A Day in the Life of an Ethical Hacker / Penetration Tester

The Cyber Mentor · Beginner ·🔐 Cybersecurity ·7y ago

Key Takeaways

The video discusses the day-to-day life of an ethical hacker/penetration tester, covering topics such as external and internal penetration testing, web application testing, and purple teaming, using tools like nmap, Nessus, and Burp Suite Pro.

Full Transcript

hey everybody so today we're going to talk about a question that I get asked quite a bit which is what do you do on a day to day basis as a penetration tester and/or ethical hacker so we're gonna cover that we're gonna talk about some of the jobs that I do and go a little bit more detail on the type of assessment work that we do and even the not so fun stuff like report writing so before we get started I do have one favor to ask you guys if you enjoy the video at the end please do hit that like button please do hit that subscribe button and if you really do like it please consider sharing it with a friend as well word of mouth is the way we grow we just hit 4,000 subscribers I am in debt to all of you thank you so much for your constant support and love so let's go ahead and talk about what I do on a day to day basis alright we're in front of the computer now because it's gonna make things a little bit easier I could show you some of the tools I use and you get to see not only me for a second you get to see my fat cat cleaning yourself I asked her to move out of the screen and she refused so that's Ava in joy Ava so some of the things that I do on a day-to-day basis let's bring this up so I roll out of bed about 755 a.m. I work at 8 o'clock I am my day typically around 5:00 I work from home so I have this luxury of being able to roll to bed and you know just start working pretty much right after I wake up very very nice thing to be able to have some other things that we do and that I'm going to talk about are external and internal network assessments we do web application assessments Wireless assessments physical social engineering phishing assessments we do sock assessments or we call those purple teaming assessments we do report writing of course and we do client debrief so depending on the day we're wearing a lot of different hats and it never is consistent day to day so I wish I could make a video and to show you the day and and have one consistent roll through but I don't so what I'm going to do is I'm going to take you through a brief description of every single little task that I might do in a day and you can kind of get an idea or a feel for what it's like to be a consultant slash penetration tester slash ethical hacker so let's talk about network and internal penetration testing all right so I just recorded this whole thing and realize that I muted my microphone so we're going to redo this so let's talk about external and internal penetration testing so we talked about external penetration testing we're talking about hacking from the outside internal penetration testing is hacking from the inside so we're going to look at this from a very high level so we have external penetration testing we are acting like we are sitting at our computer because that's what we're doing and we're using a scope given to us by the client of IP address range we're going to use our methodology of information gathering scanning a numeration exploitation etc so we're going to run through the gamut on the client and hopes of finding a way onto the inside of the network so some things that we may do without going into too much detail if we're doing information gathering typically it's not to do social engineering that's typically out of scope but we may gather user names and breach credentials from the past and do credential stuffing we may do password spraying if we have the opportunity we're gonna be running nmap and necess to gather a some data to put into our report in terms of or at least get to give to the client and to help us out to see what kind of information that we see are there any vulnerabilities there and can we exploit them so that's what the exploitation comes into play now as a penetration tester you don't always break in from the outside that's fine but there's usually something to report on whether it's patching or otherwise that that is there that maybe you weren't able to exploit but at least as some sort of a finding that the client could improve on their security posture now from the inside it's it's the same concept the same methodology however you're acting like you have already breached their network so either you you social engineered your way in you you know sent them malware and they opened it you got on to the VPN heck you could even went in there and plug directly into their network and left the device and walked away so what we're assuming is there some sort of inside threat now the methodology is the same the tools change a little bit because typically most environments are Active Directory based so you're running tools now like responder tools like incognito Kiwi etc so you're going to use those tools to try to escalate yourself into whatever the goal of the client is it may be hey go get domain admin it may be hey we've got sensitive PII that we want to see if you can capture or we've got you know we got intellectual property that we want to see if you can find and steal so it's not always domain admin at the end of the day it's just whatever the client wants you to get from that internal side of things so from a pen test perspective these are typically 40-hour assessments with report writing included in that now if the client is on the larger side those may go up to 80 hours or even 120 hours you may see a two or three-week internal-external per segment I should say so typically in external is about 40 hours the internal can get up to two to three weeks if it's a really big large client on the flip side you may see some at like 20 hours that they're a very small client so scoping is important in terms of timing but typically you're seeing 40 hours per segment here but if they're a smaller client you may see 40 hours for the whole the whole gamut that you run on them moving on to web application penetration testing this is where we are testing a web app so when we're talking about external internal you may find a web app running on a server but you typically leave that alone you make prod it a little bit but you're not looking for things like cross-site scripting for example that's not something that you would fall into scope for an external internal but that would fall into scope for a web allocation penetration test so there's a fine line there and the web app is basically you're assessing that web app and you're prodding it as much as you can to see all the little