WINDOWS

hacker in flight guide
INTRODUCTION KALI LINUX WINDOWS

My Routine

Right now, it is 1-hour away from the first manned Space-X launch.  As I sit here watching the live feeds, I figured it would be a good time to get the keyboard in front of me and talk about what my routine has been during this journey.

It’s been about two months so far since I decided to go full-up on this journey to be a professional hacker.  In that time, I’ve ordered three online courses, signed up for two hacking sites (HTB and THM), and subscribed to countless YouTube, Twitch, and Facebook channels.  

Interestingly enough, Twitch has turned out to be my favorite.  I have never been a gamer, and therefore made the assumption that Twitch was a streaming platform for only game players.  This is definitely not the case.  As an example, one of my subscriptions is ‘The Cyber Mentor‘ who live streams each day to answer questions and show live hacks.  The nice thing about Twitch is that it will send a notification when one of your followed channels is about to live stream.  Via YouTube, I have been watching recordings of many of these streams, but never had the experience of interacting while the live stream happened.  Twitch has completely opened my eyes into the way social media works now, and I’m a fan.

So needless to say, social media will remain a part of my strategy on this journey.  It not only gives insights into how others think, it also allows a conduit for the most important part of being part of a community… networking!!

So now that you’re aware of my new social media habits, let’s talk about the courses that I intend to enjoy.  The first is a course that I picked up in January.  I was getting the idea that I wanted to take this journey, but hadn’t made all of the decisions to go full-in.  The course was a Udemy course taught by The Cyber Mentor (same as the social media) and was on sale for $20!  As most of these courses offer themselves for a couple hundred, I figured it would be worth picking it up, even if I didn’t start it for a while.  The course was about 24 hours worth of material, and at the moment of this writing, I am about 2/3 the way through. 

The next course that I intend to take is one that showed up for free during the time of this pandemic.  It is from the International Cybersecurity Institute.  Using the code “#StaySafeHome” i was able to sign up for the Certified Network Security Specialist and bypass the seven hundred euro price tag.  Even if I simply skim what they have to offer, it’s learning and definitely worth the price!

The third course that I intend to take is a new one that The Cyber Mentor just released which is on Windows privilege escalation.  Since I was already a student on his first course, i received an invitation to get his next one for $20 as well.  With his first course being so wonderful, I definitely look forward to taking his second… and more if he offers them.

With all of that, and many books in the mix, I intend to sign up for the OSCP course.  I haven’t figured out if the exam can be taken without the course… if that’s the case, I may go straight to the exam.  If it’s not the case, I have no problem with learning more.  The course is about $1k, and includes the exam.  It’s actually called ‘PWK’ which is Penetration Testing With Kali Linux.  There are four other courses offered by the company Offensive Security, but i’ll have to decide later if I want to complete those, or move onto a different company with separate views on teaching hacking.

So for now, that’s my path forward.  I have a full-time job on the side, so it will definitely take priority over this journey… but I am extremely persistent and will prioritize my time and learning accordingly.

hacker in flight guide
ACTIVEDIRECTORY WINDOWS

Open the Window

Today was a fun day because I was finally able to delve into Windows hacking.  I’ve been concentrating on unix machines for quite a while now, and have been very curious about the various hacks that can occur.  I now, finally, have some insights into them.

The thing is, I’ve been using Windows (both server and desktop) for years, and have been very aware of the defenses we use on an enterprise network to detect, track, and overcome attacks.  In fact, I was the lead on a project to get our network rid of the ‘welchia’ virus back in 2003; it was a crazy replicating virus that denied us our network, but didn’t cause any damage.  So knowing Windows, and having been an admin on several large networks, i’m realizing now just how much we didn’t know!

Taking advantage of the features within an Active Domain system, the hacks performed today weren’t even owning the boxes… they were simply intercepting things like password hashes via the standard operating procedures that Windows uses.  It was pretty easy, in fact… scary easy.

One of the things learned today that was a surprise to me was that I could run the program hashcat on Windows.  Throughout this journey, I’ve set up several versions of hacking platforms, and all had hashcat installed by default.  The problem always was the access to video card drivers.  I’ll probably write more about that at another time (I took notes each time I did an install), but for now, I’ll say that being able to run hashcat on Windows allows me to use my huge rig that houses my VMs to also access the graphics card directly.  VMs are unable to have direct access to the PCI bus, which is why I was building a bare-metal rig to do nothing but hashcat.  Now, I can use that as a backup firewall for my segmented networks, and also monitor the resources used by hashcat on Windows.  I thought that was pretty cool.

So overall, a LOT was learned today, and a possible change in my network structure was considered.  I haven’t changed anything yet, but if I do, I’ll write it up.  There’s a lot more to do in the Windows privilege escalation realm, and I’m well on my way to learning it.  I’ve purchased an entire course on nothing but this topic, and can’t wait to start it.  I’ll let you know if the class was worth it, but i have a feeling i already know the answer.  See my references page for all of the courses I’ve taken, and if they were worth the my time.

Scroll to top