CSY202 Week 01 Intermediate

Ethical hacking depends on earlier foundations:

Applied Cryptography

Track your progress through this week's content

Opening Framing: The Authorized Adversary

Every technique you'll learn in this course could be used for good or evil. The same skills that help organizations find and fix vulnerabilities can be used to steal data, deploy ransomware, or compromise critical infrastructure.

What separates ethical hackers from criminals? Three things: permission, scope, and intent. Ethical hackers have written authorization, work within defined boundaries, and aim to improve security—not exploit it for personal gain.

This week establishes the foundation: what ethical hacking is, the legal and ethical framework, penetration testing methodology, and how to set up your lab environment safely.

Key insight: Technical skill without ethical grounding is dangerous. The best penetration testers are those who understand both the power and responsibility of their knowledge.

1) What is Ethical Hacking?

Understanding the discipline and its role in security: 

Ethical Hacking Defined:

"The authorized practice of bypassing system security
to identify potential data breaches and threats in
a network or system."

Key elements:
- Authorized (written permission)
- Methodical (structured approach)
- Documented (detailed reporting)
- Constructive (improves security)

Also known as:
- Penetration testing
- Security assessment
- Red teaming
- Offensive security

Types of Security Testing: 

Vulnerability Assessment:
- Identify vulnerabilities
- Scan and catalog weaknesses
- No exploitation
- Broad coverage, less depth

Penetration Testing:
- Identify AND exploit vulnerabilities
- Prove real-world impact
- Deeper than vuln assessment
- Simulates actual attacks

Red Team Assessment:
- Full adversary simulation
- Tests people, process, and technology
- Extended timeframe
- Stealth and persistence
- Tests detection capabilities

Bug Bounty:
- Crowdsourced security testing
- Paid per valid vulnerability
- Defined scope and rules
- Ongoing rather than point-in-time

Why Organizations Need Penetration Testing: 

Find vulnerabilities before attackers do:
- Zero-days discovered
- Misconfigurations identified
- Logic flaws exposed

Validate security controls:
- Do defenses actually work?
- Are detection systems effective?
- Can the SOC respond?

Meet compliance requirements:
- PCI-DSS requires annual pen tests
- Many frameworks mandate testing
- Due diligence for regulations

Prioritize remediation:
- Prove exploitability
- Demonstrate business impact
- Focus resources on real risks

Key insight: Penetration testing isn't about proving you're smart—it's about helping organizations improve security.

2) Legal and Ethical Framework

Understanding the legal landscape is essential: 

Key Laws (United States):

Computer Fraud and Abuse Act (CFAA):
- Federal law prohibiting unauthorized access
- Penalties: fines and imprisonment
- "Unauthorized access" broadly interpreted
- Even exceeding authorization can violate

State Laws:
- Additional computer crime statutes
- Vary by state
- May have lower thresholds

International:
- Each country has own laws
- Some stricter than US
- Cross-border testing complex

Key principle:
WITHOUT AUTHORIZATION = CRIME
Even if you find vulnerabilities
Even if you report them
Even if you don't cause damage

Authorization Requirements: 

Written Authorization Must Include:

1. Scope definition
   - What systems/networks
   - What IP ranges
   - What applications
   - What's explicitly excluded

2. Timeframe
   - Start and end dates
   - Testing windows
   - Blackout periods

3. Authorized activities
   - What techniques allowed
   - Social engineering? Physical?
   - Denial of service testing?

4. Points of contact
   - Technical contact
   - Emergency contact
   - Escalation path

5. Signatures
   - Someone with authority to authorize
   - Your acknowledgment of terms

"Rules of Engagement" (ROE) document

Ethical Principles: 

Do No Harm:
- Minimize disruption
- Don't destroy data
- Don't cause outages
- Preserve evidence

Respect Privacy:
- Access only what's needed
- Don't read personal data unnecessarily
- Handle sensitive findings carefully
- Protect client confidentiality

Act with Integrity:
- Honest reporting
- No exaggeration
- No hiding failures
- Professional conduct

Responsible Disclosure:
- Report all findings to client
- Don't disclose publicly without permission
- Give time to remediate
- Follow coordinated disclosure practices

Key insight: A signed authorization document is your protection. Without it, you're committing a crime regardless of intent.

