Zero to Hero Pentesting: Episode 7 – Exploitation, Shells, and Some Credential Stuffing
iSpeech
Zero to Hero:
0:00 - Welcome
2:43 - Lesson overview & staying humble
8:20 - Reverse shells vs bind shells
11:05 - Staged vs non-stage payloads
12:20 - Brief bind shell demonstration with netcat
15:30 - Reviewing scans from last week
17:30 - Exploiting mod_ssl 2.8.4 w/ OpenLuck manually
27:38 - Exploiting Samba 2.2.1a w/ trans2open Metasploit
37:50 - Reviewing some of our report findings
39:45 - Scanning, enumerating, and exploiting Hack The Box's Lame
1:01:00 - Credential stuffing & password spraying overview
1:13:05 - Running breach-parse against Tesla.com
1:14:05 - Using Burp Suite to perform credential stuffing & password spraying
Q&A / AMA
1:28:53 - Boxers or briefs?
1:29:00 - What are you drinking?
1:29:42 - Are web pentest skills and network pentest skills interchangeable?
1:30:02 - What college degree is best for cybersecurity?
1:30:25 - What's new in your life / upcoming talks?
1:30:55 - What is this channel about?
1:31:10 - Troubleshooting a Kioptrix issue
1:31:40 - Is the CEH worth pursuing?
1:31:55 - Jon Jones??
1:32:10 - Best advice to move from service desk to security?
1:33:10 - Is OSCP the best certification?
1:33:30 - Do you need a CS degree to be successful?
1:33:45 - What makes hacking unethical?
1:34:30 - How to transition from webdev to appsec?
1:35:38 - Tips for organization when testing large clients?
1:37:02 - What did you think about the Pentest+?
1:38:50 - How many more segments of Zero to Hero are left?
1:40:20 - How do you submit/plan a talk?
1:44:48 - What keyboard are you using?
1:45:25 - Are we building an AD lab next week?
1:45:48 - Are most of your assessments AD?
1:46:30 - Should I stop the OSCP and attempt the eJPT if I'm struggling?
1:47:00 - What are your specs?
1:48:15 - Are we covering all PowerShell in the course?
1:48:40 - OSCP vs HTB
1:48:55 - What is you Domain Admin % rate on all engagements?
1:49:45 - Domain Admin from a printer?
1:52:30 - How many assessments have you done total?
1:53:30 - How much time do you get per assessment?
1:54:10 - How does the OSCP help in the job market?
1:56:55 - What is an internal assessment?
1:57:50 - What should I do at a conference?
1:59:15 - Best stories from an engagement?
2:07:05 - DragonCon EFF?
2:08:15 - Is the CEH worth it with a discount?
2:09:15 - Do you ever feel pressure or anxiety when learning pentesting?
2:11:00 - Is web app your number one priority right now?
2:11:50 - How far did you get in the OSCP labs?
2:12:45 - Bob....
2:13:50 - Finding pentest work w/ a felony
2:15:52 - When is the next stream?
2:16:50 - Is eating ice bad for you?
2:17:35 - What do we need for the AD stream?
2:18:25 - Zoom on Immunity Debugger?
2:20:20 - Favorite security podcasts?
2:21:20 - Do you perform phishing campaigns?
2:24:38 - What type of phone do you have?
2:25:00 - Where do you get most of your pentest news?
2:26:10 - What kind of case do you have?
2:27:00 - What time do you wake up for work / work from home life
2:31:25 - How do remote internal pentests work?
2:32:55 - CIS Top 20
2:36:28 - What is your monitor setup?
2:36:55 - Lego Bugatti / AWAE / Arizona Cyber Range
2:37:50 - What's your watch?
2:39:30 - Do you get burned out?
2:41:25 - Does your workplace pay for training?
2:43:00 - Work schedule / down time
2:44:05 - How did you become a pentester?
2:45:00 - Overtime?
2:45:30 - Bug bounties you're a part of?
___________________________________________
❓Info❓
___________________________________________
Hire me: https://tcm-sec.com
Course info: https://www.thecybermentor.com/zero-to-hero-pentesting
Contact (professional inquiries only, please): info@thecybermentor.com
📱Social Media📱
___________________________________________
Website: https://thecybermentor.com
Twitter: https://twitter.com/thecybermentor
Twitch: https://www.twitch.tv/thecybermentor
Discord: https://discord.gg/REfpPJB
LinkedIn: https://www.linkedin.com/in/heathadams
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
https://www.patreon.com/thecybermentor
2019-05-02 15:49:09
source
Gloss