- 48
- 125 505
pentestTV
United States
เข้าร่วมเมื่อ 25 มิ.ย. 2023
CLICK HERE to learn more about me and this channel!
Welcome - my name is Tom Wilhelm and I have been a professional pentester for over two decades. My latest career role was that of a pentesting Practice Director in charge of a large team of other professional penetration testers. I have written numerous books on the topic, spoken at Hacker Conferences across the US, and was an Associate Professor teaching ethical hacking to both undergrad and graduates. Before that, I was in the U.S. Army as a Signals Intelligence Analyst, Cryptanalyst, and Russian Linguist. I started learning about hacking in the 80's back when BBS systems were all the rage and dial up modems were the primary way to be connected with other hackers, so I've seen a lot and can share a lot.
I created this channel to expand my teaching of the ethics and techniques needed to become a professional penetration tester to a wider audience. Hope you enjoy, and good luck on your journey to be a professional, ethical hacker!
Welcome - my name is Tom Wilhelm and I have been a professional pentester for over two decades. My latest career role was that of a pentesting Practice Director in charge of a large team of other professional penetration testers. I have written numerous books on the topic, spoken at Hacker Conferences across the US, and was an Associate Professor teaching ethical hacking to both undergrad and graduates. Before that, I was in the U.S. Army as a Signals Intelligence Analyst, Cryptanalyst, and Russian Linguist. I started learning about hacking in the 80's back when BBS systems were all the rage and dial up modems were the primary way to be connected with other hackers, so I've seen a lot and can share a lot.
I created this channel to expand my teaching of the ethics and techniques needed to become a professional penetration tester to a wider audience. Hope you enjoy, and good luck on your journey to be a professional, ethical hacker!
วีดีโอ
Discover Hidden Files on Websites (Safely)
มุมมอง 2.6K4 หลายเดือนก่อน
Discover Hidden Files on Websites (Safely)
Mastering Password Cracking With Hydra (The Right Way)
มุมมอง 2.5K4 หลายเดือนก่อน
Mastering Password Cracking With Hydra (The Right Way)
MSFvenom Demystified: Unlocking the Power of Exploit Shellcode
มุมมอง 2.7K10 หลายเดือนก่อน
MSFvenom Demystified: Unlocking the Power of Exploit Shellcode
Crash Course in Metasploit Payloads: Everything You Need to Know
มุมมอง 6K10 หลายเดือนก่อน
Crash Course in Metasploit Payloads: Everything You Need to Know
Finding Exploits with Nessus: Ultimate Scanner for Penetration Testing
มุมมอง 12K10 หลายเดือนก่อน
Finding Exploits with Nessus: Ultimate Scanner for Penetration Testing
I Came, I Saw, I Hacked: Automate Attacks for Penetration Testing
มุมมอง 5K11 หลายเดือนก่อน
I Came, I Saw, I Hacked: Automate Attacks for Penetration Testing
Stealing Passwords Using Wireshark and Ettercap
มุมมอง 16K11 หลายเดือนก่อน
Stealing Passwords Using Wireshark and Ettercap
Hack Web Servers using Nikto and WhatWeb: Web Scanning Unleashed
มุมมอง 3.3K11 หลายเดือนก่อน
Hack Web Servers using Nikto and WhatWeb: Web Scanning Unleashed
Hack Your First Server using Kali Linux
มุมมอง 19K11 หลายเดือนก่อน
Hack Your First Server using Kali Linux
NMAP Revealed: Unleash the Ultimate Hacker Tool
มุมมอง 21Kปีที่แล้ว
NMAP Revealed: Unleash the Ultimate Hacker Tool
Hack like a Pro: Build a hacking lab using Kali Linux
มุมมอง 7Kปีที่แล้ว
Hack like a Pro: Build a hacking lab using Kali Linux
Please, is msfvenom outside metrosploit framework? I emjoyed the whole session but that part confused me
It’s part of the framework from the concept that it’s made by the same people and the output of what you generate from msfvenom can be used with other metasploit framework tools, like msfconsole. It is its own thing, but works with other things, if that makes sense.
am i the only one trying to use this just to get passwords i forgot
Lmao!!😂
Hi, I finished CompTIA Sec+ 9 months ago, but it has been impossible to land a junior job in cybersecurity. Any advice for a newly initiated fella?
Totally get it - it’s hard to get your foot in the door. The answer is “networking” - find some local networking groups, like local defcon groups, ISSA chapters, 2600 groups, etc. and start getting to be active in the community. You can also attend local hacker conferences (or start your own) - the smaller hacker villages are a great source of meeting people and finding out who in the area has job openings. Hope that helps, and good luck!
How can someone determine if a server is vulnerable ?
That’s an excellent question. You start with vulnerability scans and manual testing against the applications and protocols on the system. Depending on what you find dictates you next steps. Thanks for the question!
What language is he is speaking
Geek... I'm speaking geek. ;-)
Thank you so much for sharing, I'm just getting into the Cyber Security world, I'm just finishing up my college course that is very foundational and I'm eager to expand my training. Take Care
Glad you found the tutorial useful! Good luck with your studies and thanks for the comment!
But how to exploit latest version of ftp? Dont give direct answer coz i want to learn.
There are pretty much just three ways to attack something as a pentester: 1) attack the application (flaws in the code, exploited by malware) 2) attack the protocol (find a security flaw - cleartext communication for example) 3) attack weakness in user inputs (brute force weak passwords would be an example for this) Hope that helps @onkarmhaskar8551 !
And whose IP is there?
