Ethical Hacking and CompTIA PenTest+ Exam Prep (PT0-002)

1. Welcome to the course

Let's take a quick sneak peek into the course.

2. Introduction to the CompTIA PenTest+ (PT0-002) Course

This video talks about what is covered in the course and what is covered on the CompTIA PenTest+ exam and gives an overview of the ethical hacking topics covered in the course.

3. About the CompTIA PenTest+ (PT0-002) Exam

In this video, we will discuss the CompTIA PenTest+ (PT0-002) exam.

1. Planning a Pen Test

Pen tests are large projects and must be planned for accordingly, or else it's easy for them to get out of scope and become more work than you initially thought. Understand the importance of planning and scoping an engagement using strategy, project management skills, and pen testing resources.

2. Rules of Engagement

Pen tests are risky at best and can violate security rules or even legislation at worst. Learn how to establish rules of engagement with your client including understanding who they are, what the target limits are, what the test scope is, and who to communicate with should something go awry during one of your attacks.

3. Regulatory Compliance

Legislative bodies and industry organizations may require certain organizations to comply with requirements to avoid sanctions or carry out business functions. Pen testing is one way to determine if an organization's policies and controls comply with pertinent requirements. Two common compliance requirements that mandate pen tests are PCI DSS and GDPR.

4. Resources and Budget

There are important factors to consider before you even begin your first attack. Planning out and discussing the resources, requirements, and budget with the client is key to a successful engagement. You need to consider who will provide the resources, like the hardware and software, since each of these costs money. Establish the budget from the beginning and assign a value to every part of the test, including the cost of your time.

5. Impact and Constraints

A pen test is more than just a simple test; it's a large-scale engagement.?Before you begin, you need to explain to your client what the impact of the tests?might?be. If they have any constraints,?such as not attacking a production server,?they should make you aware of?them?since the result could be catastrophic for the business if it went down during one of your attacks.

6. Support Resources

It's important to know what resources you can use to?be able to successfully attack your targets. This is where software development tools come in handy since they can shed light on the inner workings of an application, allowing you to exploit a possible vulnerability. Learn about WSDLs, WADLs, SOAP project files, SDK, Swagger, and XSD documentation, sample application requests, and the importance of network architectural diagrams.

7. Legal Groundwork

Many activities in a pen test are technically against the rules?and?policies, or?even?illegal.?You need to make sure you're covered legally so you don't get in trouble for?doing?something?during an attack that your client?isn't aware of. This video covers the basics of SOWs, MSAs,?and?NDAs,?the?differences?between?environments,?nations, cultures, and corporations, and getting written permission to perform the?tests so you don't get into trouble later.

8. Service Provider Agreements

A Service Level Agreement (SLA) is an agreement between a customer and a service provider that should include both requirements and limitations on pen testing activities.

9. Standards and Methodologies, Part 1

A comprehensive pen test addresses as many aspects of an IT infrastructure as possible and satisfies all of the testing requirement goals. Using industry-accepted pen-testing standards and methodology helps pen testers avoid missing critical areas. Two common pen testing frameworks are the MITRE ATT&CK framework and the OWASP resources.

10. Standards and Methodologies, Part 2

Several organizations publish standards for pen testing to help pen testers plan exhaustive tests, including NIST standards and frameworks, OSSTMM, PTES, and ISSAF.

11. Environmental and Scoping Considerations

When scoping pen-testing activities, planners should consider the environment in which the test will run, including network architecture, applications running, cloud versus on-premises components, off-limits components or segments, and the type of assessment to be performed.

12. Ethical Mindset

Since pen testers possess the skills and tools to carry out attacks that could cause substantial damage, it is important to require the utmost ethical behavior from all pen test team members.

13. Lab Environment Setup

This video walks you through how to create a lab environment where you can practice your pen-testing skills. Learn how to set up the virtual machine manager Oracle VirtualBox and install virtual machines within it including the toolkit of all toolkits, Kali Linux, and two intentionally vulnerable VMs where you can practice attacking a system, called Damn Vulnerable Web App (DVWA) and?Metasploitable.

