Week 3 – Enumeration and Cracking

Week 3 is done and it was the best yet!  In this course, I have a feeling that every week will be better than the one before it.  I studied for 10 hours after work and on the weekend and still managed to do a little painting!

In my original post, Investing a Year in Ethical Hacking, I detail my plan to invest 416 hours in 2017 to learn ethical hacking.  Current progress: 30 / 416.

The end of the month is dangerously close.  The year is almost 1/12th of the way over.  Are you almost 1/12th of the way to your goal for the year?



Enumerating SMTP was…. a disappointment actually.

Keep reading and I’ll explain what I found along with how I cracked some passwords!

Continue reading


Becoming an Ethical Hacker – Week 2

Week 2 – Scanning, Enumeration, and Back to Basics

The second week in my quest to become an ethical hacker is complete!  With 11 hours of study time logged, this was a very productive week that touched a lot of different areas.

If you’re not sure why I’m posting this, take a look back at my original post, Investing a Year in Ethical Hacking where I detail my plan to invest 416 hours in 2017 to learn ethical hacking.  Current progress: 20 / 416.

The hours are starting to add up and this is only week 2 of 52.  I can’t wait to keep going and I hope you will join me!



As you know by now, I am a big fan of going SLOWLY through this content to really understand it.  That is why I am still working on scanning here in week 2.

Some of the scans like the Null scan and Xmas scan don’t work against Windows systems.  I tried scanning my Kali Linux system but since it is a locked-down OS for penetration testing, it doesn’t respond to anything.  I don’t want to just skip this part and memorize the information without ever using it!

So I researched different Linux distributions and decided to download and build a CentOS 7 system since it is basically the same OS as Red Hat, only CentOS is free.  After getting it installed, I got to run some scans against it and watch the magic happen.  An interesting result I found is the difference in default ports that are open for Windows (firewall off) vs. Linux.  Linux only has SSH open while Windows has ports for SMB and NetBIOS open.


I also ventured outside my isolated lab to do some careful testing on the real internet. is a wonderful resource which gives anybody a free pass to try basically anything as long as it is non-destructive.  Keep reading to see what I found this week…

Continue reading

Becoming an Ethical Hacker – Week 1

Week 1 – Google Hacking and Port Scanning

My first week of ethical hacking is done and it was a great week!  I spent 9 hours working on scanning and reconnaissance.  As I mentioned in my post, Investing a Year in Ethical Hacking, my goal is to spend 416 hours learning ethical hacking this year.  Current progress: 9 / 416.

For anybody else studying CEH (or anything else), I hope this shows you that even little investments of time can result in huge improvements when done consistently over time.


Google Hacking

Google “hacking” is a great starting point even though it isn’t actually hacking at all.  It is amazing how much OSINT (Open Source Intelligence) is out there.  I searched myself to start off and even found some old forum posts of mine from years ago that I had forgotten about!


Catching Phishers with Google?

Here is just one example of the fun you can have while learning search terms.  I was really excited when I stumbled on what looked like a phishing page.  Keep reading to see what happened.

Continue reading

A Year of Ethical Hacking – Day 1

Becoming a Certified Ethical Hacker, Day 1

OK…I cheated.  I started early on CEH by reading a little and skimming some videos, but my 416-hour goal stands.

Current progress:  0 of 416 hours.


What should I do first?

Every goal has to start with a plan right?  I explained in my first post of this series that the goal is to Earn the Certified Ethical Hacker (CEH) certification.  I also explained why I think it is important.  In the second post of this series, I detailed the tools that I think will contribute to success in becoming a Certified Ethical Hacker.  Now I have to get a strategy together to actually work through this material in some orderly way.  Detours are fine but, without a plan, I’ll waste a lot of time just trying to decide what to do next.

This is my typical 5-step approach.

  1. Run through all the material quickly via video training to get a broad understanding of the entire scope of the course.
    • Edit:  I am going deep with the videos rather than moving quickly this time to get the maximum hands-on experience.
  2. Read a book cover-to-cover while taking notes and practicing in the lab.
  3. Detour and repeat as needed to get comfortable.
  4. Take practice tests and focus on memorization.
  5. Earn CEH!  Take & pass the exam and become a Certified Ethical Hacker.


That’s it.  Time to stop posting and get to work!

Follow my progress here, on Twitter @Dconsec, or on Facebook @Dconsec

Are you working on CEH with me?  I would love to hear about it in the comments below.