Report on Beyond Curriculum Training

Introduction

The Beyond Curriculum Training program aimed to equip participants with hands-on
experience in cybersecurity tools and techniques. Spanning six days, the training covered
various aspects of ethical hacking, including system setup, phishing, footprinting, OSINT
frameworks, and wireless security. Participants were exposed to practical scenarios using
tools such as Kali Linux, Zphisher, Camphish, Shodan, SET Toolkit, SpiderFoot, and Nmap.

Day 1: Installation of Kali Linux on VirtualBox & Introduction to Zphisher

On the first day, participants learned to install Kali Linux on VirtualBox using a guest VM. The
session provided insights into the environment required for ethical hacking.

Steps to Install Kali Linux on VirtualBox:

1. Download VirtualBox and Kali Linux ISO:

o VirtualBox can be downloaded from https://www.virtualbox.org/.

o Kali Linux ISO is available at https://www.kali.org/downloads/.

2. Create a New Virtual Machine:

o Open VirtualBox and click on "New".

o Name the VM and set the type to Linux and version to Debian (64-bit).

o Allocate a minimum of 2 GB RAM and create a virtual hard disk of at least 20

GB.

3. Install Kali Linux:

o Attach the downloaded ISO to the VM and start the virtual machine.

o Follow the installation prompts for language, location, user credentials, and
disk partitioning.

4. Finalize Installation and Boot:

o After installation, reboot the VM and log in with the set credentials.

Introduction to Zphisher:

Zphisher is a phishing tool designed for social engineering attacks. It is a powerful tool for
demonstrating the importance of cybersecurity awareness.
Installation and Usage:

git clone https://github.com/htr-tech/zphisher

cd zphisher

bash Zphisher.sh

• Choose the type of phishing attack (e.g., Facebook, Instagram, Gmail).

• Select a tunneling option (e.g., Localhost or Ngrok).

• Share the generated link with the target to capture credentials (for educational
purposes only).

Day 2: Continued with Zphisher

Day 2 involved deep-diving into the advanced functionalities of Zphisher. Participants

practiced different phishing scenarios, emphasizing the need for cybersecurity ethics and
responsible disclosure.

Key Takeaways:

• Phishing simulations to understand social engineering tactics.

• Importance of using such tools only in ethical hacking and penetration testing
environments.

Day 3: Introduction to Camphish

Camphish is a tool used to exploit a device's camera using social engineering tactics. It
demonstrates the significance of protecting one's privacy online.

Installation and Usage:

git clone https://github.com/techchipnet/CamPhish

cd CamPhish

chmod +x camphish.sh

./camphish.sh

• Select a template and generate a phishing link.

• Send the link to the target. When opened, it activates the device's camera.

• The captured images are saved locally on the attacker's device.

Day 4: Footprinting with Shodan & Understanding IP Address Classes

Footprinting is the first step in ethical hacking, where information about the target is
gathered.

Using Shodan for Footprinting:

Shodan is a search engine for internet-connected devices, allowing users to discover

vulnerable systems.

Steps to Use Shodan:

1. Visit https://www.shodan.io/.

2. Create an account and obtain the API key.

3. Use filters like country, port, and org to refine searches.

4. Commands:

shodan host [IP_ADDRESS]

shodan search [QUERY]

IP Address Classes:

• Class A: 0.0.0.0 to 127.255.255.255 – Large networks

• Class B: 128.0.0.0 to 191.255.255.255 – Medium-sized networks

• Class C: 192.0.0.0 to 223.255.255.255 – Small networks

• Class D: 224.0.0.0 to 239.255.255.255 – Multicast

• Class E: 240.0.0.0 to 255.255.255.254 – Reserved

Day 5: OSINT Frameworks, SET Toolkit, and SpiderFoot

The session focused on Open Source Intelligence (OSINT) and its application in ethical
hacking.

Introduction to OSINT Frameworks:

• OSINT frameworks help in gathering publicly available information about targets.

• Participants explored popular frameworks like Maltego, SpiderFoot, and OSINT

Framework website.

Using SET Toolkit:

Social Engineering Toolkit (SET) is used for social engineering attacks like phishing.

Installation and Usage:

sudo apt update

sudo apt install set

sudo setoolkit

• Select the attack type, e.g., Social-Engineering Attacks.

• Choose the phishing template and customize as needed.

• Generate a phishing link and distribute it ethically for testing purposes.

Using SpiderFoot:

SpiderFoot is an OSINT automation tool that collects data from over 100 public sources.

Installation and Usage:

sudo apt install python3-pip

pip3 install spiderfoot

• Launch SpiderFoot:

python3 sf.py -l 127.0.0.1:5001

• Access the web interface at http://127.0.0.1:5001/.

• Create a new scan, provide the target domain, and select the modules for data
collection.

Day 6: Wireless Security & Hack the Box CTF

Participants learned about wireless security protocols and participated in a Capture The Flag
(CTF) challenge on Hack The Box.

Wireless Security:

• Introduction to wireless encryption standards (WEP, WPA, WPA2, WPA3).

• Tools used: Wireshark.

• Practical demonstration of capturing and analyzing wireless packets.

Hack The Box CTF Challenge:

Participants practiced ethical hacking skills by solving a CTF challenge using Nmap for
network scanning.
Nmap Usage:

nmap -sV -sC -A -T4 [TARGET_IP]

• -sV: Version detection

• -sC: Default scripts

• -A: OS detection and traceroute

• -T4: Faster execution

• The scan revealed open ports and services, leading to the exploitation phase.

Conclusion

The Beyond Curriculum Training program provided practical insights into ethical hacking
tools and methodologies. Participants learned the importance of cybersecurity, the power of
social engineering tools, and the criticality of OSINT in penetration testing. The training
emphasized ethical usage and responsible disclosure while using such tools.