14. Project Strategy and Risk

A black-box pen tester is someone who knows nothing going into the engagement, and a white-box pen tester is more like a company insider who has a certain amount of knowledge before they begin.?Whichever way you plan to play the role, these are some of the considerations you will need to figure out before you begin your pen-testing.?Are you whitelisted or blacklisted??Do you know the layers of security controls your client has??How invasive will the test be? Learn the?nuances of how to strategize your engagement?and prepare the client for the possible risks involved.

15. Scope Vulnerabilities

As you continue to plan out your pen test, you will need to?lock in the schedule?and make sure you won't run into scope creep. You will also want?to hone in on what type of attacker you are and what your motivations are for attacking. Are you an advanced persistent threat with lots of resources? Or perhaps a script kiddie, hacktivist, or an insider threat??With all this information, you can build your threat model, a?valuable?map for?what assets you're going to use, and what specific targets you will be attacking?that will help guide you through the next steps in your pen test.

16. Compliance-Based Assessments

Compliance-based assessments are?a bit different than any other type in that?standards and regulations outside the client's control?can change how a pen test must be conducted. Learn how to?recognize?some of these constraints and how to incorporate them into your pen test plan.

1. Scanning and Enumeration

It's important to survey the environment and gather all the correct information to determine where any vulnerabilities might lie. By using techniques such as scanning and enumeration, you will know exactly where the weak points are on a network and how to classify them?to launch the appropriate?attacks.

2. Scanning Demo

Now that you know what surveying and enumeration are, it's time to put that knowledge into action. Running?Metasploitable?on a virtual box, you will learn how to use, Nmap, ping sweep scan, ARP Scan, and?whois?lookup to determine which targets are the easiest to get to.

3. Packet Investigation

If you don't get a response from a host after an initial scan, you can use additional tools to find out more information. Learn how to use packet crafting to create specific network packets to gather or carry out attacks. Also use packet inspection, fingerprinting, cryptography, and eavesdropping to gather information and determine what traffic is being sent.

4. Packet Inspection Demo

Many functions of a pen test are only as good as the tools you have available to you. In conjunction with Metasploitable, learn how to use Wireshark, a free and useful application for information gathering and packet inspection, to break down exactly what's happening inside each packet sent through the network.

5. Labtainers Setup

Labtainers is a self-contained open-source cybersecurity lab environment with dozens of hands-on labs that are easy to access. We will use the labtainers environment for the labs you will explore throughout this course.

6. Labtainers Lab (Wireshark)

The Wireshark labtainers lab introduces students to the process of analysing network traffic using the freely available Wireshark tool.

7. Application and Open-Source Resources

Sometimes, to go forward, you must go backward. Understand how you can use code decompiling and debugging to work backward and learn a program's secrets and weaknesses to determine the best way to exploit them. Learn the resources you can use to dig into web application code and how that information can benefit you when planning your attacks.

8. Passive Reconnaissance

Before launching any attacks, an effective pen tester learns about the target environment by carrying out reconnaissance on the environment to identify potential weaknesses. Passive reconnaissance describes activities in which the pen tester uses external resources to learn about a potential victim.

9. Active Reconnaissance

Another part of the reconnaissance process is digging into a target's infrastructure to learn more than external resources may yield. Active reconnaissance describes the process of querying a target environment resource and sending specially crafted network packets to examine any responses. Active reconnaissance is easier for a target to detect but often yields better information that a pen tester can use to devise an effective attack plan.

10. Vulnerability Scanning

There is no shortage of known vulnerabilities on any computing devices, but how do you match known vulnerabilities with your target's weaknesses? By applying a structured approach, you can find out if specific vulnerabilities exist on a target. Learn about discovery scans, full scans, port scans, stealth scans, and compliance scans.

11. Vulnerability Scanning Demo

Now that you know the various methods for testing vulnerabilities, see exactly how to use stealth scanning, port scanning, OS fingerprinting, and OpenVAS to assess vulnerabilities.

12. Labtainers Lab (Network Basics)

The Network Basics labtainers lab introduces students to basic networking concepts and protocols, including ARP, ping, and TCP/IP.

13. Labtainers Lab (Nmap Discovery)

The Nmap Discovery labtainers lab introduces students to the Nmap utility and how to use Nmap to locate an SSH server on a network and also to discover the port number being used by the service.

