A Day in the Life of an Ethical Hacker / Penetration Tester
ฝัง
- เผยแพร่เมื่อ 2 มิ.ย. 2024
- 25 Hour Practice Ethical Hacking Course:
www.udemy.com/course/practica...
90% Discount Code (valid through 2019): THECYBERMENTOR
0:00 - Introduction
0:49 - Day to day overview
2:31 - External / Internal Penetration Testing
6:11 - Web Application Penetration Testing
10:06 - Wireless Penetration Testing
12:13 - Physical/Social Testing
14:41 - SOC / Purple Teaming
16:33 - Report writing and debriefing
❓Info❓
___________________________________________
Need a Pentest?: tcm-sec.com
Learn to Hack: academy.tcm-sec.com
🔹The Cyber Mentor Merch🔹
___________________________________________
teespring.com/stores/the-cybe...
📱Social Media📱
___________________________________________
Website: thecybermentor.com
Twitter: / thecybermentor
Twitch: / thecybermentor
Discord: tcm-sec.com/discord
LinkedIn: / heathadams
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. - วิทยาศาสตร์และเทคโนโลยี
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
As a pen tester are you forced to travel a lot. I worry about starting a family in the future and being away from home often.
What is the difference between TCM academy and a cybersecurity boot camp?
@@moesparc 7777777777777777777777777777777777777777777777777777777777777777777777777777777777777&7777777777777777777777777777777777777
You are amazing man. I got my security + and going for CEH or OCSP not sure yet. But your videos are amazing. If possible help me with my question in regards to how to setup lab, what equipment do we need.
Hey bro how can I talk you privately
Can you make a video on how you personally got to the position you are in now? Like how did you get started? What were your first steps personally? What do you recommend for the upcoming generations?
Love to see this
Jfigueroa43 Hi,
I might no be at his level but I do work as a penetration tester as well. What I can say to get started is watch videos on youtube related to hacking. Then if you have money maybe go for OSCP you’ll learn a lot from it. If knowledge is not enough try elearnsecurity first it was good as well highly recommended. Penetration Testing is huge I mean it have many fields as well, although idk if they call it as a field but what I’m trying to say is look for something also where you want to focus first whether it is on web app, sysytem/network, mobile, etc.. For example, focus on webapp pentesting first then you’ll learn to do other stuff along the way. Good luck and never stop learning :)!
@@joverflow1050 Hi i realy like your comment i am student in cyber security winch is a ethical hacking i am bit shy about my course by college did not tech me any coding as u say Ur a hacker or pen tester can you tell me do i need to know coding most for pen testing job thank you it is will be helpful if u reply back kindly.
@@monchurmiah1229 You do.
Zero Thanks for the insight man.
Really enjoying your vids. Its honest and it's to the point. People ask to subscribe before videos but its drawn out and annoying. You are to the point with no over done intros lol. You do it without acting either. You do it like it's done in reality. Well done. Keep it up.
The BEST MENTOR I HAVE COME ACROSS. I am soo glad I found you.
that's pretty awesome! you're not just working in one field you're working in multiple fields. I like that! i'm not always stuck with just one same job.
This guy's got RGB fans and a Bugatti Chiron in the background... That's how you know this profession makes money.
Well, a miniature model because the real thing will never happen :)
@@TCMSecurityAcademy I hope 1 day it will be happen.
You do realize you just cursed yourself?
@@thedarkthrone4699 he cursed himself a year ago
The salaries of this field are insane, they range from the 6 figure range and I have met people making up to 200k pending their knowledge and experience in this field.
I've watched a few videos and you do a great job of defining Purple Teams as Red + Blue teams, but you never define Red or Blue teams. I presume one team attacks the other's network, but it isn't obvious to someone watching to learn about pentesting with absolutely no background because the boss tossed a post it on their desk late Friday that reads, "Hey, we need the new web app pentested. We're going live Monday." Otherwise, very much enjoying the 15 hour course and learning enough to ask better questions, which is fantastic. Thank you for sharing this.
