Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,750 --> 00:00:02,190 -: In this section of the course, 2 00:00:02,190 --> 00:00:04,380 we're gonna cover the various considerations 3 00:00:04,380 --> 00:00:05,520 that you need to think of 4 00:00:05,520 --> 00:00:07,290 when you're planning an engagement. 5 00:00:07,290 --> 00:00:09,060 In the world of penetration testing, 6 00:00:09,060 --> 00:00:10,980 the term engagement simply means 7 00:00:10,980 --> 00:00:14,100 a singular penetration testing project that has been planned 8 00:00:14,100 --> 00:00:16,740 and scoped by the client who's requested the test 9 00:00:16,740 --> 00:00:20,010 and the analyst who are gonna do the testing and assessment. 10 00:00:20,010 --> 00:00:21,720 Our focus in this section of the course 11 00:00:21,720 --> 00:00:24,270 will be on domain one, planning and scoping. 12 00:00:24,270 --> 00:00:25,680 Now we're gonna spend most of our time 13 00:00:25,680 --> 00:00:27,682 in this section of the course talking about planning 14 00:00:27,682 --> 00:00:29,730 because we're gonna be covering the concepts involved 15 00:00:29,730 --> 00:00:30,900 with scoping and engagement 16 00:00:30,900 --> 00:00:32,820 in the next section of the course. 17 00:00:32,820 --> 00:00:35,460 So in this section, we're gonna cover parts of objectives, 18 00:00:35,460 --> 00:00:38,640 1.1, 1.2, and 1.3. 19 00:00:38,640 --> 00:00:41,291 Objective 1.1 states that you must be able to compare 20 00:00:41,291 --> 00:00:44,790 and contrast governance, risk, and compliance concepts. 21 00:00:44,790 --> 00:00:47,640 Objective 1.2 states that you must be able to explain 22 00:00:47,640 --> 00:00:50,100 the importance of scoping and organizational 23 00:00:50,100 --> 00:00:51,780 or customer requirements. 24 00:00:51,780 --> 00:00:54,570 Objective 1.3 states that given a scenario, 25 00:00:54,570 --> 00:00:57,090 you must demonstrate an ethical hacking mindset 26 00:00:57,090 --> 00:00:59,790 by maintaining professionalism and integrity. 27 00:00:59,790 --> 00:01:02,460 Now, as we begin this section, we're gonna first talk 28 00:01:02,460 --> 00:01:05,400 about how risk is made up of threats and vulnerabilities. 29 00:01:05,400 --> 00:01:07,140 It's important to understand this concept 30 00:01:07,140 --> 00:01:09,630 as a penetration tester since your entire job 31 00:01:09,630 --> 00:01:11,280 is focused on finding vulnerabilities 32 00:01:11,280 --> 00:01:13,560 in your client's networks that can be exploited 33 00:01:13,560 --> 00:01:14,940 by a threat actor. 34 00:01:14,940 --> 00:01:17,430 In the case of a penetration tester, you're working 35 00:01:17,430 --> 00:01:19,770 as an authorized threat actor who's trying 36 00:01:19,770 --> 00:01:22,230 to identify the ways that an unauthorized intruder 37 00:01:22,230 --> 00:01:24,840 could cause damage to the organization's network. 38 00:01:24,840 --> 00:01:27,690 Then we're gonna move into the three types of controls, 39 00:01:27,690 --> 00:01:29,370 which are categorized as either technical 40 00:01:29,370 --> 00:01:31,421 or logical controls, physical controls, 41 00:01:31,421 --> 00:01:33,600 or administrative controls. 42 00:01:33,600 --> 00:01:35,400 These controls are important to understand 43 00:01:35,400 --> 00:01:37,710 as a penetration tester because you're gonna be creating 44 00:01:37,710 --> 00:01:40,110 a report for your client at the end of your engagement 45 00:01:40,110 --> 00:01:42,000 where you're gonna be recommending different controls 46 00:01:42,000 --> 00:01:43,950 across all three of these categories 47 00:01:43,950 --> 00:01:45,630 in order to thwart a threat actor 48 00:01:45,630 --> 00:01:48,180 from victimizing the organization's network. 49 00:01:48,180 --> 00:01:50,040 Next, we're gonna move into understanding 50 00:01:50,040 --> 00:01:52,740 the different steps in the penetration testing methodology 51 00:01:52,740 --> 00:01:55,620 that we're gonna use in this course, and on the exam. 52 00:01:55,620 --> 00:01:57,390 Also, we'll take a quick look 53 00:01:57,390 --> 00:01:59,181 at some other penetration testing methodologies 54 00:01:59,181 --> 00:02:00,990 that you may encounter when you're working 55 00:02:00,990 --> 00:02:03,021 as a penetration tester in the real world 56 00:02:03,021 --> 00:02:05,010 for a commercial firm. 57 00:02:05,010 --> 00:02:06,570 After that, we're gonna discuss 58 00:02:06,570 --> 00:02:09,389 how to plan your penetration test for the best results. 59 00:02:09,389 --> 00:02:12,120 We're also gonna cover the legal and regulatory concepts 60 00:02:12,120 --> 00:02:13,533 that are important to penetration testers 61 00:02:13,533 --> 00:02:16,260 and briefly cover the ethical hacking mindset 62 00:02:16,260 --> 00:02:19,350 and some concepts surrounding professionalism and integrity. 63 00:02:19,350 --> 00:02:21,000 So if you're ready to get started 64 00:02:21,000 --> 00:02:23,250 on your penetration testing journey, let's jump 65 00:02:23,250 --> 00:02:26,512 into our lessons focused on planning and engagement. 66 00:02:26,512 --> 00:02:28,929 (cool music) 5138