14. Target Considerations

There are some very important considerations to take into account when planning an attack. Learn the importance of finding out whether you're attacking a physical machine, virtual machine, or container and what the best analysis tool is to use. Learn how to map targets to business value so you can focus on what vulnerability will hurt the business the worst.

15. Analyzing Scan Output

Collecting intelligence about a potential target is only the first step. A pen tester must also be able to analyze the output from reconnaissance activities. Understanding what reconnaissance output contains is a critical part of selecting effective attacks in pen test planning.

16. Nmap Scoping and Output Options

As a pen tester, the Nmap command will be one of your greatest tools. It is a network mapper with numerous options. Learn how to detect the operating system of a machine, conduct stealthy scans, determine the service and version information, enumerate targets, and output the scan results into several different file formats.

17. Nmap Timing and Performance Options

Being fast is normally great, but as a pen tester fast can mean creating a lot of network traffic, unintentionally alerting your target that something is happening. When you need to fly under the radar, use Nmap (along with a helpful cheat sheet), to help you stealthily apply your vulnerability scans so there's less chance of being detected.

18. Prioritization of Vulnerabilities

You've ranked your assets, vulnerabilities, and exploits, now it's time to make a priorities list and leverage that information to plan your penetration tests. Use powerful Nmap scripts to map those vulnerabilities to potential exploits.

19. Common Attack Techniques

There are many pen testing techniques and often they are used together to successfully attack a target. Learn some of the more common attack techniques such as exploit modification, exploit chaining, social engineering, credential brute-forcing, and enlightened attacks.

20. Automating Vulnerability Scans

Since many pen-testing activities are interactive and are repeated multiple times with slight input variations, automating as many of the pen tests as possible increases efficiency and reduces human errors. Explore options to automate any tests that are part of a pen test plan.

21. Credential Attacks

This video walks you through the process of a brute force attack. With a list of usernames and passwords, an IP address, and a port number, you will see how the Hydra tool can help you become an authorized user.

22. Labtainers Lab (Password Cracking)

The Password Cracking labtainers lab introduces students to password basics and how to carry out elementary password cracking attacks.

23. Labtainers Lab (Secure Socket Layers)

The Secure Socket Layers labtainers lab introduces students to the use of SSL to authenticate both sides of a connection, including creating and signing certificates using a CA.

24. Labtainers Lab (Routing Basics)

The Routing Basics labtainers lab introduces students to a simple routing example with two LANs and an Internet connection via NAT.

1. Exploit Resources and Network Attacks

Effective pen tests are those developed from the most comprehensive planning efforts possible. Pen testers should incorporate as many exploit resources, such as exploit databases and online resources as possible. Having a large repository of exploit input information makes it easier to chain exploits together and carry out more sophisticated attacks, such as network password attacks.

2. Network-Based Exploits

This video covers a high-level overview of the various network-based protocols and their vulnerabilities. These include NETBIOS Name Service (NBNS), LLMNR (Link-Local Multicast Name Resolution), DNS and ARP poisoning, SMB (Server Message Block), SNMP (Simple Network Management Protocol), SMTP (Simple Mail Transport Protocol), and FTP (File Transfer Protocol).

3. FTP Exploit Demo

In this video, learn how to launch an FTP attack in Kali Linux. You will start by using the vulscan option in Nmap to identify vulnerabilities within specific ports and IP addresses. Then explore the databases in the Metasploitable framework to find the specific exploit you will want to use. Finally, you will launch the Metasploitable framework console, type in a few commands, and let Kali execute the exploit for you as you sit back and watch the pen testing magic happen.

4. Man-in-the-Middle Exploits

You don't have to be on the client or the server side to exploit a target. Man-in-the-middle attacks put the attacker in between the communication as a proxy to steal the network packets as they're passed back and forth. These include DNS cache poisoning, ARP spoofing, pass the hash, replay, relay, SSL stripping, downgrading, DoS, NAC bypass, and VLAN hopping.

5. Labtainers Lab (TCP/IP Attacks)

The TCP/IP Attacks labtainers lab introduces students to TCP/IP protocol vulnerabilities, including SYN flooding, RST attacks, and session hijacking.

