StC Pentesting Fundamentals Study Group — Week #9 Recap

This week we had our ninth session of the Pentesting Fundamentals Study Group.

We covered Chapter 8 Exploiting Physical and Social Vulnerabilities of the CompTIA PenTest+ Study Guide and learned about the following topics:

• Physical penetration testing
• In-person social engineering techniques
• Phishing attacks such as vishing, smishing, whaling and spear phishing
• Website-based attacks such as watering holes and the use of cloned websites for phishing
• Social engineering tools such as SET and BeEF

We also watched IppSec’s videos on how to get system/root level access on the Irked and Active Hack The Box (HTB) machines.

Next week, we’ll cover Ch-9 of the CompTIA Pentest+ book and work on the FriendZone (Linux) & Bounty (Windows) HTB boxes.

Additional Resources

• Hack The Box — Irked Writeup w/o Metasploit
• Hack The Box — Active Writeup w/o Metasploit