Welcome to my first article in which I present my project from the Cybersecurity Masterclass on the https://teachbit.ro platform.
This project signifies the start of a series where I’ll showcase the skills and knowledge gained over the past year.
The main focus was on security concepts and their practical application. Consequently, knowledge and skills about various operating systems, networking, security concepts, and essential security tools were required.
The tasks were divided into 3 categories:
- Scanning and information gathering
- Offensive
- Defensive
For the scanning part, different websites were scanned for technologies and vulnerabilities using different platforms (https://builtwith.com, https://pentest-tools.com) and tools (WPScan from Kali Linux)
The offensive part covered different attacks:
- DDoS (using LOIC, GoldenEye and Hping3)
- MITM (acquiring credentials for a user of a HTTP website using bettercap)
- Password attack (dictionary attack using Hydra)
- Attacks on FTP server from Metasploitable VMs using Netcat and Metasploit Framework
During the defensive part, the following tasks were solved:
- Configure WAF on a WordPress website to prevent brute force attacks and 2FA
- Secure a WordPress site by upgrading from HTTP to HTTPS
- Install an AV and display the use of a password manager
- Create a cybersecurity procedure for a small company
- Register a domain in the Cloudflare platform and enable DDoS protection