171. Communication and Reports (OBJ 4.3) In this section of the course, we’re going to discuss the importance of communication during the penetration testing process, and the different components that you should include in your final written report that you’re going to deliver to your client. As we move through this section, we’re going to […]

169. Persistence and Covering Your Tracks (OBJ 3.7) In this demonstration, I’m going to show you how you can set up scheduled tasks for persistence, as well as to cover your tracks in a basic windows environment. Now, for this particular demonstration, I am using a very old version of Windows, which is actually Windows […]

166. Convert Channels (OBJ 3.7) Covert Channels. Now, in the last lesson on data exfiltration, I talked about overt channels. Things like FTP, or peer-to-peer, or instant messaging, that are obvious ways to send data. But data exfiltration can also happen over covert channels. We talked about this by hiding data inside of DNS and […]

164. Living off the Land (OBJ 3.7) In this lesson, we’re going to talk about living off the land and some differences between some traditional malware exploitation techniques. And so we have to first define what is an exploit technique? Well, an exploit technique describes the specific method by which malware code infects a targeted […]

161. Detection Avoidance (OBJ 3.7) In this section of the course, we’re going to discuss the different techniques that are used during the post exploitation portion of your attacks against a target in order to establish a foothold, maintain persistence and avoid detection. Now, we’re going to be completing our coverage of Domain 3, attacks […]

157. Lateral Movement (OBJ 3.7) Now, we talked about lateral movement already and I already provided a couple of examples or techniques that we can use for lateral movement as an attacker if you’re working as a pen tester. Things like pass the hash or golden ticket attack. But there are other ones out there […]

159. Escalating Privileges (OBJ 3.7) In this lesson, we’re going to talk about escalating privileges, which is something an attacker tries to do once they exploit a target system or network. This is known as privilege escalation. Simply put, privilege escalation is the practice of exploiting flaws in an operating system or other application to […]

154. Lateral Movement and Pivoting (OBJ 3.7) Lateral movement and pivoting. If you’ve ever watched American football, you’ve probably seen a lateral pass. Now, a lateral pass occurs when the player tosses the ball to a teammate by throwing it to the side or behind them, and that way you’re moving the ball to another […]

151. Post-exploitation (OBJ 3.7) In this section of the course, we’re going to discuss different techniques that are used during the post exploitation part of your attacks against a target network. Now post exploitation actions are any actions that you take after the initial attack or exploit has been successful. For example, if you were […]

149. Virtual Machine Attacks (OBJ 3.5) In this lesson, we’re going to discuss virtual machine attacks, including VM escapes, VM hopping, sandbox escapes and other VM concerns. First, we have VM escapes or virtual machine escapes. A VM escape is a type of attack where a threat actor attempts to get out of an isolated […]