7MS #448: Certified Red Team Professional - Part 3
7 Minute Security30 Dec 2020

7MS #448: Certified Red Team Professional - Part 3

Today, Gh0sthax and I talk about week 3/4 of the CRTP - Certified Red Team Professional training, and how it's kicking our butts a bit. Key points include:

  • We agree this is not a certification for folks who are new to pentesting

  • Don't expect to be following along "live" with the instructor during the training sessions

  • You'll need to do a flippin' ton of studying and practicing on your own in between the live sessions

  • As you follow along with the lab exercises, some things won't work - and that might be by design, but the lab manual might not give you a heads-up. In those cases, be sure to check with your classmates in the Discord channel

  • Problems popping shells? Hint: it might not be a problem with your tools...but with your network/firewalll config!

  • The more PowerShell skills you can walk into this training with, the better.

  • We've got to play with some tools that were new(ish) to us:

  • If you're an absolute rockstar in the pentest labs, don't think that you'll breeze right through the exam!

  • Some pros of this training: fast-moving, super knowledgable instructor. Outstanding content. Super value for the dollar investment - arguably the best pentest training bang for the buck. The labs themselves are quite good and realistic. You get the recordings of the live sessions after they're complete. The course covers some defense against these attacks as well - great to have the blue team perspective!

  • A few cons: the content might be too fast-moving. It can get easy to become "lost" and forget the objective of what each lab exercise is having you do. Lab manual doesn't necessarily match the PDF slides.

Avsnitt(683)

7MS #19: Kioptrix! (audio)

7MS #19: Kioptrix! (audio)

In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills. Download: 7MS #19: Kioptrix! (audio) Show notes: The Kioptrix series of VMs is here: http://www.kioptrix.com/blog/test-page/ and here: http://vulnhub.com/?q=kioptrix&sort=date-des&type=vm. Got approved for my OSCP training and I start it in a few…

5 Juli 20147min

7MS #18: Wireless Security 101 (audio)

7MS #18: Wireless Security 101 (audio)

In this episode I talk about some wireless security basics that we’re not seeing when out on assessments. Download: 7MS #18: Wireless Security 101 (audio) Show notes: WEP encryption is very, very bad. It’s easy to crack. Don’t use it. Wifite will demonstrate how easy it is to crack WEP. Stronger encryption such as WPA/WPA2…

22 Juni 20147min

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

In this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam. Download: 7MS #17: How to Pass the Certified Ethical Hacker Exam (audio) Show notes: Here’s info on the CEH training and test outline. I took my CEH training through UFairfax with instructor Leo Dregier. See this post I wrote that…

14 Juni 20147min

7MS #16: PwnPad Initial Impressions – part 2! (audio)

7MS #16: PwnPad Initial Impressions – part 2! (audio)

In this episode I talk about my first-hand experience using the PwnPad for wireless pentesting. Download: 7MS #16: PwnPad Initial Impressions – Part 2 Show notes: In a nutshell: PwnPad is a great tool to simplify/automate some wireless recon and/or hacking! PwnieExpress has a great write-up on mapping APs w/GPS coordinates using Google Earth here:…

31 Maj 20147min

7MS #15: PwnPad Initial Impressions (audio)

7MS #15: PwnPad Initial Impressions (audio)

In this episode I talk about my initial impressions of using the PwnPad for wireless pentesting. Download: 7MS #15: PwnPad Initial Impressions Show notes: Carrying around a Nexus 7 instead of a bulky laptop to do wireless pentesting sure is nice! PwnPad scripts/automates much of the “busy work” to capture WPA handshakes.

24 Maj 20146min

7MS #14: H8 4 Win8 (audio)

7MS #14: H8 4 Win8 (audio)

In this episode I talk about two (sort of) security related tips that I’ve learned by using Windows 8 wrong. Download: 7MS #14: H8 4 Win8 (audio) Show notes: Windows Defender doesn’t seem to auto-update on Win 8 unless you have updates set to auto download/install. I found a nifty script you can add as…

10 Maj 20146min

7MS #13: How to Get Pwned by HP (audio)

7MS #13: How to Get Pwned by HP (audio)

In this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware! Download: 7MS #13: How to Get Pwned by HP (audio) Show notes: My takeaways/recommendations from this experience: See a pic of my FortiClient picking up on…

3 Maj 20147min

7MS #12: Why My Domains Have Gan to Gandi (audio)

7MS #12: Why My Domains Have Gan to Gandi (audio)

In this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts. Download: 7MS #12: Why My Domains Have Gan to Gandi (audio) Show notes: This episode is all about this article (https://medium.com/cyber-security/24eb09e026dd) in which a Twitter user…

28 Apr 20147min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
flashback-forever
rss-krimstad
rss-vad-fan-hande
olyckan-inifran
aftonbladet-daily
rss-viva-fotboll
rss-sanning-konsekvens
svenska-fall
krimmagasinet
fordomspodden
motiv
blenda-2
dagens-eko
rss-frandfors-horna
rss-expressen-dok
svd-nyhetsartiklar
spar
spotlight