Autoplay
Autocomplete
Dark Mode
Speed
Previous Lesson
Complete and Continue
External Pentest Playbook
Introduction
Introduction (8:18)
Course Discord (2:45)
Before We Start
Objectives of an External Pentest (3:11)
Checklists, FTW (6:41)
Rules of Engagement (9:20)
Verifying Scope (3:38)
Client Communication (4:28)
Kicking Off
Attack Strategy (6:20)
Vulnerability Scanning (6:56)
Reviewing & Extracting Information (5:04)
Information Gathering / OSINT
Overview (1:55)
Hunting Breached Credentials (14:21)
Identifying Employees & Emails (6:27)
Enumerating Valid Accounts (Pre-Attack) (5:55)
Other Useful Information (5:43)
Attacking Login Portals
Overview & Strategy (6:41)
Attacking O365 (15:31)
Attacking OWA (7:10)
Attacking Other Portals (9:51)
Bypassing MFA (7:09)
Escalating Access
Strategy & Walkthrough (12:30)
Report Writing
Report Writing (16:04)
Common Pentest Findings
Overview (0:52)
Insufficient Authentication Controls (4:16)
Weak Password Policy (4:17)
Insufficient Patching (3:13)
Default Credentials (3:37)
Insufficient Encryption (3:05)
Information Disclosure (4:02)
Username Enumeration (2:37)
Default Web Pages (1:47)
Open Mail Relays (2:00)
IKE Aggressive Mode (1:43)
Unexpected Perimeter Services (1:39)
Insufficient Traffic Blocking (2:14)
Undetected Malicious Activity (1:55)
Historical Account Compromises (1:46)
Wrapping Up
Client Debriefs (5:36)
Attestation Letters (2:02)
Client Retests (2:13)
Conclusion
Course Conclusion (2:37)
Identifying Employees & Emails
Complete and Continue