Play all

- Welcome

- Lesson overview & staying humble

- Reverse shells vs bind shells

- Staged vs non-stage payloads

- Brief bind shell demonstration with netcat

- Reviewing scans from last week

- Exploiting mod_ssl 2.8.4 w/ OpenLuck manually

- Exploiting Samba 2.2.1a w/ trans2open Metasploit

- Reviewing some of our report findings

- Scanning, enumerating, and exploiting Hack The Box's Lame

- Credential stuffing & password spraying overview

- Running breach-parse against Tesla.com

- Using Burp Suite to perform credential stuffing & password spraying

- Boxers or briefs?

- What are you drinking?

- Are web pentest skills and network pentest skills interchangeable?

- What college degree is best for cybersecurity?

- What's new in your life / upcoming talks?

- What is this channel about?

- Troubleshooting a Kioptrix issue

- Is the CEH worth pursuing?

- Jon Jones??

- Best advice to move from service desk to security?

- Is OSCP the best certification?

- Do you need a CS degree to be successful?

- What makes hacking unethical?

- How to transition from webdev to appsec?

- Tips for organization when testing large clients?

- What did you think about the Pentest+?

- How many more segments of Zero to Hero are left?

- How do you submit/plan a talk?

- What keyboard are you using?

- Are we building an AD lab next week?

- Are most of your assessments AD?

- Should I stop the OSCP and attempt the eJPT if I'm struggling?

- What are your specs?

- Are we covering all PowerShell in the course?

- OSCP vs HTB

- What is you Domain Admin % rate on all engagements?

- Domain Admin from a printer?

- How many assessments have you done total?

- How much time do you get per assessment?

- How does the OSCP help in the job market?

- What is an internal assessment?

- What should I do at a conference?

- Best stories from an engagement?

- DragonCon EFF?

- Is the CEH worth it with a discount?

- Do you ever feel pressure or anxiety when learning pentesting?

- Is web app your number one priority right now?

- How far did you get in the OSCP labs?

- Bob....

- Finding pentest work w/ a felony

- When is the next stream?

- Is eating ice bad for you?

- What do we need for the AD stream?

- Zoom on Immunity Debugger?

- Favorite security podcasts?

- Do you perform phishing campaigns?

- What type of phone do you have?

- Where do you get most of your pentest news?

- What kind of case do you have?

- What time do you wake up for work / work from home life

- How do remote internal pentests work?

- CIS Top 20

- What is your monitor setup?

- Lego Bugatti / AWAE / Arizona Cyber Range

- What's your watch?

- Do you get burned out?

- Does your workplace pay for training?

- Work schedule / down time

- How did you become a pentester?

- Overtime?

- Bug bounties you're a part of?

Description:

Dive into an extensive 2-hour 48-minute video tutorial on penetration testing, covering exploitation techniques, shell types, and credential stuffing. Learn about reverse and bind shells, staged vs non-staged payloads, and practical demonstrations of exploiting vulnerabilities in mod_ssl and Samba. Explore scanning and enumeration techniques using Hack The Box, and gain insights into credential stuffing and password spraying with tools like breach-parse and Burp Suite. The tutorial concludes with a comprehensive Q&A session addressing various cybersecurity topics, career advice, and personal experiences in the field of ethical hacking.

Zero to Hero Pentesting - Exploitation, Shells, and Some Credential Stuffing

Cyber Mentor

Add to list

#Information Security (InfoSec) #Penetration Testing #Cybersecurity #Ethical Hacking #Burp Suite #Metasploit #Offensive Security #Credential Stuffing

0:00 / 0:00