This course focuses on teaching exploitation techniques, shell usage, and credential stuffing in the field of penetration testing. The course covers topics such as reverse shells, bind shells, payloads, manual exploitation of vulnerabilities, using tools like Metasploit and Burp Suite, and analyzing scan results. The teaching method includes demonstrations, practical examples, and Q&A sessions. This course is intended for individuals interested in cybersecurity, penetration testing, ethical hacking, and improving their offensive security skills.
Zero to Hero Pentesting - Exploitation, Shells, and Some Credential Stuffing
Cyber Mentor via YouTube
Overview
Syllabus
- Welcome.
- Lesson overview & staying humble.
- Reverse shells vs bind shells.
- Staged vs non-stage payloads.
- Brief bind shell demonstration with netcat.
- Reviewing scans from last week.
- Exploiting mod_ssl 2.8.4 w/ OpenLuck manually.
- Exploiting Samba 2.2.1a w/ trans2open Metasploit.
- Reviewing some of our report findings.
- Scanning, enumerating, and exploiting Hack The Box's Lame.
- Credential stuffing & password spraying overview.
- Running breach-parse against Tesla.com.
- Using Burp Suite to perform credential stuffing & password spraying.
- Boxers or briefs?.
- What are you drinking?.
- Are web pentest skills and network pentest skills interchangeable?.
- What college degree is best for cybersecurity?.
- What's new in your life / upcoming talks?.
- What is this channel about?.
- Troubleshooting a Kioptrix issue.
- Is the CEH worth pursuing?.
- Jon Jones??.
- Best advice to move from service desk to security?.
- Is OSCP the best certification?.
- Do you need a CS degree to be successful?.
- What makes hacking unethical?.
- How to transition from webdev to appsec?.
- Tips for organization when testing large clients?.
- What did you think about the Pentest+?.
- How many more segments of Zero to Hero are left?.
- How do you submit/plan a talk?.
- What keyboard are you using?.
- Are we building an AD lab next week?.
- Are most of your assessments AD?.
- Should I stop the OSCP and attempt the eJPT if I'm struggling?.
- What are your specs?.
- Are we covering all PowerShell in the course?.
- OSCP vs HTB.
- What is you Domain Admin % rate on all engagements?.
- Domain Admin from a printer?.
- How many assessments have you done total?.
- How much time do you get per assessment?.
- How does the OSCP help in the job market?.
- What is an internal assessment?.
- What should I do at a conference?.
- Best stories from an engagement?.
- DragonCon EFF?.
- Is the CEH worth it with a discount?.
- Do you ever feel pressure or anxiety when learning pentesting?.
- Is web app your number one priority right now?.
- How far did you get in the OSCP labs?.
- Bob.....
- Finding pentest work w/ a felony.
- When is the next stream?.
- Is eating ice bad for you?.
- What do we need for the AD stream?.
- Zoom on Immunity Debugger?.
- Favorite security podcasts?.
- Do you perform phishing campaigns?.
- What type of phone do you have?.
- Where do you get most of your pentest news?.
- What kind of case do you have?.
- What time do you wake up for work / work from home life.
- How do remote internal pentests work?.
- CIS Top 20.
- What is your monitor setup?.
- Lego Bugatti / AWAE / Arizona Cyber Range.
- What's your watch?.
- Do you get burned out?.
- Does your workplace pay for training?.
- Work schedule / down time.
- How did you become a pentester?.
- Overtime?.
- Bug bounties you're a part of?.
Taught by
The Cyber Mentor
