Conduct a Penetration Test Like a Pro in 6 Phases [Tutorial]
Вставка
- Опубліковано 23 сер 2020
- Earn $$. Learn What You Need to Get Certified (90% Off): nulb.app/cwlshop
How to Perform a Pentest like a Cybersecurity Specialist
Full Tutorial: nulb.app/z6mnu
Subscribe to Null Byte: goo.gl/J6wEnH
Nick's Twitter: / nickgodshall
Cyber Weapons Lab, Episode 185
Pentesting is the process of simulating an attack on a network and is used to find vulnerabilities that could be exploited by a malicious actor. The main goal of a pentest, or penetration test, is to identify security holes and weaknesses so that the organization being tested can fix any potential issues. In a professional penetration test, there are six phases you should know. On this episode of Cyber Weapons Lab, we are going to take a look at those six steps.
Related tutorials:
Nessus: nulb.app/z3xqb
Postenum: nulb.app/z5osm
Nmap: nulb.app/x4eyg | • Use Nmap for Tactical ...
To learn more, check out the article: nulb.app/z6mnu
Follow Null Byte on:
Twitter: / nullbyte
Flipboard: flip.it/3.Gf_0
Website: null-byte.com
Weekly newsletter: eepurl.com/dE3Ovb
Vimeo: vimeo.com/channels/nullbyte - Навчання та стиль
Can we just appreciate how he puts himself on FBI watchlist just give us good content!
Lemme just *checks list*, yup.. you're on my list too
@@RETRO-DEV wait what😶 😂😂😂😂
@@eyelessclowned oops.. that was public? :/
Someone's in trouble xD
Don't worry about me....
@@zyan983 I'm watching you too buddy
Ooo. A blinker! This is new
@Paul Lombard wdym no one blinks
Paul Lombard it’s a J O K E
@Paul Lombard YOU SIR, DESERVEEEEEEEE r/wooooosh ( ͡° ͜ʖ ͡°)
beats me
What’s worse than people who reply seriously to jokes are people who delete their reply when they get humiliated.
Awesome video. Quick and easy overview of the process and tools. My only criticism is that you should include steps to cover your tracks (clear logs, command history, etc on the target machine)
Man this is the kind of videos we want xD, awesome. More like this but with more dificult vulnerabilities.
You seem to have a gift for explaining difficult topics very well ty
Thank you for explaining this thoroughly!
Thanks for the great videos! good content and explanation.
btw can you make a video on how to set a undetectable VM?
I like how their replies to comments actually sound like a person is talking instead of a over the top professional bot reply.
I reply to comments when I'm avoiding work (Kody). Otherwise, it's Michael, who is less aggressive.
His blogs are awesome!!
Great video. I’m new and don’t understand a lot but I’m getting there! Just set up a raspberry pi with kali to do some experimenting.
Thank you nullbyte
If you study the CEH certification you will learn this more in-depth. Very informative content as always.
Which website do you use to study the CEH certification?
@@khairulazahar5958 I have a course from 2017 that I have lifetime access to. It cost $4500, if you rly want to learn, I’ll hook u up
@@Themusicbiz I would love that!
@@Themusicbiz slide that shit yo
@@csmeby I will say though, it won’t qualify you for the cert. you need to take an updated one. Mine for example covers CEH 9 and they are on 10 now. All knowledge no cert.
Great Video thanks for this.
I'm studying Cyber Security, at a government run College in Australia and I missed my Pen Testing class today due to illness, so I am just curious as to what I have missed, and how it works.
Maaann this guy is the real G.O.A.T
Null Noob question i need to set up a system on my network running Apache to pentest correct?
How can you tell that your being hacked, is there a live view software you can use?
I tried to run nmap -sV -p 80 on my terminal but it shows error says the term 'nmap' is not recognised as the name of cmdlet, .... someone tell me why?
3:46 what does Galaxy-S10 do in your nmap scan???
700k soon❤️
Thanks you sir
Really good
So pen tests also have vulnerability scans already on them?
I like to use linPEAS or winPEAS for to find anything we can use for privilege escalation
Hi bro. I am using kali in vmware in my laptop with contains Intel chip in it . When I try to run apache2 server in kali, it's not working. I have tried to restart it by uninstalling & installing it again. Can you help ee with this bro.
