Time
13 hours 9 minutes
Difficulty
Intermediate
CEU/CPE
13

Video Transcription

00:00
Hello and congratulations on the completion of the exploitation phase of the Pee test standard in our discussions.
00:09
So what should we have learned up to this point? Well, we discussed the purpose of exploitation. What it is, what some common tools were and the primary focus. Remember? Overall, we want to be stealthy and act as closely to a threat. Actors we can't without causing harm to the client.
00:27
We discussed countermeasures what they were
00:30
and types of countermeasures to include Anna virus. We looked at white listing and bypassing that process injection and memory resident attack types that we can use. We talked about data execution prediction or D P and Web application firewalls.
00:45
We discussed evasion. What it is common techniques and goals of evasion. We looked at precision strikes very quickly and what? That is, what it means and what it is. Not again. A handful of darts at a dartboard is not a precision strike. And we want to mimic an attacker's efforts to be stealthy and precise in their actions.
01:04
We discussed customized Exploitation Avenue What? That is some examples and tailoring exploits specifically to specific versions of applications and some things we should do with code modifications, such as replacing payloads to ensure we do not compromise our system.
01:22
We discussed the zero day angles, such as what it means fuzzing source code analysis.
01:26
Some types of exploits associated commonly with zero day attacks and over all the effort and energy and zero day angles is going to take us a lot more time, effort, energy and expertise. We then discuss some example Attack Avenue, such as Web application attacks.
01:42
If I strive deployments, memory based exploits and we discussed in a high level graphic processing unit cracking,
01:49
we then discussed in final our final discussion the overall objectives of exploitation being that we want to define the path of least resistance, take advantage of that and simulate potential loss for the client so that they can then
02:04
see risk reduction. See risk. Cost is far as being able to implement those compensating controls, and then they can apply those controls accordingly based on our feedback and research. So congratulations again, and with that, I want to thank you for your time today, and I look forward to seeing you again soon.

Up Next

Penetration Testing Execution Standard (PTES)

In this course we will lay out the Penetration Testing Execution Standard (PTES) in all its phases and their application for business leaders and Security Professionals alike.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor