This GitHub repository showcases completed courses and assignments from the Ethical Hacking module.
Two separate environments were used for different courses: one for the CTF course and another for the remaining courses.
- Kali - Attacking machine.
- Linux_1 - File storage.
- R_1 - VyOS router.
- Win_1 - Jeff's machine.
- Win_2 - Lisa's machine.
For additional details, refer to the CTF report.
- Flare-VM - Malware analysis machine that was used in the last two Reverse Engineering labs.
- Kali - Attacking machine that was used in Web Application Security and Software Exploitation. Was also used for most of the Reverse Engineering labs.
- Pfsense - Firewall.
- Wasdat - Web server hosting vulnerable applications for Web Application Security exercises.
For additional details, refer to the Audit report.
This course focused on exploring, exploiting, and addressing common vulnerabilities in web applications, aligning with the OWASP TOP 10 2021.
- A01:2021-Broken Access Control
- A02:2021-Cryptographic Failures
- A03:2021-Injection
- A04:2021-Insecure Design
- A05:2021-Security Misconfiguration
- A06:2021-Vulnerable and Outdated Components
- A07:2021-Identification and Authentication Failures
- A08:2021-Software and Data Integrity Failures
- A09:2021-Security Logging and Monitoring Failures
- A10:2021-Server-Side Request Forgery
Structured with eight challenges, some featuring multiple parts, the CTF course aimed at uncovering concealed flags. The difficulty level progressed sequentially throughout the course.
The Software Exploitation course featured diverse challenges, concentrating on exploits like buffer overflow, shellcode, and format string exploits within C-based programs.
In the Reverse Engineering course, assignments revolved around analyzing disassembled compiled programs to find hidden passwords or flags. The last two assignments specifically dealt with real-world examples of malware.
An article in which I attempted to explore the current state of cryptography, quantum computers, their potential risks, and the emerging field of post-quantum cryptography (PQC).
I examined the security of the virtual learning environment (VLE) used in the aforementioned cybersecurity courses to provide insights into its current state.