Amazing insight into the field! Definitely makes me want to work even harder to become a PenTester
Thank you for the constant support, hxmo
Did you ever get into it?
@@nicolaspope5599 yes, been working as a Pentester for over 2 years now, thanks for commenting this brings back so many memories wow
Got my OSCP in 2020
I can also confirm this is an accurate summary of a pentesters daily life lol
Hi, I am here because a friend of mine told me about you. Nice videos.
Thanks for making all this content. For people like myself it's invaluable.
Great to have people like you guys in this world.
Didn't realize this was an older post. It made excited to see your 4,000 subscribers turned into 286,000!
Am really enjoying this journey since i started following this channel. God will surely bless Adams in multiple folds. Am just a beginner but looking forward to becoming like him someday. I really admire your career.
I don't know if this intro is new since I came for the zero to hero pentesting but if it is new then congrats and I really like it.
Intro has been around a little bit, just not on the zero to hero vids. Glad you enjoy it!
I just signed my offer letter as a Junior Pen tester! So excited to start!
How are you enjoying the job?
How are you enjoying the job?
I've been a System Administrator for 7 years with the DoD and I was looking on changing over to become a Pentester. It is something I've always had a passion for growing up and was wondering where I should start in regards of getting a job. I have A+, Sec+ and Linux+.
The idea about using drones to survey the site, that's awesome. Never crossed my mind
Just found your video and it gave me an insight into my future career once I am done with my master degree in cyber security network operations.
That's great :)
Keep up the good work, understand you are now chasing paper, enjoy, have fun
This was a good video. I think the only thing I'm a little scared of talking to a group of people, plus writing reports. I know that's part of the job of being pentester. Keep up the group videos.
Thanks man. You get used to it as you go :)
Been watching a few of your vids, as I listened to this one I like how you went on a random rant about your cat! Subscribed
I enrolled in College for a Cyber Security degree and I haven’t been sure if it was the degree I’d like to run with but after this, I’m sure that I want to work as a Pen Tester. Thank you so much for this video
hows it going so far?
@@batalorian7997 well so far I’ve had to delay multiple times from catching COVID, I have COVID again currently 😅
Very informative Keith..Many thanks :)
Great video! Do you have any advice as to how to set up a resume for a starter in this career? I did my masters in Digital Forensics and wrote a sample thesis for WiFi Penetrating Testing. I don’t exactly have to much work experience in this career, but everyone (those who are in this field of work) keeps telling me I am a great candidate for this career.
Thanks for a great video! Super informative!
The physical part of it sounds like a lot of fun I’d take those jobs
Hey, what a great course you have on Udemy. With you working remotely what sort of machine spec do you send your client and what sort of software do you have to call home on? Do you work on the remote machine or do you proxy chain your traffic from your machine to the remote machine?
Thanks for the Vid! I have just started programming and currently learning python, I have gone through quite a few tutorials and a lot of people have been suggesting to me that I should start a project asap so that I can try and apply what I have learnt so far into making something practical. I have been thinking for a while now whether I could start a project related to cyber security as this is the field that I am more interested in. What do you think? If you think that it's not half bad of an idea, would you mind suggesting a couple of feasible projects ideas? Thanks Cyber Mentor!
Great video with lots of useful info. Quick question from someone who's interested in starting out - can you dive straight into testing web apps, without any previous pen testing experience, or is it better to firstly start off with networks?
Yes. Web apps are their own separate thing. A lot of similar methodology, but the tools and exploits vastly differ. There are people who only know how to do web apps, for example
LEDs... so hypnotic O.o.O.o
Glad you like them :)
You’re living my dream life!
After one year now he have 141k Subscribers. Great 👍
At the external penetration section you are talking about network pentesting. Does that mean that you are trying to break in or find vulns on wi-fi networks? Or do you mean like a server? Can a server be considered as a network?
