No video :(

Conduct a Penetration Test Like a Pro in 6 Phases [Tutorial]

Подписаться 937 тыс.

Просмотров 242 тыс.

50% 1

Earn $$. Learn What You Need to Get Certified (90% Off): nulb.app/cwlshop
How to Perform a Pentest like a Cybersecurity Specialist
Full Tutorial: nulb.app/z6mnu
Subscribe to Null Byte: goo.gl/J6wEnH
Nick's Twitter: / nickgodshall
Cyber Weapons Lab, Episode 185
Pentesting is the process of simulating an attack on a network and is used to find vulnerabilities that could be exploited by a malicious actor. The main goal of a pentest, or penetration test, is to identify security holes and weaknesses so that the organization being tested can fix any potential issues. In a professional penetration test, there are six phases you should know. On this episode of Cyber Weapons Lab, we are going to take a look at those six steps.
Related tutorials:
Nessus: nulb.app/z3xqb
Postenum: nulb.app/z5osm
Nmap: nulb.app/x4eyg | • Use Nmap for Tactical ...
To learn more, check out the article: nulb.app/z6mnu
Follow Null Byte on:
Twitter: / nullbyte
Flipboard: flip.it/3.Gf_0
Website: null-byte.com
Weekly newsletter: eepurl.com/dE3Ovb
Vimeo: vimeo.com/chan...

Опубликовано:

6 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 209

@eyelessclowned 4 года назад

Can we just appreciate how he puts himself on FBI watchlist just give us good content!

@RETRO-DEV 4 года назад

Lemme just *checks list*, yup.. you're on my list too

@eyelessclowned 4 года назад

@@RETRO-DEV wait what😶 😂😂😂😂

@RETRO-DEV 4 года назад

@@eyelessclowned oops.. that was public? :/

@zyan983 4 года назад

Someone's in trouble xD Don't worry about me....

@RETRO-DEV 4 года назад

@@zyan983 I'm watching you too buddy

@MapMavericks 4 года назад

Ooo. A blinker! This is new

@duckypl8144 4 года назад

@Paul Lombard wdym no one blinks

@killabite620 4 года назад

Paul Lombard it’s a J O K E

@AssassinIronMan 4 года назад

@Paul Lombard YOU SIR, DESERVEEEEEEEE r/wooooosh ( ͡° ͜ʖ ͡°)

@adelanaofficial 4 года назад

beats me

@AntZombie 3 года назад

What’s worse than people who reply seriously to jokes are people who delete their reply when they get humiliated.

@DBonacich 2 года назад

Awesome video. Quick and easy overview of the process and tools. My only criticism is that you should include steps to cover your tracks (clear logs, command history, etc on the target machine)

@0x2d2 25 дней назад

Do not clear logs on a pentest. Clear them on a red team engagement if you have confirmed it with the client.

@donaldlove4039 4 года назад

If you study the CEH certification you will learn this more in-depth. Very informative content as always.

@khairulazahar5958 3 года назад

Which website do you use to study the CEH certification?

@Themusicbiz 2 года назад

@@khairulazahar5958 I have a course from 2017 that I have lifetime access to. It cost $4500, if you rly want to learn, I’ll hook u up

@sheaspin3239 2 года назад

@@Themusicbiz I would love that!

@csmeby 2 года назад

@@Themusicbiz slide that shit yo

@Themusicbiz 2 года назад

@@csmeby I will say though, it won’t qualify you for the cert. you need to take an updated one. Mine for example covers CEH 9 and they are on 10 now. All knowledge no cert.

@nekoespresso3676 4 года назад

I like how their replies to comments actually sound like a person is talking instead of a over the top professional bot reply.

@NullByteWHT 4 года назад

I reply to comments when I'm avoiding work (Kody). Otherwise, it's Michael, who is less aggressive.

@backinyourcommentsectionag3191 4 года назад

I think the quality of content has gone down tbh, there was way too many times he blinked. it's just unnecessary

@sum_andres31 4 года назад

U got me lol

@NullByteWHT 4 года назад

I too hate wasted blinks

@Z8BLK 4 года назад

Its Morse code...

