Once you have an understanding of the tools you're most likely to use on a penetration test, you'll want to complement that knowledge with techniques that you can use to get the most out of those tools. Jerod introduces you to the credential harvesting technique with which he's had the most success, as well as two field guides that you should add to your penetration testing bookshelf.
- [Instructor] One of my favorite…penetration testing techniques is password spraying.…Instead of trying to brute force an application…with one username and multiple passwords…you instead use multiple usernames and a single password.…Why?…Well think about it for a moment.…How many applications are going to lock out users…after a single failed login attempt?…All you need is a password that at least one person…is likely to be using today.…
If you're not sure where to start try this.…Combine the current season, the year…and a special character.…For example Winter2019!…Will that work?…Chances are it will.…It meets all of the most common…password complexity requirements,…uppercase, lowercase, alphanumeric,…at least eight characters, special characters.…What's worse, the changing of seasons…occurs every 90 days, the same time…that many organizations require their users…to select a new password.…
On a side note if this is your password please change it.…Penetration testing techniques are constantly changing,…constantly evolving.…
Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115).
- Identifying the five major types of security assessments
- Defining the security assessment life cycle
- Setting up your testing environment
- Planning a security assessment
- Reviewing documentation, logs, and more
- Identifying test targets
- Testing for password and other security vulnerabilities
- Drafting and delivering your report
Skill Level Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
What you should know1m 49s
1. Understanding Security Assessments
2. Your Testing Environment
3. Planning Your Assessment
4. Review Techniques
5. Identifying Your Targets
6. Vulnerability Validation
7. Additional Considerations
Next steps3m 39s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.