Btw nice and informative video :)
Great video bro!
Do you vpn into a shared workspace from home and then do assessments into client networks from there? Or do you use your own tools on your rig and vpn into client's network(for inteneral) and do your assessments?
No either the client whitelists my IP (external testing) or I send a machine and remote into it. The machine automatically phones home on a VPN.
Can you switch from software testing to penetration testing? What would be the first steps, courses or is there a course that covers the main subjects and includes certification?
thnks you so much! it was motivational for me and also informative too. Great video
Hi, I'm an aspiring Pen-tester. I would like to know more about Penetration Testing job. Do you usually work alone or do you have a pentest team. One more question, as a pen-tester do you have to know how to pen-test into everything... lets say, the network, software, system, people (social engineering) or is this divided into the teams?
I may have missed it but how important is Wireshark or a packet analyzer to your assessments? I couldn't imagine not firing Wireshark up when doing an internal pentest at least
Great info buddy!
Thank you
Beautiful... this was a super good video.
Thank you, Davy!
I'm getting into your Udemy course!
Amazing the difference 4 years make
Very informative Heath. Thank you!
Thanks as always, Cristi
Hey awsome video 👍 Can you guide us on the certs and their importance?
Thank you. Check out this video for that: th-cam.com/video/MM7qPnJSnLQ/w-d-xo.html
Hi. Excellent video and info; Appreciated. I am in a very high paying IT field but want to transition in to CyberSec and create a company to do so (like I have done in the afore-mentioned field). However the bottom line dollar amounts will dictate if it is feasible.
- Could you please give us an idea of what the industry average is for the 40hr assignment you mention (what range is feasible to charge the client)
- how does one find clients initially?
Going to a cybersecurity bootcamp soon, and after gaining my experience + certs + even more learning, I hope I can become a Pen Tester. Love the video
We need a update
@@moodz271 Well I finished my bootcamp in November 2021, and I just passed my Sec+ cert this week. Looking at this comment I left months ago made my day from the progress I've made since then lol
@@skeppy8925 !!!! Congratulations
@@skeppy8925 congratulations bro. Hope the journey has been enriching?
@@skeppy8925update?
This is very helpful!
Simply put... Thank you
Alright this is definitely not the question I want to ask you but when you mention your Alfa card, you also say GPS dongle ? I just wanted to know the uses of a GPS dongle on an internal/external pentest ? I still have another important question for you , its about my career. Is there an inbox where I can send you a short message ? Its not crazy personal or anything I just do not feel comfortable putting information like that on TH-cam. Thanks
Hi, thank you for your awesome content, is your course for ethical hacking (the 25hours one) ok for completely newbies, please?
Great video, If you need a idea maybe focus on making that magical connection from external to internal networks, I understand what you said about credential stuffing and possibly coming over a vpn but if that is not possible what do you do social engineering or physical pentesting? Try and expand on that? I am not sure if I missed the video, I still need to watch all of your training video.
Thanks for the ideas :) I do have a couple of videos discussing credential stuffing and alternative ideas. In most assessments for an external, social engineering is out of scope. That and physical pentesting fall under their own category unfortunately.
@@TCMSecurityAcademy I am in charge of our cybersecuriy and wow everything can be so overwhelming, I am studying evey min I can if I am not busy responding or investigating alerts from our SIEM/AV/Firewall your vids is helping allot.
Your Purple teaming idea has opened a new way of thinking.
Thank you for the kind words sir. I really appreciate it
On the video with Chuck you mentioned that you worked at a help desk early on in your career, how long did you do that for?
