> For the complete documentation index, see [llms.txt](https://mainekhacker-1.gitbook.io/mainekhacker/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mainekhacker-1.gitbook.io/mainekhacker/complete-computer-networking.md). # Complete Computer Networking {% stepper %} {% step %} ## Module 1: Networking Fundamentals ### 1.1 OSI Model & TCP/IP Stack The OSI model is a conceptual framework that standardizes network communication functions. Understanding each layer is crucial for identifying where attacks occur and how to defend against them. #### OSI Model (7 Layers) **Layer 1 - Physical Layer** Deals with the physical transmission of data over network media. This includes cables, radio frequencies, voltage levels, and physical topologies. Ethical hackers need to understand physical layer vulnerabilities like cable tapping, electromagnetic interference, and physical access attacks. Key concepts: Bits, encoding schemes, modulation, transmission media (copper, fiber, wireless), network topologies (bus, star, ring, mesh), hubs, repeaters. **Layer 2 - Data Link Layer** Responsible for node-to-node data transfer and error detection/correction. Divided into two sublayers: MAC (Media Access Control) and LLC (Logical Link Control). Key concepts: Frames, MAC addresses, switches, bridges, ARP (Address Resolution Protocol), VLANs, collision domains, broadcast domains, Ethernet, Wi-Fi protocols (802.11), MAC flooding, ARP spoofing/poisoning. **Layer 3 - Network Layer** Handles logical addressing and routing of packets across networks. This is where IP addresses operate and where many reconnaissance and scanning activities occur. Key concepts: IP addressing (IPv4/IPv6), subnetting, CIDR notation, routing protocols (RIP, OSPF, BGP, EIGRP), routers, ICMP, packet fragmentation, TTL, routing tables, traceroute, IP spoofing, ICMP tunneling. **Layer 4 - Transport Layer** Provides end-to-end communication services, ensuring data delivery, segmentation, and flow control. Critical for understanding port scanning and service enumeration. Key concepts: TCP (connection-oriented, three-way handshake, sequence numbers, acknowledgments, flow control, windowing), UDP (connectionless, faster but unreliable), ports (0-65535), port numbers (well-known 0-1023, registered 1024-49151, dynamic 49152-65535), TCP flags (SYN, ACK, FIN, RST, PSH, URG), session hijacking, TCP reset attacks. **Layer 5 - Session Layer** Manages sessions between applications, establishing, maintaining, and terminating connections. Key concepts: Session establishment, authentication, authorization, session tokens, NetBIOS, RPC (Remote Procedure Call), session fixation attacks. **Layer 6 - Presentation Layer** Translates data between application and network formats, handling encryption, compression, and encoding. Key concepts: Data encryption/decryption, SSL/TLS, data compression, character encoding (ASCII, Unicode), serialization, format conversion. **Layer 7 - Application Layer** Provides network services directly to end-user applications. Most application-level attacks target this layer. Key concepts: HTTP/HTTPS, DNS, FTP, SMTP, POP3, IMAP, SSH, Telnet, SNMP, DHCP, NTP, application protocols, API security. #### TCP/IP Model (4 Layers) A more practical model actually used in modern networking: Network Access Layer (combines OSI 1-2), Internet Layer (OSI 3), Transport Layer (OSI 4), Application Layer (combines OSI 5-7). *** ### 1.2 IP Addressing & Subnetting #### IPv4 Addressing IPv4 uses 32-bit addresses written in dotted decimal notation (four octets). Understanding IP addressing is fundamental for network reconnaissance and identifying target systems. Address Classes: * Class A: 1.0.0.0 to 126.255.255.255 (default mask 255.0.0.0 or /8) - Large networks * Class B: 128.0.0.0 to 191.255.255.255 (default mask 255.255.0.0 or /16) - Medium networks * Class C: 192.0.0.0 to 223.255.255.255 (default mask 255.255.255.0 or /24) - Small networks * Class D: 224.0.0.0 