Day 2: Training to be a Certified Ethical Hacker

Yes, it’s different this time

Security is one of the most popular topics in IT.

And one of my most wanted skills on a personal and professional level.

For me, the number one quality that any good sec guy needs to have is: Attention to detail

Why?

It’s what the bad guys see first.

They are looking for it right ? They say the devil is in the details.

If you as someone in the blue team (Defense) wants to counter the red team (Offense).

You need, first of all, to think like the bad guys.

By being ahead all the time, you will effectively be able to mitigate most flaws before their exploitation.

Break your own defenses

Now, that’s a tricky one.

When you have defenses put in place, you will have the tendency to attack what you already have.

Or to think that everything is OK.

That is not the proper way, you need to try real hard to find the loopholes.

Simple things like stray headers, can reveal your webserver’s version.

If that version is not up-to-date, that’s already a possible entry point.

And this is something that is very easy to check.

  • Try to install wappalyzer. It’s available as a browser extension.
  • Go to Google
  • Click on wappalyzer and see that the only header google is leaking is that it is sitting on Google Web Server
  • Now what do we know of Google Web Server?
  • Nothing ? Yes, security by obscurity !
  • Now, go to your own blog/website, and do the same.
  • The more information wappalyzer finds,the more you are leaking to the outside world.

Being Certified

The syllabus of CEHv11 is hands on:

CEHv11 Syllabus

How is the course going ?

It’s going quite fast but lectures can become quite boring.

Most of the learning that could happen would depend on how passionate your tutor is about his topic.

If that motivation doesn’t come from there, it has to come from somewhere else.

Doing it my way.

My plan is simple.

  • Document every step of the course with a blog post.

This is sure to help me stay motivated and hungry for more.

  • Try/Test every command

This is how I started as a SysAdmin

  • Not expecting much from the lectures

Most of the effort has to come from you.

Wish me luck

“Luck is a dividend of sweat. The more you sweat, the luckier you get.” – Ray Kroc

Written on January 2, 2021