Windows Fundamentals Fundamental
This module covers the fundamentals required to work comfortably with the Windows operating system.
Windows is heavily used across corporate environments of all sizes. We often find ourselves gaining access to a Windows host during a penetration testing engagement. It is important to understand how to navigate the file system and command line to perform effective enumeration, privilege escalation, lateral movement, and post-exploitation. Windows can also be used as our attack box during assessments. Many servers run on Windows, and most companies deploy Windows workstations to their employees due to the ease of use for individuals and centralized administration that can be leveraged using Active Directory. This module covers the essentials for starting with the Windows operating system and command line.
In this module, we will cover:
- Windows Operating system structure
- The Windows file system
- Permissions management
- Windows services
- Processes in Windows
- Windows Task Manager
- Interacting with the operating system
- Windows security
- The Microsoft Management Console (MMC)
- Windows Subsystem for Linux (WSL)
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the target host provided in the interactive sections or your own virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Fundamental" and assumes that the student has a basic knowledge of the Windows operating system from a casual user perspective.
This module has no prerequisites but serves as the basis for many of the modules contained within the Academy. Completion and an in-depth understanding of this module are crucial for success as you progress through the Academy and Hack the Box platforms.
- Introduction to Windows
- Operating System Structure
- File System
- NTFS vs. Share Permissions
- Windows Services & Processes
- Service Permissions
- Windows Sessions
- Interacting with the Windows Operating System
- Windows Management Instrumentation (WMI)
- Microsoft Management Console (MMC)
- Windows Subsystem for Linux (WSL)
- Desktop Experience vs. Server Core
- Windows Security
- Skills Assessment - Windows Fundamentals
This module progresses you towards the following Paths
Easy 32 Sections
Cubes Required: 20
To succeed in information security, we must have a deep understanding of the Windows and Linux operating systems and be comfortable navigating the command line on both as a "power user." Much of our time in any role, but especially penetration testing, is spent in a Linux shell, Windows cmd or PowerShell console, so we must have the skills to navigate both types of operating systems with ease, manage system services, install applications, manage permissions, and harden the systems we work from in accordance with security best practices.
Easy 147 Sections
Cubes Required: 150
Information Security is a field with many specialized and highly technical disciplines. Job roles like Penetration Tester & Information Security Analyst require a solid technical foundational understanding of core IT & Information Security topics. This skill path is made up of modules that will assist learners in developing &/or strengthening a foundational understanding before proceeding with learning the more complex security topics. Every long-standing building first needs a solid foundation. Welcome to Information Security Foundations.
Fundamental 8 Sections
This module is recommended for new users. It allows users to become acquainted with the platform and the learning process.Learning Process
Fundamental 20 Sections
The learning process is one of the essential and most important components that is often overlooked. This module does not teach you techniques to learn but describes the process of learning adapted to the field of information security. You will learn to understand how and when we learn best and increase and improve your learning efficiency greatly.Setting Up
Fundamental 9 Sections
This module covers topics that will help us be better prepared before conducting penetration tests. Preparations before a penetration test can often take a lot of time and effort, and this module shows how to prepare efficiently.Linux Fundamentals
Fundamental 18 Sections
This module covers the fundamentals required to work comfortably with the Linux operating system and shell.Windows Fundamentals
Fundamental 14 Sections
This module covers the fundamentals required to work comfortably with the Windows operating system.Introduction to Bash Scripting
Easy 10 Sections
This module covers the basics needed for working with Bash scripts to automate tasks on Linux systems. A strong grasp of Bash is a fundamental skill for anyone working in a technical information security role. Through the power of automation, we can unlock the Linux operating system's full potential and efficiently perform habitual tasks.Introduction to Networking
Fundamental 12 Sections
As an information security professional, a firm grasp of networking fundamentals and the required components is necessary. Without a strong foundation in networking, it will be tough to progress in any area of information security. Understanding how a network is structured and how the communication between the individual hosts and servers takes place using the various protocols allows us to understand the entire network structure and its network traffic in detail and how different communication standards are handled. This knowledge is essential to create our tools and to interact with the protocols.Intro to Network Traffic Analysis
Medium 15 Sections
Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. Offensive security practitioners can use network traffic analysis to search for sensitive data such as credentials, hidden applications, reachable network segments, or other potentially sensitive information "on the wire." Network traffic analysis has many uses for attackers and defenders alike.Introduction to Active Directory
Fundamental 16 Sections
Active Directory (AD) is present in the majority of corporate environments. Due to its many features and complexity, it presents a vast attack surface. To be successful as penetration testers and information security professionals, we must have a firm understanding of Active Directory fundamentals, AD structures, functionality, common AD flaws, misconfigurations, and defensive measures.Introduction to Web Applications
Fundamental 17 Sections
In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an information security perspective.Web Requests
Fundamental 8 Sections
This module introduces the topic of HTTP web requests and how different web applications utilize them to communicate with their backends.