Help me
#3
I'll disagree with the above because it's unlikely the user has enough practical knowledge to take on those challenges. Answer the question as it is asked, and ask for more information if needed. Only then, you can answer the question the correct way if required.

For DDoS, I'd recommend the DDoS Training Site ( https://www.ddosbootcamp.com/ ). It's probably the best place I've ever seen that teaches about DDoS not only at fundamental pop-culture understanding level, but on a technical/practical level as well as how businesses can try to mitigate damages caused by DDoS attacks. Covers all grounds to a relatively intermediate degree, I know that I learned a lot more than I thought I would the first time I tried it out, and this was back when I thought I had a good grasp on how DDoS attacks worked.

For MITM, you'll need to do a little more theoretical work. The landscape for MITM does actually change a bit every two years or so. For instance, yes, you can technically intercept packets on a network to read transmitted data. But what if that data is sent using SSL and is encrypted? Now you need to strip SSL from subsequent connections and force plaintext communication. So the industry created an extra header called HSTS (sometimes built into browser specs for large sites) that prevents a page from even loading, or from the server from responding if the request is not in plaintext. There are other ways around that and some of those methods are being slowly mitigated, and the subsequent solutions are becoming much more complex, even to the point where I'd consider it 'diminishing returns.'

Find a book on Wireshark as it's the most popular packet capture tool online.
Take a look at PacketTracer as well from Cisco to understand how network interfacing and topology works.
Read up on MITM tutorials/guides over the years and see the evolution yourself. (i.e. find an article from 2013, then 2015, then 2017, 2018, 2019, 2020) and see how things have changed and which technologies are now being exploited. It's not always the raw HTTP packet that you want to compromise, you might need to create/spoof DNS records so that the router will route the request packet to your machine to take apart, and send the request finally to the actual destination, then follow the same path back. It takes time; it's not something you learn overnight, although you can get started very quickly overnight with DVWA as mentioned above, or just by setting up your own local HTTP server across two devices on your network and try to sniff packets going between them.

Ransomware typically falls under malware development. All you could learn viably for an enterprise setting is how to try and mitigate it by understanding what it is. The only way I ever really learned about ransomware was taking some apart, so if you don't have the skillset to do that, (you probably don't,) then don't bother.
Reply


Messages In This Thread
Help me - by astronomo - 12-07-2020, 05:56 PM
RE: Help me - by enmafia2 - 12-07-2020, 08:46 PM
RE: Help me - by poppopret - 12-07-2020, 09:31 PM
RE: Help me - by astronomo - 12-08-2020, 11:03 AM
RE: Help me - by Insider - 12-12-2020, 11:11 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Help me hacking WPA2 wifi brandroot 5 4,926 03-01-2021, 08:13 PM
Last Post: Vector
  HEY FAMILY.. Help me out :-( ALPXHAX 7 5,644 12-26-2020, 04:47 PM
Last Post: FancyBear
  Need help with forensic analysis. unbuildpain 1 4,232 06-27-2020, 05:26 PM
Last Post: DeepLogic
  Rivers and lakes first aid!!!Ask for help!! LingYun 4 8,964 09-03-2018, 03:54 PM
Last Post: enmafia2