I think the quality of content has gone down tbh, there was way too many times he blinked. it's just unnecessary
U got me lol
I too hate wasted blinks
Its Morse code...
I think its his (unsuccessful) way to convince us he’s human.
@@PB-eg2je People complaint he hardly blink and now he blinks and they complain again. Human being can never be satisfied
My Man
i love it when my like makes something even
i was the 500th like
How do I download the correct Nessus? My wont work for some reason
Great
Allow me to remind you of the first and most important step, legal documentation. This includes a Business Impact Analysis (BIA), Rules of Engagement (ROE), and so on.
Exactly. As a pentester myself, I do not start without any of these documents. Good addition.
@Da Boss There are a lot of companies looking for pentesters and technical security people. However most companies tend to hire people who studied. OSCP is nice to have, but you must have luck to find a company willing to give them a chance.
Best thing to do is to do an IT bachelor (or master, even better) and then get the OSCP certificate.
Yeah I'm sure a blackhat would get all of this first. Thanks for giving out that advice.
Forest River Yeah I’m sure you should be a black hat hacker and parade it around. Luckily there are real specialized people who are taking care of their work, instead of internet heroes.
@@JakeTheMDog Please im new on this, how dp i set up my lab?
Heh video time is 13:37 guess that makes you leet :D
Bro im currently in the process of making a program out of cmd (cuz thats currently my only coding tool i know how to use). Currently with it you can track ips, ping ips, and manually shutdown computers on the same router as you. What do you suggest i add to it next?
SƎNTIИƎL 髪 traceroute is handy, and don't worry if you can only write command scripts, a lot of simple tools are written like that.
@@m1lkweed hmm ok thx :)
What you mean manually shutdown computers on the same network ? Do you just send command to the router and it shutdowns another pc or what ?
Hey if you’re still interested, search up how to get kali Linux in a virtual machine I suggest virtual box and it gives you many tools to hack and such but you can use some of them for creating a program
Like a Boss
Video on hacking is 13:37 long... I see what you did there. 🧐
what??
man of culture
1337 LOL
@@Hamza-gn2cg If no one gets this, I'm done. XD
@@fourofour9569 I know RIGHT?
And what about enumeration and establish foothold
where can I get Nessus from I don't t have 3k???
Thx. Not your cup of tea but need Nessus on ARM hardware too.
Bro please can you make a video on installing gvm (openvas) vulnerability scanner fir Kali Linux 2020.3
yeah i know how to do this except step 6
How do you find out if someone is using these methods or similar against you? Thanks in advance!
In theory, you don't.
By monitoring you network To detect scans and weird trafic coming from someone. Also check your website and server logs every time.
You have monitor tools that detect some kind of behavior that can be associated to different hack technique.
You can monitor your .log server file or directly the network traffic inside a network especially if you search for inside attack.
I'm here just because EC-Council says it is a 5 step process, the same way they say C|EH is practical n all.
Thank you for this amazing video. Please bring more content about hacking using android divese =)
2 years passed damn
You can do this on any version of Ubuntu, right?
Yes, but you may have to install some required programs.
I don't understand why you say that SSH is usually associated with port 80. The SSH default port is 22, while 80 is Http default port. Anyhow, I enjoyed your video, really interesting.
SSL* Its a TL Encryption.
@@mathsocraft7816 SSL should be on port 443
@@mathsocraft7816 👎
SUP BOIS
These comments are golden.
dig, host, rdns, nmap, metasploit
Yes those are tools we use
hi null byte can you help me to learn me from indonesia
It's really strange to watch a null byte video with someone who blinks
Step 6?
Link is down
Anyone notice the video length is 13:37
where is orginal null byte??!
Hey!! Where is cody?
Can you crack the online ID ransomware pls ?
this is brilliant and i aint even a brit
how did kody k evolve into this !!??
Dude been follow me since bros wanted to b in college
Ffs can’t get the damn nessus scanner cause I need to pay for a friggin business email 🤦♂️
Where has Codi gone?
The other Guy?
it could be psyarriasis
Wait a minute Where is Cody? What did you guys do with Cody!?!?!?!?!? lol
I want to click there website for full tutorial but then again they are hackers
I read their 8 courses details and they are convincing. but, buying and giving bank details to hacker mentor is not convincing.