to 239.255.255.255 - Multicast * Class E: 240.0.0.0 to 255.255.255.255 - Experimental Private IP Ranges (RFC 1918): * 10.0.0.0/8 (10.0.0.0 to 10.255.255.255) * 172.16.0.0/12 (172.16.0.0 to 172.31.255.255) * 192.168.0.0/16 (192.168.0.0 to 192.168.255.255) Special Addresses: * Loopback: 127.0.0.0/8 (127.0.0.1 most commonly used) * APIPA: 169.254.0.0/16 (automatic private IP addressing when DHCP fails) * Broadcast: Last address in a subnet #### Subnetting Techniques Subnetting divides networks into smaller, more manageable subnetworks. Essential for understanding network segmentation and identifying network boundaries during penetration testing. Key points: * Subnet Mask: Determines network vs host portion. Dotted decimal or CIDR. * CIDR Notation Examples: * /24 = 255.255.255.0 = 256 total addresses (254 usable hosts) * /25 = 255.255.255.128 = 128 total addresses (126 usable hosts) * /26 = 255.255.255.192 = 64 total addresses (62 usable hosts) * /27 = 255.255.255.224 = 32 total addresses (30 usable hosts) * /28 = 255.255.255.240 = 16 total addresses (14 usable hosts) * /29 = 255.255.255.248 = 8 total addresses (6 usable hosts) * /30 = 255.255.255.252 = 4 total addresses (2 usable hosts, used for point-to-point links) Calculating Subnets: * Determine network requirements (subnets needed, hosts per subnet) * Calculate subnet mask by borrowing host bits * Identify network address (first address), broadcast address (last address), and usable host range * Formula: Usable hosts = 2^(host bits) - 2 #### IPv6 Addressing IPv6 uses 128-bit addresses written in hexadecimal notation, separated by colons. Created to solve IPv4 address exhaustion. Format: Eight groups of four hexadecimal digits (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334) Abbreviation Rules: * Leading zeros in a group can be omitted * Consecutive groups of zeros can be replaced with :: (only once per address) IPv6 Address Types: * Unicast: Single interface (Global, Link-Local fe80::/10, Unique Local fc00::/7) * Multicast: Multiple interfaces (ff00::/8) * Anycast: Nearest interface from a group Key Differences from IPv4: * No broadcast (uses multicast instead) * No NAT requirement * Built-in IPsec support * Simplified header structure * Neighbor Discovery Protocol replaces ARP *** ### 1.3 Network Protocols Deep Dive #### Ethernet (IEEE 802.3) Ethernet frame structure: * Preamble (7 bytes) * Start Frame Delimiter (1 byte) * Destination MAC (6 bytes) * Source MAC (6 bytes) * EtherType/Length (2 bytes) * Payload (46-1500 bytes) * Frame Check Sequence (4 bytes) MAC Address: 48-bit hardware address, first 24 bits OUI, format XX:XX:XX:XX:XX:XX. #### ARP (Address Resolution Protocol) Maps IP addresses to MAC addresses on local networks. Vulnerable to spoofing attacks. ARP process and ARP cache behavior described; ARP poisoning risks. #### ICMP (Internet Control Message Protocol) Used for diagnostic and error reporting. Useful in reconnaissance (ping sweeps, OS fingerprinting), covert channels, DDoS. Common types: Echo Request/Reply, Destination Unreachable, Redirect, Time Exceeded. #### TCP (Transmission Control Protocol) Connection-oriented, reliable. Three-way handshake and four-way termination. TCP flags, header fields, and port scanning techniques detailed (SYN, Connect, FIN, NULL, XMAS, ACK scans). #### UDP (User Datagram Protocol) Connectionless, low overhead. UDP header fields and scanning complexities noted. No guarantees; ICMP responses indicate closed ports. #### DNS (Domain Name System) Translates domain names to IP addresses. Hierarchy (root, TLD, authoritative). DNS records (A, AAAA, CNAME, MX, NS, PTR, SOA, TXT, SRV). Use in reconnaissance, cache poisoning, tunneling, amplification. #### DHCP (Dynamic Host Configuration Protocol) Automatic IP assignment (DORA: Discover, Offer, Request, Acknowledge). Provides IP, mask, gateway, DNS, lease time. Attacks: DHCP starvation, rogue DHCP. *** ### 1.4 Routing & Switching #### Switching (Layer 2) Switch learns MAC addresses, builds CAM table, forwards frames. VLANs segment broadcast domains. Switch attacks: MAC flooding, VLAN hopping, STP manipulation, CDP/LLDP reconnaissance. #### Routing (Layer 3) Routers forward based on routing tables. Route types (directly connected, static, dynamic). Routing protocols: RIP, EIGRP, OSPF, IS-IS, BGP. Administrative distances: Direct (0), Static (1), EIGRP (90), OSPF (110), RIP (120), External EIGRP (170). Routing attacks: route injection, BGP hijacking, black hole routing. *** ### 1.5 Wireless Networking (802.11) Wi‑Fi standards (802.11a/b/g/n/ac/ax) and wireless architecture (infrastructure/ad-hoc). SSID, BSSID, channels. Security protocols: WEP (deprecated), WPA (TKIP), WPA2 (AES-CCMP), WPA3 (SAE, forward secrecy). Authentication methods: Open, Shared Key, EAP variants. Wireless attacks: wardriving, WEP/WPA cracking, evil twin, rogue AP, de-auth attacks, KRACK, WPS PIN attacks. Best practices: WPA3 or WPA2-Enterprise, strong passphrases, disable WPS, firmware updates, 802.1X, VPN for sensitive data. {% endstep %} {% step %} ## Module 2: Network Services & Protocols ### 2.1 Web Services (HTTP/HTTPS) #### HTTP Stateless request-response protocol (port 80). Request structure: Method URI HTTP/Version, headers, blank line, optional body. Methods: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS, TRACE, CONNECT. Status codes: 1xx, 2xx, 3xx, 4xx, 5xx (examples included). Important headers: Host, User-Agent, Accept, Cookie, Referer, Authorization, Server, Set-Cookie, Content-Type, Cache-Control, X-Frame-Options, CSP, etc. Cookies: Attributes Domain, Path, Expires/Max-Age, Secure, HttpOnly, SameSite. #### HTTPS HTTP over TLS/SSL (port 443). TLS handshake steps, versions (SSL deprecated, TLS 1.2/1.3 recommended). Certificate validation steps and common TLS/HTTPS vulnerabilities (downgrade, weak ciphers, SSL stripping, etc.). Security testing: method enumeration, header analysis, cookie flags, TLS configuration, security headers. *** ### 2.2 File Transfer Protocols #### FTP Uses control (21) and data channels. Active vs Passive modes. Cleartext credentials, anonymous FTP, commands (USER, PASS, LIST, RETR, STOR, etc.). Vulnerabilities: cleartext auth/data, anonymous access, bounce attack, directory traversal. #### FTPS, SFTP, TFTP * FTPS: FTP over TLS (explicit/implicit). * SFTP: File transfer over SSH (port 22). * TFTP: UDP port 69, no auth, used for device booting; insecure if misconfigured. *** ### 2.3 Email Protocols #### SMTP Sends mail (ports 25, 587, 465). Commands HELO/EHLO, MAIL FROM, RCPT TO, DATA. Vulnerabilities: spoofing, open relay, user enumeration, cleartext. Security extensions: SPF, DKIM, DMARC, STARTTLS. #### POP3 & IMAP POP3 (110/995) downloads mail to client; limited server-side management. IMAP (143/993) supports multiple devices, server-side folders, partial fetch. SSL/TLS options exist. Security testing includes enumeration, brute force, open relay testing, TLS config. *** ### 2.4 Remote Access Protocols #### SSH Encrypted admin access (port 22). Authentication: password, public key, keyboard-interactive. Security: use SSH-2, strong keys, disable root login, public key auth, fail2ban. Attacks: brute force, MITM (if keys not verified), key theft. #### Telnet Unencrypted (port 23). Sends credentials in cleartext. Use only for testing, replaced by SSH. #### RDP & VNC RDP (3389) features GUI remote access. Security: NLA, TLS, Credential Guard. Vulnerabilities include BlueKeep and brute force. VNC (5900) often lacks encryption; use tunnels. *** ### 2.5 Directory Services #### LDAP & Active Directory LDAP (389/636) directory access protocol. AD uses LDAP, Kerberos, DNS. AD components: domains, trees, forests, OUs, objects, DCs. Kerberos flow (TGT, service tickets). AD attacks: LDAP injection, password spraying, Kerberoasting, AS-REP roasting, Golden/Silver tickets, Pass-the-Hash/Ticket, DCSync, Bloodhound mapping. Enumeration: