Inspiring the Next Generation with INE and the eJPT, Info Gathering and Pentest Lifecycle - Part 3 and 4 (of 8)

Hi Everyone - sorry for the blogging break. I went through the eWAPT exam AND followed it up with a vacation.

Here is some highlights from hacker bootcamp in weeks 2 & 3.

In week 2 of the bootcamp we had an interview session with Jason Ward, he is a security analyst at EnergyUnited. We covered many interesting topics, including EnergyUnited’s collaboration with CISA (Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security). I wanted to provide the students with the opportunity to hear from someone in the critical infrastructure industry to understand how different companies have vastly different cybersecurity needs from a strategic leadership and board of directors perspective. Obviously, the recent Colonial Pipeline ransomware attack has far-reaching impact into the critical infrastructure sectors of the United States. Jason mentioned that as a member of InfraGard ( he is able to maintain a close relationship with the FBI in terms of incident response to attacks like the Colonial Pipeline ransomware attack. We also mentioned the relevance and prominence of Active Directory in corporate organizations and mentioned this TryHackMe room (Hacking Active Directory: TryHackMe | Attacktive Directory) as an additional resource to learn some more about Active Directory.

During this time, the students completed their first labs in HTTP Traffic Sniffing, and Finding the Secret Server which will be critical for their success in the eJPT exam. We covered the Penetration Testing Lifecycle and answered the following homework questions (which if you are following along, you should be able to as well!)
1. What are the stages of the Penetration Testing Lifecycle (in order)?
2. What command do you use in the terminal to set the route to the Secret Server in Lab: Find the Secret Server?
3. Over what type of traffic do attackers often exfiltrate data out of an organization?

In week 3 of the bootcamp we began our adventures into Information Gathering, mostly using a multitude of simple-but-effective tools like Google, LinkedIn, Twitter, and the target company’s websites to gather information about our potential targets. Because the Penetration Testing Student course doesn’t have a direct lab for this section, I invented a small homework assignment for the students to perform, feel free to follow along and post your info gathering below! Of particular note for students and those job hunting - make sure that you check out a company’s job postings to get an understanding of the relevant technology stack for their organization and needed skills that will make your resume and/or interview stand out.

Use the tools you have learned about for information gathering. This can be by using tools like sublist3r, amass, or other tools like LinkedIn, Twitter,, etc. You are going to gather some information about one company and a second one of your choice.
Company 1: Tesla
a. Who is the current CEO of Tesla?
b. What is Tesla’s Mission Statement? (you should know how to research these so you can incorporate it into your interviews with companies)
c. Utilize the online tool, to enumerate email addresses, what is the 2nd hit on the list?

Company 2: Your Choice of Company
Rules: Find any company that you want to research, gather as much information about it as possible. This can include company address, leadership team, subdomains, email addresses, etc, etc. Post an attack narrative about what you have discovered. (Example: I researched blah (dot) com, it is owned by blah (dot) org and their CEO is BlahBlah Blahberstein the 3rd, and they are a 300,000 employee company, etc.)

That is a lot of insight into the information gathering Step and complete with a real world example. And also your boot camp initiative and schedule has helped me a lot to map out my progress. Thank You @AWilson :grin:

thanks for the kind words, and glad to be a help!

1 Like