6. Labtainers Lab (ARP Spoof Attacks)

The ARP Spoof Attack labtainers lab introduces students to the use of ARP spoofing for Man-in-the-middle attacks.

7. Labtainers Lab (Local DNS Attacks)

The Local DNS Attacks labtainers lab introduces students to DNS spoofing and cache poisoning on a local area network.

8. Labtainers Lab (MACs and Hash Functions)

The MACs and Hash Functions labtainers lab introduce students to cryptographic hashes and the potential for hash collisions.

1. Wireless Exploits

Because wireless communication uses broadcast technology, essentially sending your data packets in every direction for anyone to grab, it makes it a great target for attackers. Learn how to use tools like Aircrack-ng and Wireshark to sniff and grab packets. Also understand the different types of attacks available to you, such as evil twin, deauthentication, fragmentation, credential harvesting, exploiting WPS weaknesses, Bluejacking, Bluesnarfing, RFID cloning, jamming, and repeating.

2. Wireless Exploits, Part 2

As more and more users depend on wireless communications to connect to network resources, attackers have developed more sophisticated attacks on wireless networks. Some newer wireless attacks include those focused on data modification, data corruption, capturing handshakes, and on-path, or man-in-the-middle attacks.

3. Antennas

Regardless of the hardware and software used in wireless pen tests, the right antenna can increase the chance of a successful network compromise. Purpose-built and amplified antennas can allow a pen tester to attack a network from farther away than when using off-the-shelf wireless adapters.

1. OWASP Top 10

The OWASP Top Ten is a list of the top ten most commonly encountered web application risks. Understanding and recognizing the most common errors helps pen testers select attacks that have a higher than average chance of success.

2. Application Exploits, Part 1

Applications are great targets to attack, especially if you're trying to disrupt communication with DoS, or if you're looking to exfiltrate or destroy data. This video covers injection attacks, which are essentially inserting additional data beyond what the application is expecting to make it give you some information or perform some action for you. These include SQL, HTML, command, and code injection attacks.

3. SQL Injection Demo

As a pen tester, you can get web apps to give you all kinds of information by leveraging mistakes developers make during the development phase. After configuring your DVWA to make sure it's extra vulnerable, you will learn how to type commands into a seemingly benign data form box to make the web app respond back with extra database information, and even run a script to make a dialogue box appear.

4. Labtainers Lab (SQL Injection)

The SQL Injection labtainers lab introduces students to SQL injection attacks and countermeasures.

5. Application Exploits, Part 2

The beauty of applications is they already have access to databases, all you have to do is figure out how to exploit the vulnerabilities to get to that information. This video covers authentication attacks such as credential brute-forcing, session hijacking, redirecting, as well as exploiting default or weak credentials and Kerberos tickets. It also covers authorization attacks such as parameter pollution and insecure direct object reference.

6. Application Exploits, Part 3

In this final episode describing application exploits, you will learn about another application injection attack called Cross-Site Scripting (XSS) which attacks the server, and its similar cousin, Cross-Site Request Forgery (XSRF/CSRF) that attacks the user. You will also discover how to launch passive attacks just by exploiting security misconfigurations, including directory traversal errors, cookie manipulation, and file inclusion.

7. Cross-Site Scripting Demo

Pen testing is often trying one thing, tweaking it, and trying again. Back in our lab environment, you will see Cross-Site Scripting (XSS) attack carried out using Kali Linux and the Damn Vulnerable Web App (DVWA).

8. Labtainers Lab (Cross-Site Scripting)

The Cross-Site Scripting labtainers lab introduces students to Cross-Site Scripting (XSS) attacks on a vulnerable web server.

9. Labtainers Lab (Cross-Site Request Forgery)

The Cross-Site Request Forgery labtainers lab introduces students to Cross-Site Request Forgery (CSRF) attacks with a vulnerable website.

10. Code Vulnerabilities

There's more to pen testing than exploits and vulnerabilities, a good pen tester has a broad knowledge base of computer systems as well. Part of that is a general understanding of how applications are coded. When developers write applications, they may use practices that make it easier for them to write code, but also make the application unsecure. In this episode, you will learn what some of those common unsecure code practices are.