@PB-eg2je 3 года назад

I think its his (unsuccessful) way to convince us he’s human.

@olamijiakeemodeyemi9320 3 года назад

@@PB-eg2je People complaint he hardly blink and now he blinks and they complain again. Human being can never be satisfied

@Phaser1980 4 года назад

Video on hacking is 13:37 long... I see what you did there. 🧐

@alhurra3236 4 года назад

what??

@staceixan 4 года назад

man of culture

@Hamza-gn2cg 4 года назад

1337 LOL

@fourofour9569 4 года назад

@@Hamza-gn2cg If no one gets this, I'm done. XD

@Hamza-gn2cg 4 года назад

@@fourofour9569 I know RIGHT?

@donaldlove4039 4 года назад

Allow me to remind you of the first and most important step, legal documentation. This includes a Business Impact Analysis (BIA), Rules of Engagement (ROE), and so on.

@JakeTheMDog 4 года назад

Exactly. As a pentester myself, I do not start without any of these documents. Good addition.

@JakeTheMDog 4 года назад

@Da Boss There are a lot of companies looking for pentesters and technical security people. However most companies tend to hire people who studied. OSCP is nice to have, but you must have luck to find a company willing to give them a chance. Best thing to do is to do an IT bachelor (or master, even better) and then get the OSCP certificate.

@forestriver437 4 года назад

Yeah I'm sure a blackhat would get all of this first. Thanks for giving out that advice.

@JakeTheMDog 4 года назад

Forest River Yeah I’m sure you should be a black hat hacker and parade it around. Luckily there are real specialized people who are taking care of their work, instead of internet heroes.

@tinagray9605 Год назад

@@JakeTheMDog Please im new on this, how dp i set up my lab?

@trishwhite8452 3 года назад

I'm studying Cyber Security, at a government run College in Australia and I missed my Pen Testing class today due to illness, so I am just curious as to what I have missed, and how it works.

@MrTheRextoby 4 года назад

Man this is the kind of videos we want xD, awesome. More like this but with more dificult vulnerabilities.

@RaffaeleSellittoNiInF 4 года назад

I don't understand why you say that SSH is usually associated with port 80. The SSH default port is 22, while 80 is Http default port. Anyhow, I enjoyed your video, really interesting.

@mathsocraft7816 4 года назад

SSL* Its a TL Encryption.

@schwingedeshaehers 3 года назад

@@mathsocraft7816 SSL should be on port 443

@darklawtivity6831 Год назад

@@mathsocraft7816 👎

@spamlite 4 года назад

Heh video time is 13:37 guess that makes you leet :D

@wendy_113 11 месяцев назад

You seem to have a gift for explaining difficult topics very well ty

@zer0k4ge 3 года назад

Great video. I’m new and don’t understand a lot but I’m getting there! Just set up a raspberry pi with kali to do some experimenting.

@birdperson180 4 года назад

i love it when my like makes something even i was the 500th like

@mrhappysmiley2968 4 года назад

I like to use linPEAS or winPEAS for to find anything we can use for privilege escalation

@Blackdiamond.001 4 года назад

Great

@addaboi 2 месяца назад

A lot of these videos I see are already on the network, let's say you're not on the local network already how would you begin? Reason I ask is my manager has asked me to run a pentest as "someone who parked outside our office on a Saturday with a laptop and mobile hotspot. Appreciate the help!

@RakeshSingh-zo3zw 3 года назад

His blogs are awesome!!

@johndanielcepeda5393 Год назад

Thank you for explaining this thoroughly!

@NaRToTiK2 4 года назад

Thanks for the great videos! good content and explanation. btw can you make a video on how to set a undetectable VM?

@robinhood8302 2 года назад

Maaann this guy is the real G.O.A.T

@lalaineagsam2115 4 года назад

Thank you nullbyte

@Ghost-by5zt 4 года назад

I want to click there website for full tutorial but then again they are hackers

@farhanazamchohan6924 3 года назад

I read their 8 courses details and they are convincing. but, buying and giving bank details to hacker mentor is not convincing.

@martin_oconnor 4 года назад

How do you find out if someone is using these methods or similar against you? Thanks in advance!

@pianochannel100 4 года назад

In theory, you don't.

