Hackingdojo

HackingDojo

I really wanted to do a full on Penetration testing course but what stopped me was the money. Most good Penetration testing courses cost around £900-£1300 but I just didn’t have this money as I only work part time. I finally noticed Tom Wilhelm started a course called the Hackingdojo which was a monthly payment rather than a one off payment so I reached out and joined the course.

The course cost $90 a month and I signed up for two months which cost me £127 and started off on the novice course Mukyu. At first I was a bit unsure whether I had picked the right course or not as reading the skills and knowledge part that was being taught in this class made me feel like I had already covered it before and thought doing the first class could have just been a waste of time and money. However after starting the course and nearly at the end of the Mukyu class I can honestly say that I have learned a few tricks and Tom Wilhelm is an excellent teacher.

Mukyu course

The Mukyu course is run live every Sunday at around 8-9pm UK time. Skype is used for calling the students and a website that gives a live desktop view of Toms Screen so you can see what he is doing. The course covers the basic skills needed to be a good pen tester these include: Setting up a lab, User Commands, System Commands, VI editor and single line scripting. You also get access to a forum as well as a student wiki with lots of resources on. The main selling point of this course is Tom’s background this is just not another Pen testing course but a mentoring course, Tom is always on Skype so you can ask him questions or email him whenever you need help or advice.

Overall I really enjoyed this course. It’s interesting and Tom handles the material extremely well. The only problem I would say I have is waiting a week to get my next fix of pen testing.

I have passed this level of the class and have now moved onto the Shodan class. This level I would recommend to anyone new to Linux or Penetration testing. This course will take you from basic Linux commands to writing bash script that manipulates data.

Shodan

I have now started the Shodan class and am on my way to being a true hacking ninja. The Shodan class is very different to the Mukyu class it is a lot more hands on and a bigger challenge, but at the same time it’s more fun. I am now into week four of this class and have already covered a wide range of subjects. Some of these subjects include Passive Information Gathering, Vulnerability Identification, Remote Brute force and the ISSAF methodology.

Passive Information Gathering

During this class you will learn how to gather information about the client without connecting to their networks. The information you can find on the web is quite amazing from DNS records to Facebook accounts. This is usually the first step in a pen test and getting as much information as you can will help you later on during the attack process.

Vulnerability Identification

Looking for vulnerabilities on a system using Nessus then trying to find exploits for them. This class also shows you how Nessus works so you are not just running script.

Remote Brute Force Password Attacks

This step is usually done last in a pen test as in the class we learned how to use Hydra to brute force a SSH login. Again in this class you are told to find other tools and always check your result as the tools are not always 100% accurate.

ISSAF Methodology

All of the lessons in the Shodan class are based on the ISSAF Methodology this tries to give you a step by step account of what to do during a pen test.

Local Brute Force Password Attacks

This class aims to teach the student how to brute force a local password like LM Hash, MD5 , SHAR1 etc. The class goes into what each password is and how to generate a good word list based on the ISSAF recommendations. The class also show how to use John The Ripper to brute force the password. The student is then given a password file that he/she must crack, the password file has a mixture of ASSCI and BASE64 passwords set in different languages.

The Shodan Exam has two parts to it they are both very hands on. The first part is a written question where you are asked to explain how you would go about doing a certain task, as well as cracking some hashes using John. The second part is to do a pen test of a live CD using the ISSAF Methodology. The exam is to show you can use the Methodology and not a test of how well you can break into a system. You are asked to write a report on any findings as well as evidence of what you have done using script.

I am happy to say I passed the Shodan exam and now have advanced to Nidan.

Nidan

I have started the Nidan class but due to work have missed some lesson. I hope to catch up for any lesson missed by watching the video asap. The Nidan class builds on the Shodan class and works you into the Sandan class.

The Nidan covers a wide rang of subject and now the course has an online lab what is a lot fun to practice all your skills in. The main tops covered include Open Source Security Testing Methodology Manual, John The Ripper, Enumerating SNMP,Enumerating DNS,Metasploit Meterpreter,SQL injections,XSS,Scapy,Layer two attacks and using Nmap as a Vulnerability Scanner.

Overall the course builds on what you learned in the other modules and takes it one step further you get a lean more techniques for cracking password using rules as well the basic of Metasploit and Meterpreter. There is also some web stuff like XSS and SQL injection to get you ready for the next level Sandan.

I am currently doing the exam for this level what not an easy challenge you are given two IP address and you have to write a report on the issue you can find as well as trying to get the highest privileges that you can. So far I have found this the hardest exam out of all the course I have done but I hope to finish it and move on to the next level asap.

Sandan

Contents to come once I have taken the class.

Yondan

Contents to come once I have taken the class.

Reverse Enginnering

Contents to come once I have taken the class.