users, computers, SPNs, ACLs, GPOs. *** ### 2.6 Network Management & Monitoring #### SNMP Ports 161/162. Versions v1/v2c (cleartext community strings), v3 (auth & encryption). Components: manager, agent, MIB, OID. Operations: GET, GETNEXT, GETBULK, SET, TRAP. Vulnerabilities: default community strings, information disclosure, amplification. #### Syslog Logging standard (UDP 514/TCP 6514). Message format includes facility, severity, timestamp, hostname, application, message. No default auth; use TLS to secure. #### NTP Time sync (UDP 123). Importance for logs, Kerberos. Vulnerabilities: amplification, time manipulation, monlist. *** ### 2.7 File Sharing & Name Resolution #### SMB/CIFS Windows file/printer sharing (445/139). Versions: SMBv1 (vulnerable), SMBv2, SMBv3 (encryption). Attacks: EternalBlue, null sessions, SMB relay, pass-the-hash, NTLM theft, responder attacks. #### NetBIOS & NFS NetBIOS ports 137/138/139 for name and session services; can enumerate names and shares. NFS (2049) has authentication/permission issues, often lacking encryption. *** ### 2.8 Database Services Databases and common ports: * MySQL (3306): default root, weak passwords, SQL injection risks. * PostgreSQL (5432): role-based, SSL support. * MSSQL (1433): xp\_cmdshell, linked servers. * MongoDB (27017): often no auth by default (older versions). * Redis (6379): often exposed, arbitrary file write risks. Common attacks: SQL injection, weak/default accounts, remote access exposure, privilege escalation. {% endstep %} {% step %} ## Module 3: Network Security Concepts ### 3.1 Firewalls Types: packet filtering, stateful inspection, application layer, NGFW, WAF. Rule considerations: order matters, default deny/allow, logging. Evasion techniques: fragmentation, tunneling, port hopping, encryption, timing manipulation. ### 3.2 Intrusion Detection & Prevention Systems IDS alerts, IPS blocks. Types: NIDS/NIPS, HIDS/HIPS. Detection methods: signature-based, anomaly-based, stateful analysis, heuristic. Evasion: fragmentation, obfuscation, encryption, timing attacks. Common tools: Snort, Suricata, Zeek, OSSEC, Fail2ban. ### 3.3 VPN Remote access and site-to-site VPNs. Protocols: IPsec (AH/ESP, IKE), SSL/TLS VPNs, OpenVPN, WireGuard, PPTP (insecure), L2TP/IPsec. Security considerations: strong crypto, PFS, DNS/IPv6 leak prevention, kill switch, logs. Attacks: credential compromise, MITM, DNS hijacking. ### 3.4 NAT Purpose and types: static, dynamic, PAT. Process outbound and implications: hides internal IPs, complicates inbound connections. Traversal techniques: port forwarding, UPnP, STUN/TURN/ICE. Pen testing implications: complicates reverse shells, need tunneling. ### 3.5 Proxy Servers Forward vs reverse proxies, transparent, anonymous, high-anonymity, SOCKS4/5. Uses: caching, filtering, anonymity, load balancing, SSL termination. Detection: headers (Via, X-Forwarded-For), JS checks, DNS leaks. ### 3.6 DMZ Network segment for public services. Architectures (two-firewall, three-legged). Services hosted: web, mail, DNS, FTP, VPN. Security: minimal DMZ-to-internal access, hardening, segregation, monitoring. DMZ compromise used for pivoting during pen tests. {% endstep %} {% step %} ## Module 4: Security Reconnaissance & Scanning ### 4.1 Information Gathering (OSINT) Passive techniques: search engine reconnaissance (Google dorking), Shodan, Censys, FOFA. Domain & DNS recon: WHOIS, DNS records, zone transfers, subdomain enumeration. Social media intel: LinkedIn, Twitter, GitHub. Website recon: robots.txt, sitemap, source code, metadata. Email recon: format discovery, breach databases. Company info: job postings, maps, physical security clues. ### 4.2 Active Reconnaissance Host discovery: ICMP, TCP SYN/ACK, UDP, ARP scans. Port scanning techniques (TCP SYN, Connect, FIN, NULL, XMAS, ACK, Idle, UDP). Scanning tactics: sequential, random, rate limiting, decoys, fragmentation. Port states: open, closed, filtered, unfiltered. Service & version