@ala_b2017 4 года назад

By monitoring you network To detect scans and weird trafic coming from someone. Also check your website and server logs every time.

@blender_wiki 2 года назад

You have monitor tools that detect some kind of behavior that can be associated to different hack technique. You can monitor your .log server file or directly the network traffic inside a network especially if you search for inside attack.

@soroushsafarzade5770 2 года назад

3:46 what does Galaxy-S10 do in your nmap scan???

@fahid3342 2 года назад

And what about enumeration and establish foothold

@MrGFYne1337357 4 года назад

dig, host, rdns, nmap, metasploit

@rickyray2794 3 года назад

Yes those are tools we use

@amwin7 3 года назад

How can you tell that your being hacked, is there a live view software you can use?

@Nino-xe3oj Год назад

How do I download the correct Nessus? My wont work for some reason

@Adriana-em9dx Год назад

I tried to run nmap -sV -p 80 on my terminal but it shows error says the term 'nmap' is not recognised as the name of cmdlet, .... someone tell me why?

@dEExm702 4 года назад

Bro im currently in the process of making a program out of cmd (cuz thats currently my only coding tool i know how to use). Currently with it you can track ips, ping ips, and manually shutdown computers on the same router as you. What do you suggest i add to it next?

@m1lkweed 4 года назад

SƎNTIИƎL 髪 traceroute is handy, and don't worry if you can only write command scripts, a lot of simple tools are written like that.

@dEExm702 4 года назад

@@m1lkweed hmm ok thx :)

@nero2k619 4 года назад

What you mean manually shutdown computers on the same network ? Do you just send command to the router and it shutdowns another pc or what ?

@inxnite4071 2 года назад

Hey if you’re still interested, search up how to get kali Linux in a virtual machine I suggest virtual box and it gives you many tools to hack and such but you can use some of them for creating a program

@NashHazzard 2 года назад

Null Noob question i need to set up a system on my network running Apache to pentest correct?

@noorzaman474 3 года назад

So pen tests also have vulnerability scans already on them?

@quintinwaterhouse5804 Год назад

Anyone notice the video length is 13:37

@nixcutus 4 года назад

Great Video thanks for this.

@Marcothemillionaire 2 года назад

where can I get Nessus from I don't t have 3k???

@sahilbasia4571 4 года назад

Bro please can you make a video on installing gvm (openvas) vulnerability scanner fir Kali Linux 2020.3

@gautamhacks5098 4 года назад

where is orginal null byte??!

@shaikhemad3556 4 года назад

Thanks you sir

@MathaGoram 4 года назад

Thx. Not your cup of tea but need Nessus on ARM hardware too.

@zellers5423 4 года назад

You can do this on any version of Ubuntu, right?

@NullByteWHT 4 года назад

Yes, but you may have to install some required programs.

@alimonbanda6983 2 года назад

Link is down

@shreesharda7508 4 года назад

700k soon❤️

@henrykissinger-ot5sx Год назад

Really good

@k.eshwanth7752 4 года назад

Hi bro. I am using kali in vmware in my laptop with contains Intel chip in it . When I try to run apache2 server in kali, it's not working. I have tried to restart it by uninstalling & installing it again. Can you help ee with this bro.

@naturalsoundlab4307 4 года назад

Hey!! Where is cody?

@bernardphlaxisk6454 4 года назад

I'm here just because EC-Council says it is a 5 step process, the same way they say C|EH is practical n all.

@minibit0103 4 года назад

Like a Boss

@nicroxio681 4 года назад

SUP BOIS

@kabobz 4 года назад

Hi, 2 things to help your skin, eat beats (sometimes skin problems mean something is wrong inside body) and mix yogurt with honey for outside on skin. Nice video, too advanced for me.

@nitra01 4 года назад

Wow

@laragonzalezcastilla2771 2 года назад

2 years passed damn

@MidnightPixies 4 года назад

My Man

@digitalvillage2333 2 года назад

Ffs can’t get the damn nessus scanner cause I need to pay for a friggin business email 🤦‍♂️

@tienatnguyen3412 Год назад

Can you crack the online ID ransomware pls ?

@andrewa7952 4 года назад

Step 6?