things that you could find with it so I have a checklist that's an OAuth checklist I'll run through that sucker completely through and make sure that I check every single box in that because there are so many things to look for for a web app so if you are a beginner in penetration testing you'll probably start out on external assessments and then once you've built trust you know you've got good methodology you'll get trained up or worked into internal assessments and eventually you'll work your way into web application penetration testing there are people that do web app penetration testing solely they do bug bounties solely whatever it's a field all in its own so it's a good skill to learn my advocate anybody that's interested in pen testing to learn web app side of it as well because it opens up more opportunities for you on the job side and there's just more money there on that as well the clients are all working towards web app pen tests I would say more so than network pen tests most of my assessments nowadays are fully web app penetration testing so and you got to think about it you may have one client that does and builds or has a bunch of web apps and they only have the one network to pen test so you charge them for each different web app that you do but you only charge them for the one network that you test right so you have many more opportunities to to earn money and earning potential when it comes to the web app testing now on a day-to-day the tools well the methodology stays the same the tools differ just a little bit so we're gonna be using burp suite now if there's anything that I would suggest somebody buy burp suite pro is probably the one tool that I suggest if you say I'm gonna buy one tool for a tool kit what should it be a burp suite if you're doing web app pen testing there's no doubt about it the Free Edition does not stack up at all to the Pro Edition will also be running nmap and necess because typically when we do a web app assessment what we're doing is we're doing internal and external on that web application as well so meaning we'll take the IP of that web application server and we'll scan against it as long as it's owned by the client right we'll scan against it and we'll see if there's any ports open other than 80 and 443 what are they running on there is something like RDP open for no reason you know so you're doing a pen test to see if you can get into that server in any other way outside of the web application and from the internal side of things as well you're gonna you're gonna pen test against anything that might touch that web app so if it's a load balancer if it's the server itself if it's a separate server that interacts with the with web app you're gonna you're gonna do a internal on that it's gonna be a very limited scope so it's not gonna apply to the same internal testing that you saw before with you know using tools like respond or that we talked about it's mainly just pen testing against or scanning and trying to exploit against that internal network so again scope for these are typically 40 hours sometimes 80 hours I've never seen it under 40 hours and sometimes they can even go longer but typically you need a lot of time for web app because there's so many little nuances and so many boxes of check that you need to make sure you can get through everything all right let's step away from the PowerPoint for a minute and I'm going to show you a wireless card here so for Wireless assessments we use a wireless card something like this that's injectable this is an alpha aw u.s. 0 3 6 and H this is a 2.4 gigahertz card some networks are now running on 5 gigahertz so even for me this is a little out of date I need to up my game just a bit but this works pretty well for most assessments what we're doing is we're taking one of these and we'll probably take a GPS dongle with us as well and most clients are running on wpa2 personal or pre shared key so what that means is it's just like a home network right so you'll try to go in there and you'll do what's called capturing a four-way handshake you'll take that four-way handshake and try to crack it you'll try to see what the how strong their password is for their network if you can crack it you'll start scanning and seeing what what's available in that Network does that network get you anything sensitive or is it just kind of like its own subset lockdown area the same thing for a guest network you're gonna go lock on to a guest network especially one that's like supposed to be isolated and see if you can touch internal servers from that guest Network because that's typically a no-no so there are also wpa2 enterprise so you may be using tools like EEP hammer or host APD but those are very similar I guess in in process really those are you can look those up and do those in a blog pretty quick most of the things you're going to be seeing are our wpa2 personal you may run into evil twin attacks as well so the the methodology is is the same you're still gonna do information gathering if you have to do some sort of password spraying against an enterprise client you might do that or a even credential stuffing so important to get that you'll do scanning again because we're gonna look at the network if we get on to it and maybe even some exploitation especially of the network password itself so you'll write a report on that and debrief the client but we'll cover reporting and debriefing here in a second all right and moving on to physical testing so for physical testing we can loop this into we can loop this into physicals as in I'm trying to break and enter we can loop this into social engineering which you can use in phishing attacks or phishing attacks or you can use on the physical side of things as well so when we talk about the physical assessments we're doing information gathering reconnaissance there we're gonna go on on Facebook on Twitter on LinkedIn we're gonna see what kind of pictures you have out there do you have pictures of your desks you have pictures of your badge what's the company clothing policy you know any kind of information we can gather from that aspect is really good we'll also take a drone and go on site fly it around the site to see what kind of doors might get propped open where the smoke areas are at we'll also do the same thing with like Google satellite images to see what information we can find and then we'll go on-site we'll either try to you know break our way in if we use some sort of you know lock-picking or if we can even use a can of air against some sensors we might do batch cloning where you clone your badge and use that to break in we might just social engineer our way in right we might just sit outside the smoke area or the break area and chat somebody up and just walk right in with them yeah you can even walk right through the front door sometimes so you know it's it's a wide variety of what you get typically when you say physical assessment you're going on-site and trying to get into some sort of critical space that being a a server or whatever the client deems as the critical place they want you to get into now not everybody does physical assessments but most most shops do and you don't have to do a physical assessment if that makes you uncomfortable for us we've got people on our team that don't want to do them and that just gives us more for the guys who are into doing that so if you get a rush out of it and you like to do it please volunteer because not everybody likes to and it's just you know it's fun so outside the physical side of things we also do phishing assessments where we'll send well-crafted emails or will do phishing assessments where we'll call somebody we'll call help desk and say hey I'm so-and-so I need my password reset can you let me in and see where we can get with that so methodology is still the same again there's exploitation there and then we're gonna write a report on it and we're gonna debrief the client on what we find okay so one other assessment that we do is called purple teaming this is also known as a sock assessment so we take purple teaming by combining red and blue what that means is we sit down as a red team we sit down with the blue team and we run exploits we say hey I'm running this exploit do you see this typically we've got a list of like I don't know 30 to 50 types of activities we can do we'll let the client pick from that list which ones they want to do some of them for example are if the client has a knack a network access control and you're able to just plug into their network and they don't see you that's bad right so they should be seeing you there should be some sort of baselining there something venting you large file transfers coming in or out of the network should they be seeing that should their sim see it yeah probably so it's fine-tuning things like that we may upload malware onto a machine and then start running all kinds of commands that an attacker would run to see if they could see those commands basically it's an attack and then hey blue team did you see this attack and they'll say yes I saw it or no I didn't see it so you're really helping them fine-tune their sim and their baselines and it really benefits you as well from two different perspective perspectives one is that when you're doing this and they catch you you can say okay well how can I make this office gated how can I make it so I'm more quiet and they don't catch me or two when they don't catch you you can help them fine tune the blue side of things and you learn the defensive strategies as well which makes you just a better consultant overall and a better pen tester so you really get a lot out of these purple teaming assessments but they are at least in my experience few and far between I've only done a couple in my time as a pen tester but I do think they're highly beneficial and I do recommend them as we can get them alright so lastly let's talk about report writing and debriefing and before we do that this is my second run through this as I said and I've been recording probably for like three hours now the cat the cat has not moved look at that the size of that cat she is at least 20 pounds and just a gigantic blob I don't know how she's still alive she's she's so old and so fat and doesn't move so part of me envies her I think but I digress so when we talk about report writing and we talk about debriefing so you're gonna have a report for every single thing you do if you looked at the the slides and when I commented on the types of assessments every single one of them included a report and a debrief so when we talk about client assessments typically there is a kickoff call before you do any sort of assessment you're saying hey this is what we're planning to do we're starting their activities and then you send you know kickoff emails while you're actually doing the activities but once your activities are done you write your report and typically that's about eight hours per 40 hours I would say so you you have those eight hours and you improve over time on your report writing you get a repository of findings that you've had in the past and you can just kind of you know copy and paste to replace and fill in the blanks right for the client specifics but you know you still have to write the report and if you're doing multiple assessments say you have an external internal and a web app all for one client then you have to write three reports that you aggregate into one for that client at the end of the day you are report writing every time and your debriefing every time so you might just debrief one segment you might debrief the whole report depending on what you did right if you worked on one section and your coworker working on another section then you might do brief one and he might be brief the other part of the report you might debrief the whole thing it just depends on how your shop runs it but do know that report writing and debriefing are a big big part of pen testing and should not go unnoticed where you get to to do all the hacking but then there's the okay I've got to put my consultant hat on and help these people understand at a really high level how I'm gonna explain this you know or how to fix this right so you got to kind of explain it like they're five to a lot of them because it's not always going to be a client where they have a high technical knowledge you're gonna have a lot of c-level executives or owners in the room that don't understand from an IT perspective and that's kind of why they hired you so you really have to be able to break it down to them as best as you can and really explain what the remediation steps are what the critical critical tasks are they need to focus on first all right ladies and gentlemen and that's it hopefully I answered some of your questions about what it's like on a day to day basis I know there's not a typical you know I go to work I do this from 9:00 to 5:00 every day is a little bit different and hopefully that's exciting for some you they're looking to get into the field because you wear so many different hats every single day that really you know it's it's never the same thing it's not monotonous and that's awesome for me so if I if I did answer your questions you know please do hit that like button please do subscribe share with a friend if you've got any additional questions please feel free to comment down below and I will respond back to you as quickly as I can so until next time I'm the cyber mentor and I thank you for joining me [Music]

