We also came up with a new format for EH-Net vids that we hope will become the standard template. Please let us know what you think.
In the near future, look for additional book reviews from Ryan in addition to Part 2 of this video series, other vids and a review of SANS updated 6-day course, Web App Penetration Testing and Ethical Hacking, by InGuardians Kevin Johnson. Should be a great year with this fantastic addition to our family.
Welcome into the fray!!
Permanent link: [Article]-Video: The 15-Minute Network Pen Test Part1
There are numerous tools used in the Penetration Testing (pen testing) process, and there are plenty of books that go into how to use the individual tools. There are very few resources that discuss how the tools are used and how to approach the process. When Henry Qin at the Duke University ACM Chapter approached EthicalHacker.net on doing a presentation for his organization on the tools and process of pen testing, I jumped at the opportunity. The following videos encompass the basic outline of what was presented at Duke with some minor changes.
The first video takes the viewer through the initial network recon stage of pen testing and then follows up with actual exploitation using Metasploit. Initially the network is scanned through Nmap, and after some basic discovery and information gathering, the scan continues to Nessus. Nessus is a vulnerability scanning tool that allows the user to analyze a host for vulnerabilities, but also has the ability to export reports. The video then walks the viewer through importing the Nessus vulnerabilities directly into Metasploit in order to determine which Metasploit modules correspond to the Nessus vulnerabilities for the specific host. The module data is then used to compromise a remote Microsoft Windows XP box.
Stay tuned for Part 2 coming very soon.