Hack the Box - starter tier 1 Appointment server
Im just wasting time and money for college I have you 💯👌✨
Im just wasting time and money for college I have you 💯👌✨
Thanks for such positive words! Glad my tutorials have been helpful. 👍👍👍
Discord?
discord.gg/3T7mfDu5Px I look forward to you joining us!
what LED light do you use behind the first monitor on your left ?
Godox TL60
ctf is not "compromising a server"
(Un)fortunately, a lot of the skills learned during a CTF matches the skills necessary to perform a professional penetration test. On internal pentests, you'd be surprised how many systems are this poorly configured. Thanks for watching the speedrun to compromise the Redeemer server!
If it were that easy the we’d all be in trouble 😅
On internal pentests, you'd be surprised how many systems you find like these. O_o Thanks for commenting!
You sure didn't need Ettercap to sniff a plaintext username/password over HTTP. Now do it again, over HTTPS.
As explained later in the video, this attack is a layer-2 attack performed during the reconnaissance phase. Attacking encryption protocols like you’re suggesting is a different type of attack. Also, cleartext protocols are very common on internal pentests so it is not uncommon to intercept credentials, hashes and sensitive information, so this is a critical skill to learn. I also explained the differences between ettercap and wireshark, specifically the fact ettercap highlights captured sensitive data while with wireshark you have to dig for it and will often miss sensitive data. Thanks for watching!
BULL SHIT. LAME ASS VIDEO. WE JUST KNOW RANDOM BOX ADMIN PASSWORDS WTF. GOD I HATE AI-GENERATED VIDEOS.
Oh myyyy
😏
How do you build your hacking skill?
Great question - depends on what type of hacking you want to learn, but most people start with web application hacking, in which case I would suggest Learning about the OWASP Top 10 and then start learning (ethically, of course) on exploitable targets like those found on VulnHub, or Hack The Box, or Try Hack Me. You can learn by tutorials (like mine), or attend a course (like mine) or learn for free using walkthroughs provided by the communities. Good luck!
I hack a game name granny a horro game but im not the good of a hacker
Hacking is an entire career track, and isn't for everyone. Find you niche, learn it well, and you'll be successful in whatever you do! Good luck!
Ahh yes, the old already know the administrator password trick😅
It was blank 😮
@@pentest_TV 😂😂 amazing, like all Mikrotik routers by default up until 2021 or so
And both mongo and redis databases by default! Crazy.
One day hope to have mine too...😊
I hope so too! Make sure to come back here and share pics when you do!
You not fooling anybody with those windows 11 taskbars
LOL - it's a necessary evil, unfortunately... a lot of customers still prefer MS Teams so I have learned over the years to have a MS platform and use virtual engines for my Kali instances. Plus using VMs allows me to delete the kali images after each engagement to ensure my system removes customer data. Thanks for watching!
@@pentest_TVyou can use the kali Linux Microsoft thing and than use walk
Idk shit abt hacking, but why do u need so many devices? Is it like compulsory?
The minimum requirement is just the laptop. However, the additional systems and monitors allows me to keep multiple websites up, connected with my client (using Slack or Signal), have my report generator accessible, access to file systems and more. Eventually, the more screen surface area you can add, the better, in order to save time from trying to scroll through the different apps and browsers.
@@pentest_TVohh now i get it, thx for explaining😁
Great question - thanks for asking!!
Believe i will benefit more from your videos than others. You don't just rust through the pentest, you are actually teaching the trade.
I appreciate that! My goal when making videos is exactly what you said , so I’m glad you find them beneficial. Thanks for watching and commenting!
Your jaw would drop if you saw mine.
Would love to see it - always looking for inspiration!
How do I enter to win??
😆 It’s taken a while for me to get this rig set up. It’s not going anywhere. 😉
How do I get into penetration testing quick?
Dedicate all your free time to learning. Start with learning the OWASP Top 10 and practice using exploitable servers like those from VulHub. Good luck!!👍
❤❤❤❤
League goes hard!
Hack all the things
Why I don't see my 3 computers and my router..?? just the virtual machine...
This is a layer-2 attack so you can only see systems within your networking domain. In short, the traffic gathering stops at the router, so you can only see traffic within your virtual network.
@@pentest_TV oh I see, how can I do in order to see my computers traffic..??
@@alejandrogonzalez1598 Switch your network setting in VMware for the kali box to "bridged"
@@pentest_TV 😳, how do you know I use VMware..???.. 😆.. thank you..if you have courses I definitely will buy.. hope not too expensive though 😂..
@@pentest_TV actually didn't work..do you have a tutorial about that..??
I would love to participate in a HTB Study group
Let's definitely make it happen - I'll set up a group on the Discord server and we'll get it going. Thanks for joining!
Hello, can you clarify on how to setup the reporting tool and also how to generate cvs scores.thanks love your videos.
I just added the links for Ghostwriter and where to get findings, along with the methodology/framework/playbooks in the video description. As for CVSS, Check out NIST and their guide, which can be found here: nvd.nist.gov/vuln-metrics/cvss/v3-calculator
What programming language would you suggest for a person interested in learning hacking.
Great question! Depends on what type of pentesting you want to do. If it's web application testing, then focus on those languages used to develop web apps. If it's network pentesting, then focus on scripting languages.
Thank you
Glad you found it useful - thanks for watching.
Moist brought me here
Was it live streamed?
Yes - yesterday. Just concluded Day 2. I'll be doing another one tomorrow as well.
can you beat https?
That’s a different type of attack and something I’ll cover soon - this is a layer-2 attack that’s best practice during an internal pentest.
Ah I missed the live, gonna sub to see if I can catch the next one
Thanks for trying - next one is tomorrow, so hope to see you there!