So what are we gonna do today? What? Our goals over. First, we're gonna learn what a pen tester actually does. We're gonna learn how you can become a pen tester. What life is like as a pen tester. We're gonna discuss the tools of the trade, and I'm going to demonstrate some tasks. We're gonna actually do a little bit of hacking today. Some very light stuff against Sort of contrived Devi W a server. We'll talk about that in just a minute.
The goal here is to just make you familiar with what the pen testing career fielding job is actually like.
So you're prerequisites for this. You're gonna need a computer, which hopefully is what you're watching this on if you want to, you know, work with coding. And that sort of thing is usually better to be on a computer. There are people who do it on tablets. Those people terrify me.
You're also gonna want some excitement. This is we're trying to have a little fun with this one. Pen testing is a really popular buzz word, and I'm probably gonna disappoint a few of you in terms of the day to day life of it, But it's important to be excited that passion is gonna carry you through Not just this course, but really everything on cyberia And, you know, in a minute, in a sort of philosophical way, everything in your life
and they're gonna want a general understanding of I T and cyber Security terms. Now, this is an intro course. We're not going to go flying straight through into, you know,
hacker talk or anything nonsensical like that, mostly because we're professional adults with day jobs. But you're just some ability to understand what we're talking about when I say things like VM and server that's gonna help you get through this this particular video a little bit better.
I like to say in the slide, you don't have to be conversant in all things tech, but if I say something like MD five, you shouldn't be confused and googling that
so are you in the right place? Well, are you new to the field of I T or relatively new to the field of I T. Or Cyber Security? Do you want to better understand the role of a pen tester? Are you a recruiter? Because, as we've said, many times. We love it when recruiters watch these videos because then they know how to write job openings, which isn't very important. Are you a manager? Are you a job seeker?
And, of course, do you like neon? We don't actually have any inter video right now because it messed up. It was messing on my computer game.
But Life is a hacker apparently involves a lot of neon and movies. You cannot crack it. Password Joe without neon lights. It's essential neon lights or the core part of hacking.
So we've got a few supplemental materials today. We're gonna spend a little bit of time over here in a new bunch of'em, and then I have a D V W A. Which is a *** vulnerable Web application server. It's a tool that's developed, basically to be hacked on. We'll talk about that a little bit more once you get in here to the lab part of this video. And then, of course, these slides, which are available for download
so those are gonna be your primary primary supplemental materials for this video. Not too much, not too crazy.
So let's jump into the actual content. The actual meeting that's what does a pen tester do? Well, the sort of one sentence summary of this job is you emulate threat actors to identify and re mediate security gaps. So this convertible lot of different ideas right? You perform security analysis against organizations everything from,
you know, a small nonprofit all the way up to a multinational corporation.
It's not just hacking, it's not just tech. You know, you're looking for a physical, social and technological approaches. So it could be
any possible way that a person could compromise data or gain access, unauthorized access to a system or an organization. All of those kind of fall in the room with pen testing. There are a lot of really talented pen testers who were mediocre in cybersecurity, but just excellent talking, Excellent, you know, getting passwords out of people over the phone, things like that.
So it's not just a technological job role, though. Obviously, technology is a very big part of it.
Part of your job is to just be aware of the new vulnerabilities and the new mitigations in the world, you know, knowing what CV ease air out. Know what critical bugs got released when Heartbleed came out a pen testers job was to immediately, you know, add that to their repertoire, look through what their current sir their current operations were and make sure they were helping to provide security against that.
Just being aware is really key to being a pendant, sir, because like I said,
you're emulating a threat actor and you cant successfully do that unless you know what Fred actors were doing and then the last one. The reason why I think that people get disappointed about being a pen tester. I think the reason people are kind of let down is way more paperwork than your things. There is an insane amount of documentation. Well, actually, we have a whole slide about just the documentation for portion,
but there is just It's a great job. It's an exciting job,
but you spend a lot of time on those TPS report kind of things