About a year and a half. If you're curious about my journey into infosec: veteransec.com/2018/09/11/how-i-landed-my-first-infosec-job-in-a-competitive-market-advice-and-takeaways/
Hey dude, since you took the WAPT course lemme ask you something! I just started my journey trying to change careers and I'm doing the PTS while also following your series and reading a book here and there. Ideally I'd love to do both PTP and WAPT afterwards, but money and time being an issue, what do you reckon would be the best next step? Web apps pentesting seems a bit more promising money-wise, but being well rounded is also pretty nice. PTP apparently goes into web pentesting as well, but I'm not sure how deep or how the two courses overlap. Maybe taking the PTP and reading The Web Application Hackers Handbook is enough to kickstart a career? Anyway, haha, I'm writing too much already. Would love to hear your ideas! Thanks :)
Howdy. Start with PTP and build a hacking foundation first. The web app can come later. I think doing PTP + WAHH is a great idea. If you're passionate about web apps after that book, give the WAPT a go. It's a fantastic course, but definitely get some general pentesting chops first.
Yeah I agree with TCM, I passed my PTS and then moved straight on to OSCP and just grinded and eventually passed. I'm now doing PTP and find it sooooooo useful! There's so much in PTP that can be put to use in real pentest engagements
I just recently started my course in cyber security, not much fun just all theory. I really like what you do and what would your advice be for starter pen tester?
Great video! A lot of good information.
Recently purchase Burp Suite to expand my technical skills.
Awesome. It's such a great tool!
For someone starting off in school on this path, do you think it’s better to have a windows computer or MacBook?
I’ve always been interested in pentesting and cyber-security overall, I’d say it’s my passion and know a little bit of it. I went to college for IT Engineering but I decided to drop it after 3 years since it was not giving me the tools I needed and just felt like I was wasting time I could spend learning new stuff or working and saving money, plus it was outside the US and it was not the level of knowledge I thought it would be. It’s been almost a year, I’m in the US, I’m 24, I have a decent job in Marketing as a PPC Analyst but I still think about it on a daily basis if I should still aim for a job like this. My question is, do you think it’s too late to get in the field? Do I need a degree or can I work in strong certifications to get a good job in it?
It's never too late. Check out my story: veteransec.com/2018/09/11/how-i-landed-my-first-infosec-job-in-a-competitive-market-advice-and-takeaways/. I left accounting at 26 and worked my way into cybersecurity. I make close to triple now in 3 years. If you work hard and stay motivated, nothing can get in your way. A degree doesn't matter if you have the knowledge.
It's Never too late
...Never
@@TCMSecurityAcademy do you have a degree? Certs? I am just getting started and am wondering what is the best path
Would you say you regret going to college was a waste of time and money?
17.00 you made me laugh so much with the consideraions about the cat 😂😂😂
do you travel a lot to do on location assessments? Great Vid Btw!
No I work remote unless absolutely impossible to do so
Hi, what type of certificate do you recommend to take and if they are necessary
Hi @Cyber Mentor. Would you please also give us some advise about the computer equipments? The VM solution for Kali is very slow and specially with dirbuster it goes for 4-5 hours. Could please advise me how I can achieve best result ? How to build a training lab. Thank you so much for all your videos.
Thanks for the video, i also read your story and found it fascinating how you left accounting to get into IT. Very motivational since i'm in a similar fork in my life, and am about to pull the trigger on switching careers. You said you landed a help desk job by convincing them you're worth training; any tips on what certifications or skills i should acquire in order to land a help desk job? I don't have anything on my resume to show for (construction work for 10 years), but i have a lot of time and dedication.
Thanks. I didn't have any skills or certifications. Just confidence that I could do the work, which I think helped. You have to find someone willing to take a chance on you. If you want a leg up, the A+ will help immensely with your basic computer knowledge and troubleshooting skills. It will also help land an entry level job.
@@TCMSecurityAcademy got it, people were saying the a+ is unnecessary but for someone with no experience i think its better than nothing. And i know every jobs has its hardships, but are you satisfied with choosing cyber security in the IT field, or would you take a different path looking back on it
With you working from home primarily how do you go about wireless assessment? Do you deploy a machine and network card to the client site and remote into it?