11. API Attacks and Attack Resources

Increased reliance on distributed applications means more API use and more vulnerabilities related to APIs. Pen testers should understand RESTful, XML-RPC, and SOAP API weaknesses and attacks, and understand how to use resources such as word lists in attacking services.

12. Privilege Escalation (Linux)

In order to access systems and files in Linux, you need privileges. One way to do that is to leverage Linux's SUID (Set User ID) and SGUID (Set Group ID) capabilities. In this episode, you will find out ways to escalate your privilege using various executables.

13. Privilege Escalation (Windows)

Windows OS also has the issue of privilege escalation. As a pen tester, you can use this to your advantage by finding ways to access credentials stored in Cpassword, LDAP, LSASS, and SAM databases, among others. You can also take exploit Kerberos tickets by Kerberoasting, or force malicious DLL modules to load with DLL hijacking.

14. Misc. Privilege Escalation

There are a few other Windows OS vulnerabilities you can exploit to gain higher levels of privileges. In this video, you will learn about unquoted services paths and writable services in Windows Services. You will also learn the weaknesses of applications as well as another tricky way to access credentials: using a keylogger.

15. Misc. Local Host Vulnerabilities

Continuing the conversation on possible vulnerabilities you can exploit as a pen tester, you will learn about how often default accounts are rarely changed or disabled, making them a perfect target to attack. Yet another way to gain access is to escape sandbox environments such as VMs and containers. Finally, you will learn about physical device security such as cold boot attacks, JTAG debuggers, and serial consoles.

1. Cloud Attacks, Part 1

Cloud computing is more popular and complex than ever, and attacks on cloud environments are more prevalent than in the past. Pen testers should be familiar with common cloud attacks including credential harvesting, privilege escalation, account takeover, metadata service attacks, and misconfigured cloud assets.

2. Cloud Attacks, Part 2

In addition to an awareness of general cloud attacks, pen testers should be familiar with specific cloud environment attacks including resource exhaustion, cloud malware injection, DoS, side-channel, and direct-to-origin attacks.

1. Mobile Attacks

Mobile devices have unique characteristics and unique vulnerabilities that could lead to successful attacks. To help protect mobile devices you will learn about reverse engineering, sandbox analysis, spamming, other mobile-specific attacks, and tools that can help assess and secure mobile devices.

2. IoT Attacks

IoT popularity has exploded and so have potential attacks on these often vulnerable devices. Pen testers need to understand BLE attacks, fragility and availability concerns, data corruption and exfiltration attacks, and other IoT-specific vulnerabilities.

3. Data Storage and Management Interface Attacks

Data storage systems may look like generic computers of devices, but they often have their own types of vulnerabilities that attackers can exploit. In this section you will learn about data storage misconfigurations, lack of input sanitization, software, and exception handling issues, injection vulnerabilities, as well as vulnerabilities that are specific to IPMI systems.

4. Virtual and Containerized Environment Attacks

Virtualization is a foundation of today's IT environment, both as the basis of cloud computing, as well as in common use within organizations and even on personal computers. In this section, you will learn about virtualization vulnerabilities, including VM escape, hypervisor vulnerabilities, VM repository vulnerabilities, and vulnerabilities related to containerized workloads.

5. Labtainers Lab (Industrial Control System)

The Industrial Control System labtainers lab introduces students to using the GrassMarlin tool to view traffic you generate interacting with a PLC.

1. Pretext for a Social Engineering Attack

Although well-executed social engineering attacks can be some of the most devastating attacks to any organization, they aren't always the best choice. An important step in planning any social engineering attack is determining whether such an attack makes sense. In this section, you will learn about identifying the proper pretext that leads to a successful social engineering attack.

2. Remote Social Engineering

Social engineering takes advantages of one of the greatest vulnerabilities of a client - the people who work there. As a pen tester, one of the easiest ways to gain access is by tricking authorized users into giving up sensitive information. Learn about the basics of phishing, including spear phishing, SMS phishing and whaling.

3. Spear Phishing Demo

Now that you understand what social engineering attacks are, learn how to use Kali Linux to launch a mass email spear phishing attack with a few simple commands.

