Udacity Ethical Hacker Project 5: Ethical Hacker
Project Description
The purpose of this project was to implement the broad set of techniques and job responsibilities associated with the role of an ethical hacker/penetration tester. The scope of the project was to perform a security assessment on a fictitious company named Exampled Corp. Skills demonstrated include:
OSINT – Utilize open-source intelligence techniques to uncover sensitive information leakage from the company and its employees
Social Engineering – Conduct a Phishing campaign, design an effective landing page and create and deploy malware using GoPhish
Perform a System and Network Audit – Gather information about the target and research for vulnerabilities. Nmap was used to discover open ports, services and versions and operating systems. Nessus was used to scan the discovered server.
Perform a web application audit – Performed semi-automated scans and test cases using Burp-Suite and fully automated scans using tools such as sqlmap, wpscan and OWASP Zap. Used the OWASP WSTG methodologies to conduct manual analysis.
Researched vulnerabilities found. Managed vulnerabilities in the vulnerability aggregation and management tool Faraday and attempted to exploit Critical and High Vulnerabilities using Metasploit, and public and custom exploits.
Produce a Security Assessment Report for executive leadership which included vulnerabilities found, their respective CVSS scores, remediation recommendations and steps to reproduce. The final report can be found here: Example Corp Security Report