@pcislocked 4 года назад

yeah i know how to do this except step 6

@mauliddifirmansyah252 4 года назад

hi null byte can you help me to learn me from indonesia

@hnachtv6555 4 года назад

how did kody k evolve into this !!??

@xAlbanianHackerx 4 года назад

You skipped reporting!

@xAlbanianHackerx 4 года назад

Hah, being in the field I was looking forward to that section 😬

@timetraveller4336 4 года назад

It's really strange to watch a null byte video with someone who blinks

@riley530 4 года назад

These comments are golden.

@rectify2003 4 года назад

Where has Codi gone? The other Guy?

@omegapsiphi1911 3 года назад

Wait a minute Where is Cody? What did you guys do with Cody!?!?!?!?!? lol

@youtubepro5932 9 месяцев назад

Dude been follow me since bros wanted to b in college

@LofilabLofiHipHop 4 года назад

Thank you for this amazing video. Please bring more content about hacking using android divese =)

@area-XXX 4 года назад

it could be psyarriasis

@josephjefferson2617 2 года назад

P.S.: SSL is usually associated with port 443.

@rafaelnacha1788 2 года назад

4:20

@lesiostasio2542 3 года назад

Mmm, yes. I do feel like using this information for educational purposes ONLY. And I'm gonna do the sixth part for sure.

@RETRO-DEV 4 года назад

I'm watching you...

@user-es2pd6he7l 4 года назад

I’m watching you to...

@RETRO-DEV 4 года назад

@@user-es2pd6he7l too* and no... No you're not...

@RETRO-DEV 4 года назад

@@user-es2pd6he7l also wtf is your username supposed to be

@harambe2185 4 года назад

@@RETRO-DEV longest name in Africa

@RETRO-DEV 4 года назад

@@harambe2185 fair enough I suppose

@uaman11 Год назад

this is brilliant and i aint even a brit

@narcisakaparapet 4 года назад

Blinking was never an option

@bharatmadho3742 4 года назад

underrated comment

@justrickacoustic 2 года назад

can we appreciate that the time of this video is 13:37? 1337

@enos5192 4 года назад

Where is Cody the Soul Ripper 😌

@NullByteWHT 4 года назад

That's a badass nickname

@enos5192 4 года назад

@@NullByteWHT He really is

@cybercat1531 4 года назад

Step 6. No matter how 1337 a hacker you are takes the longest ;)

@cybercat1531 4 года назад

At least it always feels that way

@adamodonoghue4812 4 года назад

what happened to the guy that doesnt blink

@NullByteWHT 4 года назад

I'm here talking shit in the comments

@adamodonoghue4812 4 года назад

Null Byte hahah

@bharatmadho3742 4 года назад

@@NullByteWHT 😂😂😂😂

@forestriver437 4 года назад

well if it aint nick...haha ha haha

@GuNoZidE 2 года назад

Damn the video is exactly 1337 long 🤣

@tayyabrasul3807 2 года назад

Vid is exactly 13:37 long

@moonmaan 4 года назад

Just casually using software that has a license that costs several thousand dollars, okay.

@redsol3629 3 года назад

Get those daemons uploaded.

@mattnsac Год назад

The video is 13:37 long. Im sure it was a coincidence lol

@user-nw4gv9pf8x 6 месяцев назад

WANTED. Alive or Dead :) Amazing

@edward7935 4 года назад

@private_guapo 4 года назад

nice timeframe xddd

@0xSN1PE 4 года назад

print("Quality Content")

@lavishjaat 4 года назад

cout

@BloodmansCrypt 4 года назад

java System.out.println("Quality Content"); C printf("Quality Content"); C# Console.WriteLine("Quality Content");

@nero2k619 4 года назад

Assembly: section .text global _start _start: mov edx, len mov ecx, msg mov ebx, 1 mov eax, 4 int 0x80 mov eax, 1 int 0x80 section .data msg db 'Quality Content',0xa len equ $ - msg BrainFuck: ++++++++++[>+>+++>+++++++>+++++++++++++++++++++++++++.---------.---.+++++++++++.+++++.----------.-.++++++.---------------.+++++++++.++++++.