Category Archives: Uncategorized
200. Scripting Basics (OBJ 5.1 & OBJ 5.2) In this section of the course we’re going to talk about the basics of scripting and how you can create your own scripts during your penetration tests and engagements to automate some or all of your workflow. This topic is really focused on domain five tools and […]
198. Lessons Learned (OBJ 4.2) In this lesson, we’re going to talk about Lessons Learned, which is a key part of your post-report delivery activities. Now, Lessons Learned are an analysis of the events that can provide us insight into how we can improve our penetration testing process in the future. The Lessons Learned process […]
195. Destroy Test Data (OBJ 4.2) In this lesson, we’re going to talk about how you destroy your test data. Now when I’m talking about test data, I’m talking about all the things you’ve collected during this engagement. As you’ve been going through and doing password cracking, as you’ve been going through and doing hash […]
192. Post-report Activities (OBJ 4.2) In this section of the course, we’re going to discuss the different actions that you need to perform after your report has been completed and delivered to your client. As we move through this section, we’re going to continue looking at the fourth phase of our engagement, reporting and communication. […]
187. Secure Coding (OBJ 4.2) Secure Coding. In this lesson, we are going to talk about some secure coding best practices. And in this lesson, we’re going to talk about input validation, output encoding, and parametrized queries. First, let’s talk about input validation. Now I know I’ve mentioned how important it is when I talked […]
185. Administrative Controls (OBJ 4.2) In this lesson, we’re going to talk about some administrative controls. This includes role-based access control, minimum password requirements, policies and procedures, and secure software development life cycles. First, we have role-based access control. Role-based access control is a security approach that focuses on restricting the availability of a resource […]
183. Physical Controls (OBJ 4.2) In this lesson, we’re going to talk about some physical security controls that you can use as remediation against vulnerabilities found during your penetration tests. Often, you’re going to find that physical access is a lot easier to achieve than getting remote access, because a lot of organizations will fall […]
180. Findings and Remediations (OBJ 4.2) In this section of the course, we’re going to discuss how to make recommendations for appropriate remediations based on the findings that you found during your penetration test. As we move into this section, we’re going to be continuing to look at the fourth phase of our engagement, reporting […]
176. Report Data Gathering (OBJ 4.1) In this lesson, we’re going to discuss how you gather data for the report at the end of your engagement. Now, data can come from numerous different sources including your open source intelligence, reconnaissance, enumeration, vulnerability scanners, and your attack and exploit tools. As you conduct your engagements, you […]
174. Reasons for Communication (OBJ 4.3) In this lesson, we’re going to discuss the different reasons for communication during a penetration test or engagement. These reasons include situational awareness, de-confliction, de-escalation, identifying false positives, criminal activity, and goal reprioritization. The first reason that a penetration tester needs to communicate with the target organization, is to […]