Original Description

25 Hour Practice Ethical Hacking Course: https://www.udemy.com/course/practical-ethical-hacking/?referralCode=4A7D5EE973AFBCAD11C6 90% Discount Code (valid through 2019): THECYBERMENTOR 0:00 - Introduction 0:49 - Day to day overview 2:31 - External / Internal Penetration Testing 6:11 - Web Application Penetration Testing 10:06 - Wireless Penetration Testing 12:13 - Physical/Social Testing 14:41 - SOC / Purple Teaming 16:33 - Report writing and debriefing ❓Info❓ ___________________________________________ Need a Pentest?: https://tcm-sec.com Learn to Hack: https://academy.tcm-sec.com 🔹The Cyber Mentor Merch🔹 ___________________________________________ https://teespring.com/stores/the-cyber-mentor 📱Social Media📱 ___________________________________________ Website: https://thecybermentor.com Twitter: https://twitter.com/thecybermentor Twitch: https://www.twitch.tv/thecybermentor Discord: https://tcm-sec.com/discord LinkedIn: https://www.linkedin.com/in/heathadams 💸Donate💸 ___________________________________________ Like the channel? Please consider supporting me on Patreon: https://www.patreon.com/thecybermentor Support the stream (one-time): https://streamlabs.com/thecybermentor Hacker Books: Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX The Hacker Playbook 3: https://amzn.to/34XkIY2 Hacking: The Art of Exploitation: https://amzn.to/2VchDyL The Web Application Hacker's Handbook: https://amzn.to/30Fj21S Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx Linux Basics for Hackers: https://amzn.to/34WvcXP Python Crash Course, 2nd Edition: https://amzn.to/30gINu0 Violent Python: https://amzn.to/2QoGoJn Black Hat Python: https://amzn.to/2V9GpQk My Build: lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1 EVGA 2080TI: https://amzn.to/30d2lj7 MSI Z390 Moth
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from The Cyber Mentor · The Cyber Mentor · 37 of 60

