StC Pentesting Fundamentals Study Group — Week #10 Recap

Last week we had our tenth session of the Pentesting Fundamentals Study Group.

We covered Chapter 9 Exploiting Application Vulnerabilities of the CompTIA PenTest+ Study Guide and learned about the following topics:

• Exploiting injection vulnerabilities
• Exploiting authentication vulnerabilities
• Exploiting authorization vulnerabilities
• Insecure coding practices
• Application testing tools

We also watched IppSec’s videos on how to get system/root level access on the FriendZone Hack The Box (HTB) box.

Next week, we’ll cover Ch-10 of the CompTIA Pentest+ book and work on the LaCasaDePapel Hack The Box (HTB) box.

Additional Resources

• Hack The Box — FriendZone Writeup w/o Metasploit