วีดีโอ

It’s part of the framework from the concept that it’s made by the same people and the output of what you generate from msfvenom can be used with other metasploit framework tools, like msfconsole. It is its own thing, but works with other things, if that makes sense.

Lmao!!😂

Totally get it - it’s hard to get your foot in the door. The answer is “networking” - find some local networking groups, like local defcon groups, ISSA chapters, 2600 groups, etc. and start getting to be active in the community. You can also attend local hacker conferences (or start your own) - the smaller hacker villages are a great source of meeting people and finding out who in the area has job openings. Hope that helps, and good luck!

That’s an excellent question. You start with vulnerability scans and manual testing against the applications and protocols on the system. Depending on what you find dictates you next steps. Thanks for the question!

Geek... I'm speaking geek. ;-)

Glad you found the tutorial useful! Good luck with your studies and thanks for the comment!

There are pretty much just three ways to attack something as a pentester: 1) attack the application (flaws in the code, exploited by malware) 2) attack the protocol (find a security flaw - cleartext communication for example) 3) attack weakness in user inputs (brute force weak passwords would be an example for this) Hope that helps @onkarmhaskar8551 !

Hack the Box - starter tier 1 Appointment server

Thanks for such positive words! Glad my tutorials have been helpful. 👍👍👍

discord.gg/3T7mfDu5Px I look forward to you joining us!

Godox TL60

(Un)fortunately, a lot of the skills learned during a CTF matches the skills necessary to perform a professional penetration test. On internal pentests, you'd be surprised how many systems are this poorly configured. Thanks for watching the speedrun to compromise the Redeemer server!

On internal pentests, you'd be surprised how many systems you find like these. O_o Thanks for commenting!

As explained later in the video, this attack is a layer-2 attack performed during the reconnaissance phase. Attacking encryption protocols like you’re suggesting is a different type of attack. Also, cleartext protocols are very common on internal pentests so it is not uncommon to intercept credentials, hashes and sensitive information, so this is a critical skill to learn. I also explained the differences between ettercap and wireshark, specifically the fact ettercap highlights captured sensitive data while with wireshark you have to dig for it and will often miss sensitive data. Thanks for watching!

😏

Great question - depends on what type of hacking you want to learn, but most people start with web application hacking, in which case I would suggest Learning about the OWASP Top 10 and then start learning (ethically, of course) on exploitable targets like those found on VulnHub, or Hack The Box, or Try Hack Me. You can learn by tutorials (like mine), or attend a course (like mine) or learn for free using walkthroughs provided by the communities. Good luck!

Hacking is an entire career track, and isn't for everyone. Find you niche, learn it well, and you'll be successful in whatever you do! Good luck!

It was blank 😮

@@pentest_TV 😂😂 amazing, like all Mikrotik routers by default up until 2021 or so

And both mongo and redis databases by default! Crazy.

I hope so too! Make sure to come back here and share pics when you do!

LOL - it's a necessary evil, unfortunately... a lot of customers still prefer MS Teams so I have learned over the years to have a MS platform and use virtual engines for my Kali instances. Plus using VMs allows me to delete the kali images after each engagement to ensure my system removes customer data. Thanks for watching!

@@pentest_TVyou can use the kali Linux Microsoft thing and than use walk

The minimum requirement is just the laptop. However, the additional systems and monitors allows me to keep multiple websites up, connected with my client (using Slack or Signal), have my report generator accessible, access to file systems and more. Eventually, the more screen surface area you can add, the better, in order to save time from trying to scroll through the different apps and browsers.

​@@pentest_TVohh now i get it, thx for explaining😁

Great question - thanks for asking!!

I appreciate that! My goal when making videos is exactly what you said , so I’m glad you find them beneficial. Thanks for watching and commenting!

Would love to see it - always looking for inspiration!

😆 It’s taken a while for me to get this rig set up. It’s not going anywhere. 😉

Dedicate all your free time to learning. Start with learning the OWASP Top 10 and practice using exploitable servers like those from VulHub. Good luck!!👍

Hack all the things

This is a layer-2 attack so you can only see systems within your networking domain. In short, the traffic gathering stops at the router, so you can only see traffic within your virtual network.

@@pentest_TV oh I see, how can I do in order to see my computers traffic..??

@@alejandrogonzalez1598 Switch your network setting in VMware for the kali box to "bridged"

@@pentest_TV 😳, how do you know I use VMware..???.. 😆.. thank you..if you have courses I definitely will buy.. hope not too expensive though 😂..

@@pentest_TV actually didn't work..do you have a tutorial about that..??

Let's definitely make it happen - I'll set up a group on the Discord server and we'll get it going. Thanks for joining!

I just added the links for Ghostwriter and where to get findings, along with the methodology/framework/playbooks in the video description. As for CVSS, Check out NIST and their guide, which can be found here: nvd.nist.gov/vuln-metrics/cvss/v3-calculator

Great question! Depends on what type of pentesting you want to do. If it's web application testing, then focus on those languages used to develop web apps. If it's network pentesting, then focus on scripting languages.

Glad you found it useful - thanks for watching.

Yes - yesterday. Just concluded Day 2. I'll be doing another one tomorrow as well.

That’s a different type of attack and something I’ll cover soon - this is a layer-2 attack that’s best practice during an internal pentest.

Thanks for trying - next one is tomorrow, so hope to see you there!