3) Penetration Testing Methodology

Structured methodology ensures thorough, repeatable testing: 

PTES (Penetration Testing Execution Standard):

1. Pre-engagement Interactions
   └─ Scope, authorization, logistics

2. Intelligence Gathering
   └─ Reconnaissance and OSINT

3. Threat Modeling
   └─ Identify likely attack vectors

4. Vulnerability Analysis
   └─ Scanning and manual testing

5. Exploitation
   └─ Attempting to compromise systems

6. Post-Exploitation
   └─ Pivoting, persistence, data access

7. Reporting
   └─ Document findings and recommendations

Testing Types by Knowledge: 

Black Box:
- No prior knowledge
- Simulates external attacker
- Most realistic
- Most time-consuming
- May miss internal vulnerabilities

White Box:
- Full knowledge provided
- Source code, architecture, credentials
- Most thorough
- Efficient use of time
- Less realistic attack simulation

Gray Box:
- Partial knowledge
- Some credentials or documentation
- Balance of realism and efficiency
- Common approach
- Simulates insider or compromised user

Testing Perspectives: 

External Testing:
- From outside the network
- Internet-facing assets
- Perimeter security
- What can an outside attacker reach?

Internal Testing:
- From inside the network
- Assumes some level of access
- Tests internal controls
- What can an insider or compromised system do?

Web Application Testing:
- Focus on web apps
- OWASP methodology
- Authentication, authorization, injection
- Business logic flaws

Social Engineering:
- Tests human element
- Phishing campaigns
- Phone pretexting
- Physical security

Physical Testing:
- Physical security controls
- Badge cloning
- Tailgating
- Lock picking

Key insight: Methodology prevents you from missing things. Random hacking might find some vulnerabilities; structured testing finds them systematically.

4) Setting Up Your Lab Environment

A safe lab environment is essential for learning: 

Lab Requirements:

Host Machine:
- 16GB+ RAM (32GB recommended)
- 256GB+ storage
- Virtualization support (VT-x/AMD-V)
- Any modern OS as host

Virtualization Platform:
- VirtualBox (free)
- VMware Workstation (paid, better performance)
- VMware Player (free, limited)
- Proxmox (free, advanced)

Attack Platform:
- Kali Linux (primary)
- Parrot OS (alternative)
- Pre-installed security tools
- Regular updates

Target Systems:
- Metasploitable 2/3
- DVWA (Damn Vulnerable Web App)
- VulnHub machines
- HackTheBox/TryHackMe

Network Isolation: 

CRITICAL: Isolate your lab network!

Why isolation matters:
- Vulnerable VMs can be compromised
- Malware could spread
- Attacks might escape lab
- Legal liability if attacks reach internet

Isolation methods:

Host-only networking:
- VMs can only talk to each other
- No internet access
- Safest option
- May need NAT VM for updates

NAT Network:
- VMs share NAT to internet
- Can't be reached from outside
- Good balance
- Be careful with vulnerable VMs

Network diagram:
┌─────────────────────────────────────┐
│         Host Machine                │
│  ┌─────────────────────────────┐   │
│  │    Virtual Network          │   │
│  │  (Host-only or NAT)         │   │
│  │                             │   │
│  │  ┌─────┐  ┌─────┐  ┌─────┐ │   │
│  │  │Kali │  │Meta │  │DVWA │ │   │
│  │  │     │  │sploit│ │     │ │   │
│  │  └─────┘  └─────┘  └─────┘ │   │
│  └─────────────────────────────┘   │
└─────────────────────────────────────┘

Kali Linux Setup: 

# Download Kali VM or ISO from kali.org

# After installation, update:
sudo apt update && sudo apt upgrade -y

# Install additional tools:
sudo apt install -y seclists wordlists gobuster

# Verify key tools:
nmap --version
msfconsole -v
burpsuite &

# Set up workspace:
mkdir -p ~/pentests/{recon,scans,exploits,loot,reports}

# Configure terminal:
# Add aliases to ~/.bashrc
alias ll='ls -la'
alias nse='ls /usr/share/nmap/scripts/'
alias rockyou='cat /usr/share/wordlists/rockyou.txt'

Key insight: Your lab is your playground. Break things, learn from mistakes, and experiment—that's what it's for.

