InfoSec Institute Ethical Hacking Day 2

30 November -0001

I've just finished the second day of InfoSec Institute's Ethical Hacking class ( and the breakneck pace has not let up. Day two went from 8:30 AM until well after 6 PM. The firehose of information did not slack one bit, covering new topics, labs, and exercises. While the pace is intense, the information is all good, and I barely noticed the time flying by.

Day two covered a lot of network recon, including nmap usage as well as other tools for interrogating remote machines. Day two built upon some of the networking lessons of the first day - understanding various protocols and how the function is integral to reconnaissance of remote systems. Lessons covered tools as well as differences between operating systems (details such as the difference between traceroute on Linux/Unix and tracert on Windows). These lessons covered both active and passive recon, including zombie idle scans, one of my favorite topics for its sheer elegance. The lessons also included the use of tools like hping as well as stealth scanning techniques.

The day also included lessons about target enumeration. This included information on how to use tools like nmap to do OS fingerprinting, but also lesser known techniques such as netcat banner grabbing, httprint and xprobe2. The lab exercises involved utilizing the virtual machines to test techniques and monitor scanning from both the attacker and defender perspective - an invaluable exercise in my opinion.

Once we were done with target exploration the class turned to password security. The training did a lot of justice to this incredibly rich topic. The class covered both Windows and Linux/Unix password storage mechanisms, protections, and cracking techniques. The lessons included not only offensive techniques, but also graphic depictions of the threats posed to password security of operating systems. For instance, the training points out how rainbow tables can be used to crack even complex passwords, and the threat to password files on filesystems without encryption. I found this material extremely topical given the latest legal requirements concerning filesystem security (FERPA, HIPPA, etc.). The topics covered defensive measures systems administrators can take to defend their password stores as well as common password file stealing and cracking techniques.

The class ended with a lab that went through password cracking and a capture the flag exercise that involved enumerating a target, and stealing a password file. I very much enjoyed the CTF exercise, and would like to repeat it at my own leisure, because unfortunately I ended up crashing hard near the end of the class. The breakneck pace is both exhilarating and exhausting.

The class is scheduled to end with two certification exams, the CPT exam on Thursday evening and the CEH on Friday. With these two exams fast approaching there is more than enough material to study to occupy my free evening time (not to mention keeping an eye on the election results). The class is taking a lot out of me, but it's totally worth it. So far it's been top notch, with interesting, informative lectures and fun and educational labs and capture the flag exercises. Jeremy again kept the class lively and flowing and was on top of not only the subject matter but also the needs of students and the class.