancient Chinese book on military strategy.
    • In the same way you prepare from physical warfare, you can also use his teachings to prepare for Cyber warfare.
      • Famous Quotes
        • Before the battle is fought, you should make estimations through calculations of the battleground.  In our case, the battleground is the OSI model and everything that communicates on it.
        • Whoever is first in the field and awaits the coming of the enemy will be fresh for the fight.  This is accomplished by practicing layered security throughout the OSI model.

         


  3. How does Hac-King-Do Apply?
    • Hac-King-Do spends a lot of time illustrating various attacks in the following layers:  Physical, Network, Transport, Session and Application.  Knowing the theory and having the hands-on experience is a powerful combination to help protect various resources.
    • Below is our Cyber Security Martial Arts Framework Curriculum that will outline the journey a student will take moving from belt to belt.

 

Section 3. Hac-King-Do: Access, Request Help & Lesson Completion
  1. How To Access the Hac-King-Do Curriculum
    • The following link illustrates how the student/user will access the Hac-King-Do Curriculum upon the completion of their registration membership.

  2. How To Request Help
  3. How To Complete Each Lesson
    • In order to complete a lesson, the student/user must Create a CSS Proof of Lab Submission Ticket.  The administrator will review the student/user's Submission and either (1) approve the submission -or- (2) request additional information.
    • The following link illustrates how the student/user can Create a CSS Proof of Lab Submission Ticket after all steps of the Proof of Lab Section have been completed.

  4. Curriculum Outline
    • Please continue to Section 4. Hac-King-Do: Cyber Security Martial Arts Framework (Level 1) to view the Hac-King-Do Curriculum in detail.

 

Section 4. Hac-King-Do: Cyber Security Martial Arts Framework (Level 1)
 
 
 
White Belt  
  1. White Belt (Building VMs, Vulnerable Apps & Password Resets Techniques) 
    • Meaning
      • White signifies a birth, or beginning, of a seed (ie., student).
      • A white belt student is beginning their learning life cycle and is is starting their Cyber Security Journey in Hac-King-Do.

    • Lesson Exercises
      • BackTrack 5R1
        • Installing and Building a Virtual Machine
        • Root Password Reset Techniques
          • Grub
          • Live CD
    • Damn Vulnerable WXP-SP2
      • Installing and Building a Virtual Machine
      • Full Patch Removal via WinBatch Script
      • Admin Password Reset Techniques
        • Hiren's
        • Pogo Stick
      • Installing Vulnerable Applications
      • Illustrating Basic Exploits with Metasploit

    • Example Lessons
      1. BackTrack: Lesson 1: Installing BackTrack 5 R1
      2. Hiren's: Boot CD: Offline NT/2000/XP/Vista/7 Password Changer
      3. See More
Yellow Belt  
  1. Yellow Belt (Advanced Metasploit Vulnerability Assessment)
Orange Belt  
  1. Orange Belt (Fedora 14 Basic System Administration)
    • Meaning
      • Orange represents the growing power of the sun as it warms the earth to prepare for new growth in the spring.
      • The orange belt student is starting to feel their mind open and develop new technical paradigms.

    • Lesson Exercises
      • Illustrating root password reset techniques (4)
      • Installing, Configure and Securing common applications
      • Installing and Configuring Security Layers
      • Testing Security Layers against an attack

    • Example Lessons
      1. Fedora: Lesson 1: Installing Fedora 14
      2. Fedora: Lesson 19: Testing denyhosts and brutessh.py
      3. See More
Green Belt  
  1. Green Belt (Damn Vulnerable Web App)
Blue Belt  
  1. Blue Belt (Metasploitable)
Brown Belt  
  1. Brown Belt (Ubuntu 12.04 Basic System Administration)
Red Belt  
  1. Red Belt (Mutillidae)
    • Meaning
      • Red signifies the red-hot heat of the Sun as the plant continues growing toward it.
      • As a red belt student acquires more detailed knowledge, just as the plant grows slowly toward the Sun, so the red belt student learns to be more cautious with his knowledge and physical abilities.
      • Red is a sign of danger, and the red belt is beginning to become dangerous with their knowledge and abilities.

    • Lesson Exercises
      • Installing and Configuring Mutillidae
      • Basic and Advanced Command Injections
      • Basic and Advanced Cross Site Scripting (XSS) Injections
      • Basic and Advanced SQL Injections
      • Man-in-the-Middle Attacks
      • Backdoor Techniques
      • Brute Force Password Techniques

    • Example Lessons
      1. Mutillidae: Lesson 1: How to Install Mutillidae on Fedora 14
      2. Mutillidae: Lesson 6: SQL Injection, Burpsuite, cURL, Man-In-The-Middle
      3. See More
Red Belt Black Stripe  
  1. Red Belt Black Stripe (Mutillidae)
Black Belt  
  1. Black Belt (Forensic Techniques)
    • Meaning
      • Black signifies the darkness beyond the Sun. A black belt seeks new, more profound knowledge of the Hac-King-Do.
      • As the student begins to teach others, he/she plants new seeds and helps them grow and mature.
      • His/Her students, many whom will form roots deep into Hac-King-Do, blossom and grow through the ranks in a never-ending process of self-growth, knowledge, and enlightenment.

    • Lesson Exercises
      • Window's Data Recovery (FTK, Foremost, Hiren's)
      • Linux Data Recovery (Autopsy, Foremost, Hiren's)
      • Windows Memory Acquisition (Helix)
      • Linux Memory Acquisition (Lime)
      • Memory Analysis (Volatility)
      • Data Hiding Techniques (bmap)
      • Web History Analysis
      • Steganography

    • Example Lessons
      1. Volatility: Lesson 3: Analyzing A Metasploit Memory Capture from Windows XP SP2
      2. Autopsy: Lesson 1: Analyzing Deleted JPEGs
      3. See More
Black Belt Gold Stripe  
  1. Black Belt Gold Stripe (Forensic Techniques)
    • Meaning
      • Black signifies the darkness beyond the Sun.
      • The Gold Stripe signifies the creation of eternal light from darkness.
      • The Hac-King-Do student starts down the road of reverse engineering and creating attack vectors.

    • Lesson Exercises
      • Learn how to Fuzz.
      • Learn how to determine how many bytes it takes to crash software.
      • Learn how to determine the OFFSET to override the EIP.
      • Learn how to extract a JMP ESP static memory location from SHELL32.dll.
      • Learn how to established control of the EIP.
      • Learn how to test the hexadecimal sequence list for bad characters.
      • Learn how to create a payload.
      • Learn how to encode the payload in perl output.
      • Learn how to successfully overflow the buffer and place the payload into memory thus allowing us to connect remotely with netcat.

    • Example Lessons
      1. Buffer Overflow: Lesson 1: PCMan's FTP Server 2.0.7 Buffer Overflow Explained
      2. Buffer Overflow: Lesson 2: Create PCMan Metasploit Module, Attack, and Capture Memory
      3. See More
   

 

Computer Security Student Join Now
($10.00 USD/Month)