4. In-Person Social Engineering

In-person social engineering attacks are usually successful because people often want to be helpful and will rarely say "no" to someone face-to-face. These include elicitation, interrogation, impersonation, shoulder surfing, and USB key drops. It's also important to include multiple elements of what motivates people to give up sensitive information such as authority, scarcity, social proof, urgency, likeness, and fear.

5. Physical Security

We've explored many of the technical ways to infiltrate a system through the network or directly at the host level. Physical security, on the other hand, involves gaining access to the actual physical location and the data within it by tailgating, fence jumping, dumpster diving, lock picking, or bypassing locks.

1. Post-Exploitation Techniques

You've planned your engagement, you've chosen your targets and exploits, and you've successfully gained access. Now what? You will want to make it easier to get back in, but also figure out how to move laterally throughout the network. There are a number of OS features that can make lateral movement possible, including many remote access protocols. Learn about these features and see two of them demonstrated: Telnet and SSH.

2. Post-Exploitation Tools

A successful attack should not be the final step. In fact, a successful attack is often just the beginning of a string of subsequent attacks. In this section, you will learn about the Empire, Mimikatz, and Bloodhound post-exploitation tools that help pen testers to keep an attack going to see how far they can get.

3. Network Segmentation Testing

Since several compliance requirement compels network segmentation, testing for segmentation should be a part of every pen test. In this section, you will learn about testing networks to validate segments by using ICMP, TCP, and UDP scans.

4. Persistence and Stealth

Once you gain access to a system, you're going to want to stick around without alerting anyone that you're there. This is what it means to be persistent as a pen tester. You will also want to be able to make it easy to move around within the system, and to get back in. There are many ways to accomplish this, and in this video, you will learn about running scheduled jobs or daemons, creating back doors for easy access using trojans, or even creating a user with higher privileges. In order to remain undetected, it's also vitally important to cover your tracks.

5. Detection Avoidance Techniques

Although avoiding detection is desirable it isn't always easy. In this section, you will learn about a few techniques to continue an undetected attack for as long as possible. You will learn about living off the land using PsExec, WMI, PowerShell remoting and WinRM, as well as data exfiltration, covering your tracks, steganography, and covert channels.

1. Report Writing

You've run all your exploits and tests and now you have a list of potential vulnerabilities, but what good is that if you can't clearly communicate what they are to the appropriate parties? For your pen test to be effective, you must be able to communicate your findings and more importantly your recommendations. In this episode, you will learn about some best practices when writing your report; sample report resources and some tips for writing an effective report. Remember your report is your primary deliverable, so you will want to make sure it's right.

2. Important Components of Written Reports

In addition to including the most important basic information in reports, it is important to develop the practice of taking notes and capturing screen shots through a pen test, as well as continually search for common root causes and note any unusual observations of noticeable lack of best practices.

3. Mitigation Strategies

Finding the problems in a system is important, but arguably the most important step is the call-to-action. In this episode, you will learn about mitigation strategies, so your clients can clearly understand how to fix the problems you found. You will also learn how to group your mitigation findings into people changes, process changes and technology changes, to make it easier for your clients to understand. And learn about common findings that seem to pop-up often in pen tests; shared local admin credentials, weak password complexity, plain text passwords, no multifactor authentication, SQL injection, unnecessary open services.

4. Technical and Physical Controls

Recommendations can some in many forms, including technical control recommendations, such as patch management, network segmentation, or key rotation, as well as physical control recommendations, such as biometrics and video surveillance. Pen testers should be comfortable with all types of controls to make the most effective recommendations.

5. Administrative and Operational Controls

Pen test reports should include any administrative and operational control recommendations that would reduce an organization's attack surface. In this section, you will learn about such controls, including policies and procedures, SDLC, job rotation, time-of-day restrictions, and user training.

6. Communication

While running pen tests you are accessing sensitive material and conducting very invasive tests, so what happens if you run into a conflict during your pen test or something doesn't go as planned? Should any abnormalities take place, communication is key factor in keeping your pen test in scope and on target. In many cases, the success of your pen test rests on how well you communicate, internally within your team and externally to your clients. Learn about the importance of identifying clear authority figures, key contacts, conflict resolution, technical assistance, and escalation process.' If you have a clear understanding of these communication principles, you can make sure your client is always comfortable with what you are doing.

