How Not to Suck at Pen Testing
Offered By: YouTube
Course Description
Overview
Learn essential strategies and techniques to improve your penetration testing skills in this comprehensive 52-minute conference talk by John Strand. Explore common pitfalls in pen testing, including scanning issues and the importance of looking beyond automated tools. Discover advanced techniques such as ISR Evilgrade attacks, DNS host analysis, and firewall log analysis for C2 detection. Gain insights on avoiding detection, expanding your testing scope, and adhering to the Penetration Testers Code of Ethics. Enhance your ability to identify vulnerabilities, conduct thorough assessments, and provide valuable security insights to organizations.
Syllabus
Intro
We Have a Problem
Scanning Issues
Looking for Red
Solution
Informational: Directory Listing
Informational: SMTP Server Found
Going Beyond Scanning
Getting Caught
One step forward...
ISR Evilgrade Attacks
Finding New Areas
Techniques: DNS
Host Analysis
C2: Firewall logs
Moving Forward
Penetration Testers Code of Ethics
Related Courses
Network SecurityGeorgia Institute of Technology via Udacity Proactive Computer Security
University of Colorado System via Coursera Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera Hacker101
HackerOne via Independent CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent