Zero to Hero Pentesting - Exploitation, Shells, and Some Credential Stuffing

Dive into an extensive 2-hour 48-minute video tutorial on penetration testing, covering exploitation techniques, shell types, and credential stuffing. Learn about reverse and bind shells, staged vs non-staged payloads, and practical demonstrations of exploiting vulnerabilities in mod_ssl and Samba. Explore scanning and enumeration techniques using Hack The Box, and gain insights into credential stuffing and password spraying with tools like breach-parse and Burp Suite. The tutorial concludes with a comprehensive Q&A session addressing various cybersecurity topics, career advice, and personal experiences in the field of ethical hacking.

- Welcome.
- Lesson overview & staying humble.
- Reverse shells vs bind shells.
- Staged vs non-stage payloads.
- Brief bind shell demonstration with netcat.
- Reviewing scans from last week.
- Exploiting mod_ssl 2.8.4 w/ OpenLuck manually.
- Exploiting Samba 2.2.1a w/ trans2open Metasploit.
- Reviewing some of our report findings.
- Scanning, enumerating, and exploiting Hack The Box's Lame.
- Credential stuffing & password spraying overview.
- Running breach-parse against Tesla.com.
- Using Burp Suite to perform credential stuffing & password spraying.
- Boxers or briefs?.
- What are you drinking?.
- Are web pentest skills and network pentest skills interchangeable?.
- What college degree is best for cybersecurity?.
- What's new in your life / upcoming talks?.
- What is this channel about?.
- Troubleshooting a Kioptrix issue.
- Is the CEH worth pursuing?.
- Jon Jones??.
- Best advice to move from service desk to security?.
- Is OSCP the best certification?.
- Do you need a CS degree to be successful?.
- What makes hacking unethical?.
- How to transition from webdev to appsec?.
- Tips for organization when testing large clients?.
- What did you think about the Pentest+?.
- How many more segments of Zero to Hero are left?.
- How do you submit/plan a talk?.
- What keyboard are you using?.
- Are we building an AD lab next week?.
- Are most of your assessments AD?.
- Should I stop the OSCP and attempt the eJPT if I'm struggling?.
- What are your specs?.
- Are we covering all PowerShell in the course?.
- OSCP vs HTB.
- What is you Domain Admin % rate on all engagements?.
- Domain Admin from a printer?.
- How many assessments have you done total?.
- How much time do you get per assessment?.
- How does the OSCP help in the job market?.
- What is an internal assessment?.
- What should I do at a conference?.
- Best stories from an engagement?.
- DragonCon EFF?.
- Is the CEH worth it with a discount?.
- Do you ever feel pressure or anxiety when learning pentesting?.
- Is web app your number one priority right now?.
- How far did you get in the OSCP labs?.
- Bob.....
- Finding pentest work w/ a felony.
- When is the next stream?.
- Is eating ice bad for you?.
- What do we need for the AD stream?.
- Zoom on Immunity Debugger?.
- Favorite security podcasts?.
- Do you perform phishing campaigns?.
- What type of phone do you have?.
- Where do you get most of your pentest news?.
- What kind of case do you have?.
- What time do you wake up for work / work from home life.
- How do remote internal pentests work?.
- CIS Top 20.
- What is your monitor setup?.
- Lego Bugatti / AWAE / Arizona Cyber Range.
- What's your watch?.
- Do you get burned out?.
- Does your workplace pay for training?.
- Work schedule / down time.
- How did you become a pentester?.
- Overtime?.
- Bug bounties you're a part of?.