7. Presentation of Findings

Each pen test final report should exist in multiple formats, one for each intended audience. The most common audiences for a pen test report are executive, management, and technical audiences. In this section, you will learn about how to give each audience what it needs.

8. Post-Report Activities

Creating and writing a pen test report should not be the end of the project. During a pen test it is likely that testers created documents, collected data, and installed tools in the target environment. In this section, you will learn about some of the steps to take to clean up after the testing process to leave the target environment in the same shape it was in before testing started.

9. Data Destruction Process

Most pen tests collect and generate lots of sensitive, and possible confidential, information. Once all pen test activities have been completed, all generated data should be removed from all environments. In this section, you will learn about techniques to ensure excess data does not persist after a pen test.

1. Using Scripting in Pen Testing

Pen testing can be mundane and tedious work, which can cause people to lose track and make mistakes. Scripting helps document the process while automating the workflow and cutting down on errors. In this episode, you will learn about four different scripting programs: Bash (Bourne Again Shell), PowerShell, Ruby, and Python. You will also be familiarized with: variables, substitutions, common operations, logic, basic I/O, Error handling, arrays, and encoding/decoding.

2. Bash Scripting Basics

Now that you know what Bash, PowerShell, Ruby, and Python is, it's time to get a basic understanding of Bash. By learning what clues to look for you will be able to identify a Bash shell simply by looking at syntax. Each scripting program uses different syntax for things like commenting, variables, and substitutions and by having basic knowledge of this scripting, you will know how to create and identify a Bash script.

3. Bash Scripting Techniques

We've taught you the basics of Bash, now it's time to take a more in-depth view, so you can feel comfortable scripting in Bash. Once you know how to do basic scripting, the production process will become faster and more reliable. In this episode, you will learn about how to make a basic port scanning script using Bash.

4. PowerShell Scripts

You've just learned how to do a port scan using Bash scripting, now you will see how it works in PowerShell. Even though it's somewhat the same functionality, it looks and acts a little differently. After watching this demo, you will have a basic understanding of port scanning using PowerShell.

5. Ruby Scripts

You've seen Bash and PowerShell at work, now let's look at Ruby. Ruby is different because it's much more than a scripting environment, it's a full-blown high-level language. But the danger in that is there is a lot of functionality you could get lost in, so it's important to know and concentrate on the functions that you will need. It's also important to remember, the goal is not to become a Ruby developer, it's to be able to understand what a Ruby script developer might be trying to do.

6. Python Scripts

It's time to wrap up our summary of scripting languages and last on our list is Python. Like Ruby, Python is high-level, multipurpose language. As you've seen in previous episodes, scripting is a great way to automate your workflow and with Python there are an abundant number of resources that make it easy to learn, easy to use, and there are tremendous amounts of pre-written code. In this episode, we continue in our environment, and you will see how Python handles port scanning and how it is similar to the three other scripting languages you have learned about. By now you should be able to recognize syntax from all the four basic languages.

7. Scripting Languages Comparison

We've primarily been focusing on the similarities of Bash, PowerShell, Ruby, and Python by looking at how they handle a port scanning script. In this last episode of the chapter, you will see some specific differences between each of the four environments, a side-by-side comparison of the different script languages and play a simple game to see if you can quickly recognize each of the four scripting languages based on syntax.

8. Data Structures, Part 1

In this section, you will learn about some data structures you can use in programs to store and organize data you use during pen test data collection and analysis. The first three data structures we will cover are JSON, key value, and dictionaries.

9. Data Structures, Part 2

Organizing and exchanging data with other tools can make pen tests more efficient. In this section, you will learn about more data structures for advanced data handling, including CSV, lists, and trees.

10. Libraries

Libraries are collections of functional code that can be called instead of having to write everything from scratch. In this section, you will see examples of using libraries to speed up the development process.

11. Classes

Object oriented development relies on creating and managing self-contained "objects" of data. In this section, you will get a brief glimpse of how classes can be used to encapsulate data and functionality to support modular software development.

