StC Pentesting Fundamentals Study Group — Week #7 Recap

Last week we had our seventh session of the Pentesting Fundamentals Study Group.

We covered Chapter 7 Exploiting Network Vulnerabilities of the CompTIA PenTest+ Study Guide and learned about the following topics:

• Conducting network exploits such as VLAN hopping attacks, DNS cache poisoning, man-in-the-middle attacks, ARP spoofing, DoS attacks and stress testing
• Exploiting the NetBIOS name resolution and SMB Windows services
• Exploiting common services such as SNMP, SMTP, FTP and Samba
• Wireless exploits such as evil twin attacks, bluetooth attacks and RFID cloning

We also watched IppSec’s videos on how to get system/root level access on the CronOS and Blue Hack The Box (HTB) machines.

This week, we will be holding a cyber security challenge!

Additional Resources

• Hack The Box — CronOS Writeup w/o Metasploit
• Hack The Box — Blue Writeup w/o Metasploit
• What Are DNS Zone Transfers (AXFR)
• VirtualHost Examples
• The Hosts File on Linux