5) The Penetration Testing Report

A pentest is only as valuable as its report: 

Report Structure:

1. Executive Summary
   - High-level findings
   - Business risk assessment
   - Key recommendations
   - Non-technical language

2. Scope and Methodology
   - What was tested
   - Testing approach
   - Tools used
   - Timeframe

3. Findings Summary
   - Vulnerability count by severity
   - Risk matrix
   - Finding categories

4. Detailed Findings
   - Each vulnerability documented
   - Evidence (screenshots, output)
   - Business impact
   - Remediation steps

5. Appendices
   - Raw tool output
   - Detailed technical data
   - References

Finding Documentation: 

Each finding should include:

Title:
- Clear, descriptive name
- Example: "SQL Injection in Login Form"

Severity:
- Critical / High / Medium / Low / Informational
- Based on impact and exploitability

Description:
- What the vulnerability is
- Technical explanation
- Reference to CVE/CWE if applicable

Evidence:
- Screenshots
- Request/response data
- Tool output
- Proof of concept

Impact:
- What could an attacker do?
- Business consequences
- Data at risk

Remediation:
- How to fix it
- Specific guidance
- Priority recommendation

Severity Rating: 

CVSS or custom rating:

Critical (9.0-10.0):
- Remote code execution
- Full system compromise
- No authentication required
- Immediate action needed

High (7.0-8.9):
- Significant data access
- Privilege escalation
- Authentication bypass
- Priority remediation

Medium (4.0-6.9):
- Limited data exposure
- Requires some conditions
- Defense in depth issue
- Standard remediation

Low (0.1-3.9):
- Information disclosure
- Minor impact
- Difficult to exploit
- Address when convenient

Informational (0.0):
- Best practice deviation
- No direct security impact
- Consider addressing

Key insight: Your report is what the client pays for. A great pentest with a poor report fails to deliver value.

Real-World Context: The Pentester's Career

Understanding the profession:

Career Paths: Penetration testers work at consulting firms, in-house security teams, or as independent contractors. Specializations include web app testing, network penetration testing, red teaming, and social engineering.

Day-to-Day Work: Real pentesting involves significant documentation, client communication, and report writing—not just hacking. Expect 30-50% of time on non-technical tasks.

Continuous Learning: New vulnerabilities, techniques, and tools emerge constantly. Successful pentesters dedicate significant time to learning, practicing on CTFs, and staying current.

MITRE ATT&CK Relevance:

  • Full Framework: Pentesters simulate techniques across all tactics
  • Reporting: Map findings to ATT&CK for clarity
  • Coverage: Use ATT&CK to ensure comprehensive testing

Key insight: The best pentesters combine technical excellence with strong communication skills and ethical grounding.

Guided Lab: Lab Environment Setup

Set up your penetration testing lab environment.

Step 1: Install Virtualization Platform

# Download and install VirtualBox or VMware

VirtualBox (free):
https://www.virtualbox.org/wiki/Downloads

VMware Workstation Player (free):
https://www.vmware.com/products/workstation-player.html

# Verify virtualization is enabled in BIOS
# Look for VT-x (Intel) or AMD-V (AMD)

Step 2: Download and Import Kali Linux

# Download pre-built VM (easiest):
https://www.kali.org/get-kali/#kali-virtual-machines

# Import into VirtualBox:
File → Import Appliance → Select .ova file

# Default credentials:
Username: kali
Password: kali

# First boot - update system:
sudo apt update && sudo apt full-upgrade -y

Step 3: Download Metasploitable 2

# Download from:
https://sourceforge.net/projects/metasploitable/

# Extract the zip file
# Import .vmdk into new VM

# Settings:
- RAM: 512MB-1GB
- Network: Same as Kali (host-only or NAT network)

# Default credentials:
Username: msfadmin
Password: msfadmin

Step 4: Configure Network

# Create isolated network in VirtualBox:
File → Host Network Manager → Create

# Or use NAT Network:
File → Preferences → Network → Add NAT Network

# Assign both VMs to same network
# Verify connectivity:

# On Kali, find IP:
ip addr show

# On Metasploitable, find IP:
ifconfig

# Test connectivity:
ping [metasploitable-ip]

Step 5: Verify Tools

# On Kali, verify key tools:
nmap --version
msfconsole -v
nikto -Version
gobuster version

# Quick test against Metasploitable:
nmap -sV [metasploitable-ip]

# You should see open ports:
# 21 (FTP), 22 (SSH), 23 (Telnet), 80 (HTTP), etc.

Reflection (mandatory)

  1. Why is network isolation important for a pentest lab?
  2. What risks exist if your lab isn't properly isolated?
  3. What services did you discover on Metasploitable?
  4. How will you keep your lab environment updated?

