Module 4 Summary

00:00

Hello and congratulations for completing the vulnerability analysis section of the penetration testing execution standard.

00:10

So in summary,

00:12

what did we learn?

00:14

Well, we looked at vulnerability testing. We discussed what it was. Some example, flawed types and overall goals of testing. Remember, we hope to reduce risk and help in organization become aware of assets and things of that nature within the organization, both known and unknown through the testing process,

00:32

we looked at active testing and discussed what that waas.

00:35

We looked at automated methods for doing so. General vulnerability scanners, banner grabbing weather application scanners and obfuscation techniques. We looked at passive testing and how that is not actively querying systems through things like metadata analysis and traffic monitoring.

00:51

We then got into validation of vulnerabilities and looked at some areas that we can do that such a correlation between tools,

00:57

manual testing methods, protocol specific methods and some different avenues that we can then use to start to map out attacks and things of that nature to look for attack vectors. We then rounded it out with ways that we could do research on potential exploits

01:11

and to additionally validate vulnerabilities to maybe setting up private labs and things of that nature. So we took touched on what that was. Exploit databases and framework modules will look hardening guides as faras. Using those is a means for validating exploit ability on a system and administrator. Due diligence.

01:30

We looked at private research