Mmm, yes. I do feel like using this information for educational purposes ONLY. And I'm gonna do the sixth part for sure.
You skipped reporting!
Hah, being in the field I was looking forward to that section 😬
can we appreciate that the time of this video is 13:37? 1337
Get those daemons uploaded.
Just casually using software that has a license that costs several thousand dollars, okay.
Damn the video is exactly 1337 long 🤣
Step 6. No matter how 1337 a hacker you are takes the longest ;)
At least it always feels that way
Hi, 2 things to help your skin, eat beats (sometimes skin problems mean something is wrong inside body) and mix yogurt with honey for outside on skin. Nice video, too advanced for me.
Wow
P.S.: SSL is usually associated with port 443.
Blinking was never an option
underrated comment
nice timeframe xddd
Where is Cody the Soul Ripper 😌
That's a badass nickname
@@NullByteWHT He really is
Ahh yes I remember 2 years ago when he used to stare straight into your soul without blinking
Not the same guy.
@@MarcoMazziniYT no im talking about the guy that was here 2 years ago
hope u understand
@@realhomy I misinterpreted your "he used to stare".
You have to admit that it's a bit confusing.
oh ok
what happened to the guy that doesnt blink
I'm here talking shit in the comments
Null Byte hahah
@@NullByteWHT 😂😂😂😂
I'm watching you...
I’m watching you to...
@@user-es2pd6he7l too* and no... No you're not...
@@user-es2pd6he7l also wtf is your username supposed to be
@@RETRO-DEV longest name in Africa
@@harambe2185 fair enough I suppose
The video is 13:37 long. Im sure it was a coincidence lol
print("Quality Content")
cout
java
System.out.println("Quality Content");
C
printf("Quality Content");
C#
Console.WriteLine("Quality Content");
Assembly:
section .text
global _start
_start:
mov edx, len
mov ecx, msg
mov ebx, 1
mov eax, 4
int 0x80
mov eax, 1
int 0x80
section .data
msg db 'Quality Content',0xa
len equ $ - msg
BrainFuck:
++++++++++[>+>+++>+++++++>+++++++++++++++++++++++++++.---------.---.+++++++++++.+++++.----------.-.++++++.---------------.+++++++++.++++++.
WANTED. Alive or Dead :)
Amazing
well if it aint nick...haha ha haha
4:20
Круто, довай жги пакрышки🤣🤣🤣
Vid is exactly 13:37 long
Evil or maybe a good copy of micheal reeves
Bro r u ok????
yes
@@NullByteWHT Then what r those red stuff on ur face???
@@abhikdutta2848 Are you an idiot?
@@NullByteWHT why?
@@NullByteWHT lol he must be lol
Can you make a video on how to hack pubg
what the actual fuck. pubG is a game.
Pls add indonesian sub
:)
OoOoooOOOOOOOoooOoooh 0 dislikes. ;)
i love not having a life and doing shit like this lol
Well u can have a life and still do it
@@boristodorov779 true true, but i write so many scripts that i do not have time for anything else....
=没有来自中国的评论=
way too basic, can we get something more advanced?
please don't talk about his face :(
What about his face?
@@boristodorov779 dotted face :/
@nullbyte bann this fucker from this community
bro nice skin.. haha just kidding.. nice vid
I didn't come on the internet to take shit from people who believe in Q-anon.
@@NullByteWHT oh my god, no need to be toxic, it was a joke :) ...also no need to critize other people beliefs since i dont critize yours :)
@@NullByteWHT bann this fucker
@@wickedwolf8438 Toxic? I don't make asshole comments about the physical appearance of college students bringing you content in their free time during a pandemic and then act like a victim when I get called out for it. When I started this channel, it was people making comments like yours that made me doubt if creating content was worth it. Keep this shit on Reddit.
@@wickedwolf8438 oh god just stfu
*LOOSE* *THE* *CRAPPY* *MUSIC!!!!!!!!!!!!!!!!!!!!!!!!!!!*
To be sincerely speaking in my humble opinion without being sentimental and judgmental and of course without offending anyone who thinks differently from my opinion, but the name above recovered it all for me in no time! I've vowed to always preach about ifastbrake! 👈🏼