detection: banner grabbing, probes. OS detection: passive (TTL, windows size) and active fingerprinting. ### 4.3 Vulnerability Scanning Automated scanners (Nessus, OpenVAS, Qualys, Nexpose, Nikto, WPScan). Assessment process: discovery, scanning, analysis, remediation, rescanning. Databases: CVE, NVD, CVSS, CWE, OWASP Top 10. Scan types: network/web/database, authenticated vs unauthenticated. Beware false positives/negatives and validate findings manually. ### 4.4 Enumeration Difference between scanning and enumeration. Windows enumeration: NetBIOS, SMB shares, user/group, policy. SNMP enumeration: walk MIB tree, extract system info. AD enumeration: users, GPOs, trusts, SPNs. LDAP enumeration: anonymous binds, user attributes. Linux/Unix enumeration: NFS exports, SMTP VRFY/EXPN, web app directory brute forcing, DB enumeration. {% endstep %} {% step %} ## Module 5: Exploitation Fundamentals ### 5.1 Understanding Exploits Exploit types: remote, local, client-side. Exploit dev phases: vulnerability research, fuzzing, POC, weaponization. Shellcode types: bind, reverse, staged, non-staged. Payload encoding and common encoders (Shikata ga nai, XOR, Base64). ### 5.2 Common Vulnerability Classes * Buffer overflow (stack/heap), protections (DEP, ASLR, canaries) and bypasses (ROP, info leaks). * Injection attacks: SQLi (in-band, error-based, blind, time-based), command injection, LDAP/XML injection. * XSS (reflected, stored, DOM), impacts and payloads. * CSRF and protections (anti-CSRF tokens, SameSite). * RCE: deserialization, template injection, file upload. * File inclusion (LFI/RFI), directory traversal, SSRF, insecure deserialization, business logic flaws. ### 5.3 Web Application Exploitation Authentication & session management issues (weak creds, predictable tokens, session fixation). Brute force techniques (password spraying, credential stuffing). Broken access control (IDOR), security misconfiguration, sensitive data exposure. API and GraphQL-specific issues. ### 5.4 Network Service Exploitation Service-specific attacks: * FTP: anonymous access, bounce, directory traversal. * SSH/Telnet: weak creds, cleartext. * SMTP: open relay, user enumeration. * DNS: zone transfer, cache poisoning, DNS tunneling. * SNMP: default community strings. * SMB: EternalBlue, null sessions, relays. * RDP: BlueKeep, brute force. * Databases: SQLi, weak creds, xp\_cmdshell. {% endstep %} {% step %} ## Module 6: Post-Exploitation ### 6.1 Maintaining Access Backdoors: web shells, reverse/bind shells, RATs, rootkits. Persistence techniques on Windows (registry Run keys, scheduled tasks, services, WMI event subscriptions, DLL hijacking, logon scripts) and Linux (cron, init/systemd, .bash\_profile, authorized\_keys, SUID backdoors, LD\_PRELOAD). ### 6.2 Privilege Escalation Purpose and vectors. Windows: * Unquoted service paths, weak service perms, AlwaysInstallElevated, DLL hijacking, token impersonation, stored credentials. * Enumeration areas: user privileges, groups, running processes, services, scheduled tasks. * Tools: WinPEAS, PowerUp, Sherlock, Watson. Linux: * SUID binaries, sudo misconfig, cron abuse, PATH hijacking, kernel exploits (Dirty COW, Dirty Pipe), writable critical files, Docker escapes. * Tools: LinPEAS, Linux Exploit Suggester, pspy. Use GTFOBins for SUID techniques. ### 6.3 Lateral Movement Techniques: Pass-the-Hash, Pass-the-Ticket, PsExec, WMI, PowerShell Remoting, RDP, SSH. Credential harvesting with Mimikatz, NTDS.dit dumps. Token impersonation, pivoting (SSH tunnels, proxying, Chisel, SOCKS, VPN through compromised host). ### 6.4 Data Exfiltration Methods: direct transfer (FTP/SFTP, HTTP POST, SCP, email, cloud), covert channels (DNS/ICMP tunneling, steganography, HTTP headers). Compress/encrypt and chunk data. Tools: DNSCat2, Iodine, dnsexfil, PyExfil. {% endstep %} {% step %} ## Module 7: Wireless Hacking ### 7.1 Wireless Reconnaissance Wi‑Fi card modes: managed, monitor, master. Put card into monitor