1 Buffer Overflows Made Easy - Part 1: Introduction
Buffer Overflows Made Easy - Part 1: Introduction
The Cyber Mentor
2 Buffer Overflows Made Easy - Part 2: Spiking
Buffer Overflows Made Easy - Part 2: Spiking
The Cyber Mentor
3 Buffer Overflows Made Easy - Part 3: Fuzzing
Buffer Overflows Made Easy - Part 3: Fuzzing
The Cyber Mentor
4 Buffer Overflows Made Easy - Part 4: Finding the Offset
Buffer Overflows Made Easy - Part 4: Finding the Offset
The Cyber Mentor
5 Buffer Overflows Made Easy - Part 5: Overwriting the EIP
Buffer Overflows Made Easy - Part 5: Overwriting the EIP
The Cyber Mentor
6 Buffer Overflows Made Easy - Part 6: Finding Bad Characters
Buffer Overflows Made Easy - Part 6: Finding Bad Characters
The Cyber Mentor
7 Buffer Overflows Made Easy - Part 7: Finding the Right Module
Buffer Overflows Made Easy - Part 7: Finding the Right Module
The Cyber Mentor
8 Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
The Cyber Mentor
9 HackTheBox - Sunday Walkthrough (Re-Up)
HackTheBox - Sunday Walkthrough (Re-Up)
The Cyber Mentor
10 Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
The Cyber Mentor
11 Networking for Ethical Hackers - Network Subnetting (Re-Up)
Networking for Ethical Hackers - Network Subnetting (Re-Up)
The Cyber Mentor
12 Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
The Cyber Mentor
13 Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
The Cyber Mentor
14 HackTheBox - Fighter Walkthrough (Re-Up)
HackTheBox - Fighter Walkthrough (Re-Up)
The Cyber Mentor
15 Beginner Linux for Ethical Hackers - Navigating the File System
Beginner Linux for Ethical Hackers - Navigating the File System
The Cyber Mentor
16 Beginner Linux for Ethical Hackers - Users and Privileges
Beginner Linux for Ethical Hackers - Users and Privileges
The Cyber Mentor
17 Beginner Linux for Ethical Hackers - Common Network Commands
Beginner Linux for Ethical Hackers - Common Network Commands
The Cyber Mentor
18 Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
The Cyber Mentor
19 Beginner Linux for Ethical Hackers - Controlling Kali Services
Beginner Linux for Ethical Hackers - Controlling Kali Services
The Cyber Mentor
20 Beginner Linux for Ethical Hackers - Scripting with Bash
Beginner Linux for Ethical Hackers - Scripting with Bash
The Cyber Mentor
21 Beginner Linux for Ethical Hackers - Installing and Updating Tools
Beginner Linux for Ethical Hackers - Installing and Updating Tools
The Cyber Mentor
22 Cracking Linux Password Hashes with Hashcat
Cracking Linux Password Hashes with Hashcat
The Cyber Mentor
23 Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
The Cyber Mentor
24 Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
The Cyber Mentor
25 Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
The Cyber Mentor
26 Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
The Cyber Mentor
27 New Zero to Hero Pentest Course, New Website, and 2K Subs?!
New Zero to Hero Pentest Course, New Website, and 2K Subs?!
The Cyber Mentor
28 Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
The Cyber Mentor
29 Zero to Hero Pentesting: Episode 2 - Python 101
Zero to Hero Pentesting: Episode 2 - Python 101
The Cyber Mentor
30 Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
The Cyber Mentor
31 Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
The Cyber Mentor
32 Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
The Cyber Mentor
33 Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
The Cyber Mentor
34 Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
The Cyber Mentor
35 Installing Windows Server 2016 on VMWare in 5 Minutes
Installing Windows Server 2016 on VMWare in 5 Minutes
The Cyber Mentor
36 Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
The Cyber Mentor
A Day in the Life of an Ethical Hacker / Penetration Tester
A Day in the Life of an Ethical Hacker / Penetration Tester
The Cyber Mentor
38 Active Directory Exploitation - LLMNR/NBT-NS Poisoning
Active Directory Exploitation - LLMNR/NBT-NS Poisoning
The Cyber Mentor
39 Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
The Cyber Mentor
40 Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
The Cyber Mentor
41 Writing a Pentest Report
Writing a Pentest Report
The Cyber Mentor
42 Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
The Cyber Mentor
43 The Complete Linux for Ethical Hackers Course for 2019
The Complete Linux for Ethical Hackers Course for 2019
The Cyber Mentor
44 Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
The Cyber Mentor
45 Popping a Shell with SMB Relay and Empire
Popping a Shell with SMB Relay and Empire
The Cyber Mentor
46 Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
The Cyber Mentor
47 Pentesting for n00bs: Episode 2 - Lame
Pentesting for n00bs: Episode 2 - Lame
The Cyber Mentor
48 Pentesting for n00bs: Episode 3 - Blue
Pentesting for n00bs: Episode 3 - Blue
The Cyber Mentor
49 Web App Testing: Episode 1 - Enumeration
Web App Testing: Episode 1 - Enumeration
The Cyber Mentor
50 Pentesting for n00bs: Episode 4 - Devel
Pentesting for n00bs: Episode 4 - Devel
The Cyber Mentor
51 Pentesting for n00bs: Episode 5 - Jerry
Pentesting for n00bs: Episode 5 - Jerry
The Cyber Mentor
52 Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
The Cyber Mentor
53 Pentesting for n00bs: Episode 6 - Nibbles
Pentesting for n00bs: Episode 6 - Nibbles
The Cyber Mentor
54 Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
The Cyber Mentor
55 How NOT to Approach a Cybersecurity Mentor
How NOT to Approach a Cybersecurity Mentor
The Cyber Mentor
56 Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
The Cyber Mentor
57 Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
The Cyber Mentor
58 Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
The Cyber Mentor
59 Pentesting for n00bs: Episode 9 - Grandpa
Pentesting for n00bs: Episode 9 - Grandpa
The Cyber Mentor
60 Top 5 Internal Pentesting Methods
Top 5 Internal Pentesting Methods
The Cyber Mentor

