Follow

Introduction & Attack Methodology

(Optional Overview — Recommended for Beginners)

This article is Section 1 of the Ethical Hacking Attack Phases Workshop

Welcome to Ethical Hacking Attack Phases — CEHv13 Workshop! This section provides a brief introduction to the ethical hacking methodology used throughout the CEHv13 curriculum. It is intended for students who want additional context before beginning the hands-on tasks. If you already have experience with penetration testing concepts, you may skip this section and proceed directly to the workshop instructions.

What Is Ethical Hacking?

Ethical hacking is the practice of legally evaluating system and network security by simulating real-world attacker techniques. Ethical hackers aim to identify vulnerabilities before malicious actors can exploit them. The goal is to strengthen defenses, reduce risk, and improve incident readiness.

Purpose of This Workshop

This workshop provides a practical, hands-on overview of key attack phases from the CEHv13 curriculum. Instead of completing the full CEH training path, you will work through selected, high-impact tasks that demonstrate how attackers:

  • Capture system credentials

  • Gain remote access to a machine

  • Enumerate and map web applications

  • Perform targeted brute-force attacks

  • Analyze wireless network traffic

  • Exploit Android devices via ADB

These activities provide experience across multiple attack surfaces—system, web, wireless, and mobile—and reinforce both how attacks occur and how defenders can detect or mitigate them.

The Ethical Hacking Attack Lifecycle (High-Level)

Ethical hacking typically follows a structured attack lifecycle. Below is a simplified summary used throughout CEHv13:

1. Reconnaissance

Gathering information about a target to identify potential attack vectors.

2. Scanning & Enumeration

Identifying live systems, open ports, services, and application behavior.

3. Gaining Access

Exploiting vulnerabilities to obtain system or application access.
(Examples in this workshop: credential capture, reverse shells, Android exploitation.)

4. Maintaining Access

Establishing persistence or ensuring repeatable access after initial compromise.

5. Covering Tracks

Clearing logs or hiding evidence of activity.
(Not covered in this workshop.)

The tasks in this workshop map directly to several of these core phases.

Tools You Will Use in This Workshop

Throughout the workshop, you will work with well-known security tools used by penetration testers:

  • Responder — Captures NTLM authentication traffic and hashes.
  • Reverse Shell Generator — Creates payloads used to gain remote system access.
  • OWASP ZAP — Identifies web application structure and potential vulnerabilities.
  • Burp Suite Intruder — Executes automated brute-force attacks and input tests.

  • PhoneSploit-Pro — Leverages ADB to remotely access and control Android devices

These tools reflect real attacker workflows and provide valuable experience across multiple technology domains.

How This Workshop Relates to CEHv13

This workshop uses selected tasks from:

  • Module 06 — System Hacking

  • Module 14 — Hacking Web Applications

  • Module 16 — Hacking Wireless Networks

  • Module 17 — Hacking Mobile Platforms

Rather than completing the entire CEH course, you will perform the specific tasks chosen to illustrate foundational attack phases. Your lab score may show partial completion—this is expected and normal for this workshop.

Ready to Begin?

Click here to proceed to the hands-on portion of the workshop

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk