Join Malcolm Shore for an in-depth discussion in this video Disclaimer, part of Penetration Testing: Advanced Tunneling and Exfiltration.
- [Instructor] This course uses an online lab and a range of third party testing tools. Some are commercial products, and some are open source. The download and installation instructions for all tools used in this course are available as a PDF in the associated course material. While we've done our best to ensure that the tools we use and the sites we reference are legitimate, testing sites can be targets for hackers, and we can't provide any assurance that these sites might not be compromised when you visit them.
Some of the sites which store the testing tools are detected as dangerous because the tools have similar signatures to malware, and may raise antivirus alerts when you visit them. The testing tools we demonstrate are extremely powerful. They may demonstrate some of the signature characteristics as malware and malicious implants, and may raise antivirus alerts when you try to download them. Again, we can't provide assurance that the software hasn't been compromised when you download it, and so, as for any other software from the internet, you need to exercise due diligence and take personal responsibility for anything you load into your system.
- How tunneling works
- Running a local SSH tunnel
- Dynamic SSH tunneling
- Pivoting with Armitage and Metaspoit
- Exfiltrating using DET and DNS
- Covert exfiltration with Cachetalk
- Using PyExfil to exfiltrate over HTTPS