I usually go on site for a wireless, but we are starting to figure out that even that can be done with a deployed machine. :)
Hi, as beginner in cybersecurity, how do you setup your laptop? How do you secure it from being hacked?
I threw all your recommended books into an Amazon shopping list. Working on my eJPT and I feel like there's a lot I still just don't know. Just tired of being n00b and I want to be at least decent before my 30th bday...
Now my only question is whether I should get all physical copies or should I get a Kindle and put them on there...?
what laptop do you recommend for a part time pentester and cyberseucurity professional
Your course on udemy on ethical hacking the preview part is not working,.
Your cpu is mind blowing and terrible monster thing awesome
2:35 Would a security researcher/exploit developer follow a similar 'methodology'?
Damnnn Black and Blue Bugatti Chiron huh, mans out here FLEXIN
Hey man i had to drop out in highschool becuase of personal reasons i dont have my grade 8 or amything im supposed to be in grade 10 this year and i want to become a pen tester its always been a goal of mine i bought 2 courses of of udemy and i was wondering am i able to get a job as a pentester without school ... if so i want to do it online cuz i live in south africa and there arent alot of jobs here so could i work overseas from here in sa and where do i look for jobs its alot to ask im just wondering and also do i have to freelance and look for clients or do i work for a company
Is it possible? Sure. It's going to be an uphill battle though. You're going to have to prove you're knowledgeable on the topic and have the drive to stay focused and finish tasks at hand. School is only partly for education. It also shows you're able to finish what you started. I don't know your situation, so just focus on being the best version of you that you can be. Start working on Hack The Box and other cheap resources. If you can get to a really high level, even Omni, you might get taken more seriously through their job boards. That's just one thought path. There are many avenues in, but they all consist of hard work. Remote is also possible with a ton of patience and good skill level. It will be hard to obtain as a first job, but it's possible because I did it :)
@@TCMSecurityAcademy thanks man i was worried i have money saved up for couses i just wanted to know if its possible aprecuate it man im subbed now :)
A video idea maybe is to show wbat is required to be a pentester what knowledge is required i jave been messing with linix since i was 13 its just a idea if youre interested
@@jaydeecrous4404 You mean....like this one? th-cam.com/video/MM7qPnJSnLQ/w-d-xo.html :)
out of curiosity is penetration tester the same thing as a security engineer?
Titles are kind of overrated. It's more about the job description. Typically, no. However, I know people working as security engineers who do pentesting.
What's your opinion on becoming a pen-tester with automated pen-testing emerging. Companies would want to purchase a.i testing as it's faster, makes less mistakes than humans and is a 1 off cost in some cases. Is the future of pen-testers doomed like factory workers? Software from companies like pcysys/netsparker
For physical Assessments, social engineering, won't the workers know who you are or is it a freelance job?
hey great content in your channel new sub here!...one question im gonna take your zero to hero course but i'm trying to hackthebox do u think i can get it? or i need to study more from some books? ....i'm gonna try to do this as my main job and thanks again!....sorry for my english i'snt my native language saludos from venezuela!
Put in the work and anything is possible my friend
Bro make a video on bsc cybersecurity and it's syllabus
How much traveling does the average pentester do? I'd want to be a consultant for different companies!
Excellent video. What is the day like when you don't have an engagement, what do you do, do you get paid for those days or only per engagement?
Ah, I knew I left something out! We call that "bench time". Yes, we still get paid. Perfect time to write a blog, study for a cert, read some news, build a new tool, etc. :)
@@TCMSecurityAcademy or make a cool video helping others!
That too :)
Subscribed, SMASHED the like button.
Welcome :)
Hi there! Im currently finishing up my comptia security+, looking to get into entry level security first. I always wanted to be pen tester. Im sure once I get experience in security I will move forward into ethical hacking.