Week 1 Outcome Check

By the end of this week, you should be able to:

Next week: Reconnaissance and OSINT—the critical first phase of any penetration test.

📚 Building on Prior Knowledge

Ethical hacking depends on earlier foundations:

🎯 Hands-On Labs (Free & Essential)

Start with safe, legal practice before moving to reading resources.

🎮 TryHackMe: Intro to Offensive Security

What you'll do: Explore ethical hacking fundamentals and the offensive mindset.
Why it matters: You need a clear legal and technical baseline before testing.
Time estimate: 1-2 hours

Start TryHackMe Intro to Offensive Security →

🎮 TryHackMe: Intro to Research

What you'll do: Practice finding reliable sources and documenting findings.
Why it matters: Good research drives better testing and reporting.
Time estimate: 1-1.5 hours

Start TryHackMe Intro to Research →

🏁 PicoCTF Practice: General Skills (Foundations)

What you'll do: Solve beginner challenges to build CLI and problem-solving habits.
Why it matters: Tool fluency makes every testing phase faster.
Time estimate: 1-2 hours

Start PicoCTF General Skills →

🛡️ Lab: Break Weak Crypto (ECB + MD5)

What you'll do: Demonstrate why ECB mode and MD5 are unsafe.
Deliverable: Short write-up with screenshots or output.
Why it matters: Weak crypto is still a common real-world vulnerability.
Time estimate: 60-90 minutes

💡 Lab Tip: Write a one-page Rules of Engagement draft before you touch any target.

🛡️ Crypto Pitfalls Every Tester Should Know

Many breaches come from weak cryptography, not missing patches. Ethical hackers need to recognize insecure crypto patterns quickly. 

Red flags:
- ECB mode encryption
- MD5/SHA1 for passwords
- Hardcoded keys or reused IVs
- "Custom" encryption algorithms

📚 Building on CSY101 Week-14: Map weak crypto to control requirements and audit findings.

Resources

Complete the required resources to build your foundation.

Lab: Authorization Document Review

Goal: Understand and create penetration testing authorization documentation.

Part 1: Review Sample Authorization

  1. Search for "penetration testing authorization template"
  2. Review 2-3 different templates
  3. Identify common elements:
    • Scope definition
    • Authorized activities
    • Timeframes
    • Contact information
    • Liability clauses

Part 2: Create Your Own Template

  1. Create an authorization document template including:
    • Project overview section
    • Scope definition (IP ranges, applications)
    • Exclusions
    • Testing window
    • Authorized techniques
    • Emergency contacts
    • Signature blocks

Part 3: Scenario Analysis

For each scenario, determine if testing would be authorized:

  1. Your authorization covers 192.168.1.0/24. You discover a system at 192.168.2.50 that appears vulnerable. Can you test it?
  2. Your testing window is Monday-Friday 9-5. You find a critical vulnerability Friday at 4:30 PM that requires extended testing. What do you do?
  3. During testing, you accidentally cause a brief outage. What are your obligations?
  4. You discover evidence of a previous breach during your test. What do you do?

Deliverable (submit):

Checkpoint Questions

  1. What three things separate ethical hacking from criminal hacking?
  2. What is the CFAA and why is it relevant to penetration testers?
  3. What are the differences between black box, white box, and gray box testing?
  4. What should a penetration testing authorization document include?
  5. Why is network isolation important for a pentest lab?
  6. What are the main sections of a penetration test report?

Week 01 Quiz

Test your understanding of ethical hacking foundations, legal scope, and methodology.

Format: 10 multiple-choice questions. Passing score: 70%. Time: Untimed.

Take Quiz

Weekly Reflection

Reflection Prompt (200-300 words):

This week introduced ethical hacking—a discipline that requires both technical skill and ethical grounding. You learned about legal frameworks, methodology, and set up your lab.

Reflect on these questions:

A strong reflection will engage seriously with the ethical dimensions of offensive security skills.

Verified Resources & Videos

You're beginning a journey into offensive security. The skills you'll learn are powerful—use them responsibly. Every technique should be practiced only in your lab or on authorized platforms. Next week: reconnaissance, where every penetration test begins.

← Course Overview Next: Week 02 →