Ethical Hacking Study Journal: Target Exploitation

Hello again! I still can’t believe that it’s already week 9 of Ethical Hacking and Penetration Testing course. Time flies so fast, I can’t believe the semester is almost over!

For the 9th week, we learned about target exploitation. Now, target exploitation revolves around vulnerability. So target exploitation is about exposing the vulnerabilities that an application has. This post will  mention BeEF and discuss metasploit as exploitation tools.

Continue reading

Posted in Uncategorized | Comments Off on Ethical Hacking Study Journal: Target Exploitation

Ethical Hacking Study Journal: Social Engineering

I didn’t know I would encounter a topic that is THIS interesting in this course.

Social engineering, in security, is the act of psychologically manipulating people into doing things that we want them to do. A simple day-to-day example would be to ask a friend for answers to an assignment. You try to talk them into it by saying “C’mon, we’re best buds” “You know I’d do the same for you” “It’s just this one time”. Once that friend gives you the answers and you get what you want, you have succeeded in social engineering.

Continue reading

Posted in Uncategorized | Leave a comment

Ethical Hacking Study Journal: DVWA Installation

Before Mid-sems, Mr. Lim told us to install DVWA.

So what is this DVWA?

DVWA stands for Damn Vulnerable Website Application. It is an application that lets people try to use ethical hacking tools for websites in a secure environment. This is good for students because it gives them a safe place to try the tools that are taught without breaking the local law.

Continue reading

Posted in Uncategorized | Comments Off on Ethical Hacking Study Journal: DVWA Installation

Ethical Hacking Study Journal: Port Scanning (Test)

Having to attend BILT, a leadership training for clubs, I had to skip week 6 of Ethical Hacking class. The topic of the lecture was port scanning. For week 7, we tried doing the port scanning. We used nmap and the command used was

nmap -O www.example.com

Continue reading

Posted in Uncategorized | Comments Off on Ethical Hacking Study Journal: Port Scanning (Test)

Ethical Hacking Study Journal: Enumeration

For week 5 of the course, there was an activity that was given. The topic was enumeration.

The first was to enumerate the user of wp1.pentest.id
The second was to enumerate the user of jo1.pentest.id
The third was to enumerate the user email of @pentest.id

Continue reading

Posted in Uncategorized | Comments Off on Ethical Hacking Study Journal: Enumeration

Ethical Hacking Study Journal: Target Discovery

From what I understand, Target Discovery is more about dealing with DNS’s and IP addresses. What I get is that the tester is trying to get the right target. It is about finding old information about the target that we can use to learn about the target. It focuses on finding the old DNS, IP behind firewall and old archives.

Continue reading

Posted in Uncategorized | Comments Off on Ethical Hacking Study Journal: Target Discovery

Ethical Hacking Study Journal: More Information Gathering and Utilizing Search Engine

On the third week, we started off by continuing what we learned the previous week because we didn’t have enough time to go through the whole material. We learned about the tools used to gather information. Apparently, there are lots. And I mean L O T S.

I tried pipl.com on many people, both people I know and celebrities. Of course searching for celebrities get more results but I’m surprised that even “ordinary people” can give many results too.


My results for Justin Bieber.

Another tool we can use is call The Harvester. When it is called in the terminal, it will look like this

Posted in Uncategorized | Comments Off on Ethical Hacking Study Journal: More Information Gathering and Utilizing Search Engine

Ethical Hacking Study Journal: Information Gathering

On the second week, I learned about many terms that are used in security. These terms include Kali Linux Testing Technology, OSSTTM and OWASP, Black Box and White Box and Gray Box methodology as well as Blue Team and Red Team. I also learned about the differences between vulnerability assessment and penetration testing.

Black Box method: This is when the testers are not given any information about the target so they have to attack blindly. The advantage of having a test with black box method is that the company can foresee how people from outside the company attacks. The report of this test will show the weakest point of the company’s system.

White Box method: This is when the testers are given all the information about the target, including the network topology and technology used. Having all the information served on a silver platter makes the job easier for testers because they would not be so blind about the target. The advantage of having this is that it can be efficient in terms of time for the tester so the tester will be able to do the job optimally. Also, the tester will be able to report the full damage of the penetration.

Gray Box method: As the name portrays, this is a hybrid between the Black Box and White Box model. It is when the tester has partial information about the company. The advantage of this is that the company can foresee if a staff is trying to hack into the system.

Blue team: Blue team is the internal team. They are the ones who know the system and they have to defend it. They are expected to prepare for attacks.

Red team: The Red team attacks the system. They are expected to find vulnerabilities and exploit them.

In addition to that, I also learned about the importance of the laws of security. Mr. Lim told us that we should be aware of the laws because different countries have different laws. For instance, in Singapore, even port scanning is considered a threat. However, in Indonesia, it is still ok. That is because the security law in Indonesia is not as thorough as the security laws in other countries.

Posted in Uncategorized | Comments Off on Ethical Hacking Study Journal: Information Gathering

Ethical Hacking Study Journal: Introduction

Taking Computer Science, I have been interested in computer security. I have always thought it would be cool since I watched Mr. Robot thinking I want to do that in the future. I honestly had no idea what I would be up against.

Taking Ethical Hacking and Penetration Testing, I realized that it is not as easy as I thought it would be. I had to install VirtualBox to run KaliLinux. Then there were many things that were introduced in the first week I was flabbergasted. It really opened up my eyes.

The first week was more of an Intro so Mr. Lim told us a lot about his experience in the security world and his thoughts and opinions about it.

Continue reading

Posted in Uncategorized | Comments Off on Ethical Hacking Study Journal: Introduction

Multimedia and Human Computer Interaction Final Project Report: SHAPE MATCH

For Multimedia and Human Computer Interaction final project, Mikha and I made a game called SHAPE MATCH where the goal of the user is to help the character go to space by finding matching shapes.

Continue reading

Posted in Projects | Leave a comment