This video teaches the basics of penetration testing, including external and internal testing, web application testing, and purple teaming, and provides an overview of the day-to-day life of an ethical hacker/penetration tester.

Key Takeaways
  1. Run nmap and Nessus to gather data and identify vulnerabilities
  2. Perform information gathering, scanning, and exploitation as part of a penetration test
  3. Use Burp Suite Pro for web app pen testing
  4. Capture a four-way handshake to crack WPA2 passwords
  5. Scan for sensitive data on the network
  6. Pen test against internal servers from a guest network
💡 Penetration testers need to explain complex technical issues to non-technical clients and prioritize remediation steps and critical tasks

Related AI Lessons

Sudden SSL Error for github pages custom domain website
Fix sudden SSL errors on GitHub Pages custom domain websites by checking DNS records and SSL certificates
Reddit r/webdev
Nobody Is Coming to Save Your Privacy. Build the Tools Yourself
Take charge of your own privacy by building tools yourself, as relying on others may not be effective
Dev.to · v. Splicer
The Billion Dollar Business of Making You Forget Passwords
Learn how the internet is shifting away from password-based security and what this means for cybersecurity, as companies invest billions in alternative authentication methods
Medium · Cybersecurity
Your ChatGPT History Is a Liability. I Fixed That With a $80 Chip and a Pi5.
Protect your ChatGPT history from being used as evidence against you by building a secure local solution using a Raspberry Pi and external chip
Medium · Cybersecurity

Chapters (8)

Introduction
0:49 Day to day overview
2:31 External / Internal Penetration Testing
6:11 Web Application Penetration Testing
10:06 Wireless Penetration Testing
12:13 Physical/Social Testing
14:41 SOC / Purple Teaming
16:33 Report writing and debriefing
Up next
Cyber security threats @FameWorldEducationalHub #cybersecurity #threats #shorts #ytshorts
FAME WORLD EDUCATIONAL HUB
Watch →