12. Procedures and Functions

Software development often includes automating repetitive tasks. In this section, you will learn about procedures and functions, and how each one can help avoid duplicating code in a program.

13. Perl and JavaScript

Perl and JavaScript are both open-source, flexible, powerful scripting languages. This episode covers basic details of these languages, as well as some scripting examples to help you better understand them.

1. Pen Testing Toolbox

There are a number of tools you will need as a pen tester and this episode gives you a high-level overview of the various categories and popular tools within each, including reconnaissance, enumeration, vulnerability testing, credential attacks, persistence, evasion, and examining software.

2. Using Kali Linux

In this episode, you will explore the interface and tools included in Kali Linux, and resources to help you learn how to use this valuable tool in more depth.

3. Scanners and Credential Tools

Now that you've had a quick overview of the tools you will need as a pen tester, we will take a deeper look into each category and explore what each tool does. In this episode, we discuss vulnerability scanning and credential cracking tools, including Nikto, OpenVAS, SQLmap, Nessus, Medusa, Hydra, Patator, W3AF, Hashcat, John the Ripper, Cain, and Abel, Cewl, Mimikatz, and Dirbuster. You will also see a demonstration of the password cracker, John the Ripper.

4. Code-Cracking Tools

Next in our exploration of the pen tester's toolbox are code cracking tools, including debuggers such as OLLYDBG, Immunity Debugger, GDB, WinDBG, and IDA, as well as software assurance tools such as Findsecbugs, Peach, AFL, SonarQube, and YASCA.

5. Open-Source Research Tools

OSINT (Open-Source Intelligence) is any freely available information and can be a gold mine for pen testers. These tools include Whois, Nslookup, Foca, Theharvester, Shodan, Maltego, Recon-NG, and Censys. You will also get to see a demonstration of how to use Whois and Nslookup.

6. Wireless and Web Pen Testing Tools

As a pen tester, you will need to know how to handle wireless networks and devices. Tools such as Aircrack-NG, Kismet, and WiFite can help with monitoring, sniffing, and detecting. It's also a good idea to know how to inject yourself between a client and server as a proxy, and tools such as OWASP ZAP and Burp Suite can help with this. You will also see a demonstration of how to set up a simple proxy connection using Burp Suite.

7. Remote Access Tools

Your main goal as a pen tester is to compromise resources and, unless you're physically at the location where you're attacking a target, that will need to be done remotely. You will need to become very familiar with tools such as SSH, Netcat/nc, Ncat, and Proxychains. This episode will also help explain bind shells and reverse shells and demonstrate how to set up each of them.

8. Analyzers and Mobile Pen Testing Tools

Our world is becoming more mobile. As a result, you will need to incorporate tools that work for mobile devices as well as standard networks. In this episode, you will learn about two network analyzing tools you should have at your disposal, Wireshark and Hping. You will also learn about the mobile tools Drozer, APKX, and APKX Studio.

9. Other Pen Testing Tools

It's convenient to have tools that can perform multiple jobs, but sometimes you need very specialized tools to do something specific. As we wrap up this chapter, you will learn about some of those specialized tools, such as Powersploit, Responder, Impacket, Empire, Metasploit framework, and Searchsploit. You will also see a quick demo of the Searchsploit tool. This is by no means an exhaustive list, new tools come out often, so it's important that you stay up to date as you continue to pen test.

10. Labtainers Lab (Metasploit Framework)

The Mataspliot framework labtainers lab introduces students to using Metasploit on a Kali Linux system to attack a "Metasploitable" host.

11. Labtainers Lab (Wireshark Packet Inspection)

The Wireshark Packet Inspection labtainers lab introduces students to using Wireshark for advanced analysis of network traffic.

12. Labtainers Lab (SSH)

The SSH labtainers lab introduces students to the use of a public/private key pair to access a server via SSH.

13. Scanners, Debuggers, and Wireless Tools

There are a few more tools we will need to cover. As a pen tester, tools will be crucial for you to do your job well. This episode covers more scanners, debuggers, and wireless tools.

14. Web, Steganography, and Cloud Tools

There are a few more tools we will need to cover. As a pen tester, tools will be crucial for you to do your job well. This episode covers more web, steganography, and cloud tools.