Time
48 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
So let's take a look here there next slide.
00:03
So what do protesters do? Let's talk about this a little bit and
00:08
we have a couple of items, this kind of high level. We're gonna start here and then we're gonna break this down a little bit as we go through the webinar. And as we go through the training today,
00:16
the first point that we wanted to make is that the utilizing, adversarial thinking and creative methods to look at problems before their courage. I love this point because we think about this as pen testing is really kind of a preemptive strike, so to speak, to test a network and take a look at it and see what's happening so that we do this before.
00:36
Obviously, the bad guys get in
00:38
to a network,
00:39
and this often means going beyond the use of automated tools. So you're not just using systems and tools and software toe hack using urine inherent skills as a person thinking about how you could get into a network.
00:52
The next piece is performing technological offensive
00:55
offensive simulating fishing campaigns that identify weak links in a company's security posture. It's often the human heart right. We're gonna get to that moment and pinpointing training aids. So once you actually see what's happening on the network, you figure out where training needs to happen.
01:11
The next piece is understanding at that, exploiting the human element. That social engineering piece is essential to simulate realistic attacks and uncover and infrastructures critical weaknesses. So,
01:22
Mark, I wanted to kind of throw that piece out to you. Could you talk a little bit about kind of how and why around social engineering as it relates to pen testing on why that's so important?
01:33
Yeah. So, you know, with with any company, anywhere that you work in any country, regardless of who you are, the weakest link and security is always going to be the human element.
01:45
So So when you think about that, if you look at so the book I would recommend is ghost in the wires like Kevin Mitnick. And if you don't you Kevin Mitnick is
01:53
Google it
01:56
read the book. It's truly amazing that this is probably before the time here, but he was a master of social engineering, and this is a simple things. Sometimes it's just dressing up like the FedEx driver or the delivery driver carrying Jake Annick boxes
02:13
so that you can't open the door and having somebody piggy back to you in.
02:16
It also goes into getting into a company at a low level and,
02:22
you know, working your way into become that insider on I mean that some of the things they can
02:28
I can hire you to do to see what kind of access you can get this outside of your room.
02:32
You could also
02:35
call people depending on the level they're at pretending to be the CEO. This D I s Oh, and you can use that human fear of getting in trouble to force people to tell you things that they wouldn't necessarily tell people otherwise. That's why there's so much training on insider threat and that you shouldn't get out your credentials. If it's an I t. Person
02:54
calling you, tell them to come to your desk.
02:57
Uh,
02:58
you know, it's just one of those things that people are generally not peace, and it's easy to exploit
03:04
for sure. Yeah, people want to help, and so then, as a pen tester, you can kind of take advantage of that.
03:09
Great, Wonderful. Okay, so let's keep moving

Up Next

Launching Your Penetration Tester Career

In this course on “Launching Your Penetration Tester Career” presented by Cybrary’s own Gina Palladino, you will hear directly from the experts on what it takes to boost your career to the next level. From interview prep to resume writing, expect a thorough overview on how to achieve one of the industries most prestigious titles in cybersecurity.

Instructed By

Instructor Profile Image
Gina Palladino
Adjunct Instructor at Carroll Community College
Instructor