CompTIA Pentest+ PT0-002 – Section 13: Cloud Attacks Part 3

129. Auditing the Cloud (OBJ 3.4) In this lesson, we’re going to explore how you can audit cloud services using some common tools during your engagements. This includes tools like Scout Suite, Prowler, Pacu, Cloud Brute and Cloud Custodian. First we have Scout Suite. Scout Suite is an open-source tool written in Python that can… Read More »

CompTIA Pentest+ PT0-002 – Section 13: Cloud Attacks Part 2

126. Misconfiguration Assets (OBJ 3.4) In this lesson, we’re going to discuss misconfigured cloud assets, the vulnerabilities they contain, and how an attacker might exploit some of those vulnerabilities. Misconfigured cloud assets are any kind of account, storage, container or other cloud-based resource that is vulnerable to attack because of its current configuration. This includes… Read More »

CompTIA Pentest+ PT0-002 – Section 13: Cloud Attacks Part 1

123. Cloud Attacks (OBJ 3.4) In this section of the course, we’re going to discuss the different types of cloud attacks that we can use for assets hosted using cloud service providers like Amazon Web Services, Microsoft Azure and the Google Cloud Platform. As more and more organizations move their servers, systems and services into… Read More »

CompTIA Pentest+ PT0-002 – Section 12: Application Attacks Part 4

119. OWASP ZAP (OBJ 3.3) In this lesson, we’re going to talk about the OWASP Foundation’s; ZAP program. Now, ZAP is the Zed Attack Proxy, also known as ZAP. It’s an open source interception proxy, and web application assessment tool that’s written in Java. Now, because it’s written in Java; it works on Windows systems,… Read More »

CompTIA Pentest+ PT0-002 – Section 12: Application Attacks Part 3

116. SQL Injections (OBJ 3.3) In this lesson, we’re going to discuss SQL injection attacks. Now, before we dive into SQL injection attacks though, we need to talk a little bit about SQL in general and provide some background. Now, when you’re dealing with databases, you have to have a way to talk to the… Read More »

CompTIA Pentest+ PT0-002 – Section 12: Application Attacks Part 2

114. Cross-Site Scripting (XXS) (OBJ 3.3) In this lesson, we’re going to discuss cross-site scripting, also known as XSS. Now, cross-site scripting is a malicious script that’s hosted on an attacker site or coded inside of a link that’s injected into a trusted site, designed to compromise the client that is browsing that trusted site.… Read More »

CompTIA Pentest+ PT0-002 – Section 12: Application Attacks Part 1

111. Application Attacks (OBJ 3.3) In this section of the course, we’re going to discuss the different types of application attacks that we can use against web applications to wreck havoc on a target organization’s network. As we move into this section, we’re going to continue looking at various attacks and exploits that we can… Read More »

CompTIA Pentest+ PT0-002 – Section 11: Application Vulnerabilities Part 4

108. Software Composition (OBJ 3.3) In this lesson, we’re going to discuss Software Composition Analysis. Software Composition Analysis describes a process by which software can be analyzed for open-source components because these open-source components could contain vulnerabilities in their source code and those vulnerabilities will then be assumed by our applications when we use those… Read More »

CompTIA Pentest+ PT0-002 – Section 11: Application Vulnerabilities Part 3

105. Improper Headers (OBJ 3.3) In this lesson, we’re going to discuss vulnerabilities associated with improper headers in your web applications. Now, the OWASP Secure Headers Project describes different HTTP response headers that your application can use to increase the security of your application while placing its calls. HTTP response headers are used to control… Read More »

CompTIA Pentest+ PT0-002 – Section 11: Application Vulnerabilities Part 2

102. Buffer Overflows Attacks (OBJ 3.3) In this demonstration, I’m going to show you how a buffer overflow attack is conducted. Now I’m going to do this by using a simple program that’s written here. This program is called narnia0.c. This tells me that the program was written in the C programming language. You can… Read More »