Question: my goal is to work on remote access and travel the world. Is that possible or difficult to achieve as security analyst or ethical hacker? Thx in advance.
Bro this is the most relatable comment I've seen in a long time. I'm literally finishing up my security+ exam and planning on taking the test in the next 2-3 weeks. And I'm planning on getting into entry level security and am Interested in pen testing as well. I also have the same dream/plan to work remotely while traveling to different countries. Did you figure out more about this and do you know how it works?
@@Haidderispro I actually got the job in cyber security 13 months ago. So far they don't let me work remotely due to security reasons. At this point I am not sure if it's possible to work remotely in cyber security somewhere else. I think coding is easier to work on remote access.
@@aleksandarrikic9208 Thanks for the response and I was thinking that could be a possibility. I know people who work remotely but don't know if they can work outside the country. Maybe its dependent on the type of company though.
@@Haidderispro on top of everything cyber security is very stressful and boring. be well aware if you wanna step into this.
Thank you for this video. I'm a junior in University majoring in Cyber security. This year I plan on (hopefully) getting an internship. My ultimate goal is to be able to work from home, so hearing that's what you do is reassuring. Do you set your own schedules? I'm more of an early bird so I like to begin my work around 4 a.m or 5.
I set my schedule around my clients, which is pretty flexible
@@TCMSecurityAcademy looking for a mentor
Thanks a bunch!
Working on my CCT and CCNA, also an A+ cert then some python and a degree in Network Administration, I really like the idea of trying to crack stuff... what should I do next education wise
DonGaming phd in theoretical physics
Yesss Ava is so cute! =^..^= Great video, thanks
She's the best haha
What about like physically pen testing (really any pen testing/cyber security position that doesn't have you sitting at a desk all day).. is there a position that mostly does that?
I think that’d be red teaming tbh
Could you please share the checklist that you use?
Would you say you enjoy your job? Do you work for a company that contracts you to other businesses? Like do you have to travel to businesses around the area
I work for myself now and I did enjoy my job at the time of the video. Companies pay to do pentest work as a consultant not a contractor (in my work experience). I did not travel much and now only travel if the client wants me there. Usually they dont want to front that bill :)
Too bad the coupon has expired. Would love to enroll in your Udemy course to learn the hacking techniques
I tried computer system technician program and I failed and hated it. And I love technology but that program messed me up. Cybersecurity seems to be something up my alley, do you think I should go for certification or a diploma? Id rather not waste money on diploma and just get a cert
What's your favorite password cracker ? I'm definitely no hacker but I here Cain and Abel is great as you can test for a MITM attack, arp poisoning ...etc. Also what DoS [Denial of Service] tool do you prefer most to see if a client has good DoS mitigation ?
Hey hope you are good. I am 38 and just in the process of retraining from a completely different career into IT.
I am working towards cyber security qualifications, am I too old at 38?
So i want a career in this what steps as far as courses or taking classes that i need
super video sir thank you
You're welcome!
Do you do any programming in this field?
Security Researchers have a lot of hacking tools... And those tools are used by Black Hackers as well.
Nice vid!
Thank you :)
Do you do any risk assessments? If so can you talk about them
Yes, but it's really rare. The ones I have done were checklists provided by a client for compliance purposes. You fill out the checklist like an audit.
We also sometimes do console assessments where we review security postures (take a firewall for example) or cloud assessments, which also assesses security posture.
These are all few and far between, so I dont count them as day to day. Some shops might not do them at all.
@@TCMSecurityAcademy More people should do them. Especially osint risk assessments. Osint is one of the first things I go to for pretty much everything. I want to be a pentester (social engineer) after I get done with school. (I'm doing my AAS in network engineering then hopefully a BAS in Cybersecurity at my school.)
I am bought your Udemy coure
Is there Level in PenTest? Like entry-level
I think I saw you in a Linux course, are u a teacher? The content was amazing I’m pretty sure it was you XD