mode (e.g., airmon-ng commands). Passive vs active scanning. Information gathered: SSID, BSSID, channel, encryption, clients. Tools: airodump-ng, Kismet, inSSIDer. ### 7.2 WEP Cracking Weak IVs, IV reuse, RC4 weaknesses. Process: capture packets, inject to generate traffic, collect IVs, crack with aircrack-ng. Injection techniques: ARP replay, fake auth, fragmentation, chopchop. ### 7.3 WPA/WPA2 Cracking Capture four-way handshake, deauth clients to force reconnection, offline dictionary attacks with aircrack-ng or hashcat (e.g., -m 22000). WPA/WPA2-Enterprise attacks: rogue RADIUS, credential harvesting. WPS PIN attacks: Reaver, Pixie Dust. ### 7.4 Evil Twin & Rogue AP Create fake AP with same SSID, deauth clients, capture credentials, perform MitM. Tools: hostapd, dnsmasq, airbase-ng, WiFi-Pumpkin, Fluxion. Captive portal credential capture technique. ### 7.5 Bluetooth Hacking Discover devices, enumerate services. Attacks: bluejacking, bluesnarfing, BlueSmack DoS. Tools: hcitool, sdptool, bluez-tools, Redfang. {% endstep %} {% step %} ## Module 8: Social Engineering & Physical Security ### 8.1 Social Engineering Principles Psychological triggers: authority, urgency, scarcity, social proof, liking, fear. Pretexting and phishing types (spear, whaling, vishing, smishing, clone). Baiting, quid pro quo, tailgating/piggybacking. ### 8.2 Creating Social Engineering Campaigns Reconnaissance: gather target info, org structure, email formats. Campaign design: objective, vector, pretext, content. Phishing email crafting: convincing sender, subject, format, CTA. Tools: SET, GoPhish, King Phisher, Evilginx2. ### 8.3 Physical Security Physical pen test techniques: tailgating, badge cloning, lock picking, impersonation, dumpster diving, building recon. RFID cloning tools: Proxmark, Chameleon Mini. Lock picking basics and reconnaissance methods for physical access assessment. {% endstep %} {% step %} ## Module 9: Password Cracking & Hash Analysis ### 9.1 Password Hashing Hash functions (one-way). Common hashes: MD5, SHA-1, SHA-256/512, NTLM, bcrypt, scrypt, Argon2. Salt and pepper concepts. Storage best practices: use bcrypt/scrypt/Argon2, unique salt, key stretching. ### 9.2 Password Cracking Techniques Dictionary, brute force, hybrid, rule-based, mask attacks, rainbow tables (defeated by salts), pass-the-hash. ### 9.3 Password Cracking Tools Hashcat (GPU), John the Ripper (CPU), Hydra/Medusa (online brute forcing), CrackStation. ### 9.4 Windows Password Attacks Storage: SAM, NTDS.dit, LSA secrets, Credential Manager. Extraction: dump SAM/SYSTEM, Mimikatz. Hashes: LM (legacy), NTLM. Pass-the-Hash and Mimikatz capabilities. ### 9.5 Linux Password Attacks Storage: /etc/passwd (public), /etc/shadow (root). Shadow format and hash IDs (MD5, bcrypt, SHA-256/512, yescrypt). Extraction requires root; use john/hashcat for cracking. SSH key attacks: crack passphrases, steal authorized\_keys. {% endstep %} {% step %} ## Module 10: Malware & Payloads ### 10.1 Malware Types Virus, worm, trojan, rootkit, ransomware, spyware, adware, botnet. ### 10.2 Payload Generation Metasploit/MSFVenom payloads and formats (exe, elf, php, jsp, apk). Common payloads: meterpreter variants. Encoding (Shikata\_ga\_nai, XOR) and evasion techniques (obfuscation, packing, anti-VM, sleep/delay). ### 10.3 Advanced Payloads Meterpreter features: in-memory operation, file system, process manipulation, pivoting, privilege escalation, screenshots, keylogging, hashdump. Staged vs non-staged payloads. Custom shellcode development and framework integration. {% endstep %} {% step %} ## Module 11: Covering Tracks ### 11.1 Log Manipulation Log locations (Linux: /var/log/\*, \~/.bash\_history; Windows: Event Viewer, IIS, PowerShell logs). Clearing/editing logs: techniques and implications. Better approach: minimize footprint, blend with normal traffic. ### 11.2 Rootkits User-mode vs kernel-mode rootkits, techniques (API hooking, DKOM, SSDT). Bootkits (MBR/UEFI). Detection via integrity checks, memory analysis, behavioral monitoring. {% endstep %} {% step %} ## Module 12: Security Best Practices & Defense ### 12.1 Defense in Depth Layered security: physical, perimeter, segmentation, host hardening, application security, encryption, access control, monitoring, incident response. ### 12.2 Secure Configuration System hardening: disable unnecessary services, remove defaults, strong passwords, patching, least privilege, CIS benchmarks. Network hardening: segmentation, disable unused ports/protocols, VLANs, ACL review. Application hardening: input validation, output encoding, security headers. ### 12.3 Monitoring & Logging What to log: auth attempts, privilege changes, system changes, network connections. Log management: centralized logging/SIEM, retention, alerts. SIEM: collect, correlate, detect anomalies, compliance. ### 12.4 Incident Response Phases: preparation, detection & analysis, containment, eradication, recovery, lessons learned. Defined IR team roles, communication, documentation, drills. {% endstep %} {% step %} ## Module 13: Free Home Lab Setup ### 13.1 Virtualization Platform Options: VirtualBox (virtualbox.org), VMware Workstation Player (vmware.com), Hyper-V, KVM/QEMU. Notes on suitability and performance. ### 13.2 Vulnerable Virtual Machines Practice environments: Metasploitable (sourceforge.net/projects/metasploitable), DVWA (dvwa.co.uk), WebGoat (owasp.org/www-project-webgoat), Vulnhub (vulnhub.com), HackTheBox (hackthebox.com), TryHackMe (tryhackme.com), PentesterLab (pentesterlab.com), OWASP Juice Shop, bWAPP, Mutillidae. ### 13.3 Attack Linux Distribution Kali Linux (kali.org), Parrot Security (parrotsec.org), BlackArch. ### 13.4 Network Setup Lab architecture: isolated network (NAT or Host-Only). VirtualBox network modes (NAT, NAT Network, Bridged, Host-Only, Internal). Recommended: NAT Network for internet plus Host-Only for isolation. ### 13.5 Essential Tools for Home Lab Pre-installed in Kali: Nmap, Metasploit, Burp Suite, Wireshark, John, Hashcat, SQLMap, Aircrack-ng, Hydra, Nikto, Gobuster, OWASP ZAP, Netcat, Mimikatz. Additional tools: Responder, Impacket, PowerSploit, Empire/Starkiller, BloodHound, CrackMapExec, Evil-WinRM. ### 13.6 Documentation & Note-Taking Document commands, screenshots, lab journal. Tools: CherryTree, KeepNote, Obsidian, Notion, simple text files, GitHub repo. ### 13.7 Practice Methodology Structured weekly plan (Basics → Network Services → Web Apps → Wireless → Post-Exploitation → AD → Challenges). Daily practice routine: 1–2 hours minimum, focus, document, community involvement. ### 13.8 Hardware Recommendations Minimum: quad-core CPU with VT-x, 16GB RAM (8GB min), 500GB SSD. Optional Wi‑Fi adapters that support monitor mode (Alfa AWUS036NHA, AWUS036ACH, TP-Link TL-WN722N v1). Budget setup suggestions. {% endstep %} {% step %} ## Module 14: Certifications & Career Path ### 14.1 Entry-Level Certifications * CompTIA Security+ * CEH (Certified Ethical Hacker) * eJPT (eLearnSecurity Junior Penetration Tester) ### 14.2 Intermediate Certifications * OSCP (Offensive Security Certified Professional) * PNPT (Practical Network Penetration Tester) * eCPPT (eLearnSecurity Certified Professional Penetration Tester) ### 14.3 Advanced Certifications * OSEP, OSWE, OSCE3, GXPN This comprehensive guide provides everything needed to become a top-tier ethical hacker. The key is consistent practice in your home lab, documenting everything you learn, and progressively challenging yourself with harder targets. Start with the basics, build a strong foundation, and gradually work up to advanced techniques. Remember: ethical hacking is about continuous learning—the field evolves constantly, so stay curious and keep practicing. {% endstep %} {% endstepper %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://mainekhacker-1.gitbook.io/mainekhacker/complete-computer-networking.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.