Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: WEBVTT 00:00:01.010 --> 00:00:02.690 Vulnerability analysis. 00:00:03.650 --> 00:00:10.690 Vulnerability analysis, typically, most accessors or Testa's running vulnerability or network for 00:00:10.700 --> 00:00:16.940 scans to better understand which services the network or the application is running and whether they 00:00:16.940 --> 00:00:23.670 are there are any vulnerabilities in any systems, including in the scope of the assessment. 00:00:24.050 --> 00:00:31.400 So this process often includes a manual vulnerability testing or discovery, which is often the most 00:00:31.400 --> 00:00:36.180 accurate form of vulnerability analysis or vulnerability assessment. 00:00:36.500 --> 00:00:39.710 There are many tools both free and paid for. 00:00:39.950 --> 00:00:47.360 So to assist us in quickly identifying vulnerabilities on a target system or network after discovering 00:00:47.360 --> 00:00:52.720 the vulnerabilities, after discovering security weaknesses. 00:00:53.000 --> 00:00:56.420 The next phase is to attempt exploitation. 00:00:56.900 --> 00:01:02.600 Exploitation is the most commonly ignored or overlooked part of the penetration testing. 00:01:02.840 --> 00:01:09.410 And the reality is that clients and executives don't care about vulnerabilities unless they understand 00:01:09.410 --> 00:01:10.940 why they matter to them. 00:01:11.330 --> 00:01:19.160 Exploitation is the ammunition or evidence that helps articulate why the vulnerability matters and illustrates 00:01:19.160 --> 00:01:23.450 the impact that the vulnerability could have on the organization. 00:01:23.780 --> 00:01:26.010 Furthermore, brutal exploitation. 00:01:26.010 --> 00:01:31.850 Their assessment is not a penetration test and is nothing more than an anaerobic assessment, which 00:01:31.850 --> 00:01:36.890 is most companies can conduct in-house better than a third party consultant called. 00:01:37.640 --> 00:01:44.090 To put it simply, during the information gathering phase, a penetration test will profile the target 00:01:44.090 --> 00:01:46.220 and identify any more robotized. 00:01:46.460 --> 00:01:51.620 Next, using the information about the vulnerabilities, the penetration tester will do their research 00:01:51.740 --> 00:01:57.770 and Chris Bitburg exploits that will take advantage of the vulnerabilities of the target. 00:01:58.040 --> 00:02:03.380 This is what exploitation is when we use exploit. 00:02:03.920 --> 00:02:11.150 This means malicious code to leverage and vulnerability weakness in a system which will allow us to 00:02:11.180 --> 00:02:19.070 execute accurate record and comments on the target, often after successful in exploiting a target system 00:02:19.070 --> 00:02:19.820 or network. 00:02:19.940 --> 00:02:24.590 We may think then the task is done, but it isn't just yet. 00:02:24.920 --> 00:02:30.570 There are tasks and objectives to complete after breaking into the system. 00:02:30.890 --> 00:02:40.310 This is the post exploitation phase in the penetration testing plus exploitation, commercial exploitation. 00:02:41.240 --> 00:02:47.260 Exploitation is the process of gaining access to systems that may contain sensitive information. 00:02:47.600 --> 00:02:49.900 The process exploitation. 00:02:50.060 --> 00:02:57.310 The primary goal is typically to demonstrate the impact that their vulnerability and access gained can 00:02:57.320 --> 00:02:59.150 pose the to the organization. 00:03:01.000 --> 00:03:09.600 So the process of postfix rotation is the continuation of this step where the foothold gained leverage 00:03:09.610 --> 00:03:16.190 it to access data or spread to other systems within the network during the post exploitation. 00:03:16.390 --> 00:03:24.160 The primary goal is to typically to demonstrate the impact that they will mobility and access gain Campos 00:03:24.160 --> 00:03:25.120 to the organization. 00:03:25.480 --> 00:03:32.980 The impact assist in helping executive leadership better understand the vulnerabilities and damage it 00:03:32.980 --> 00:03:34.870 called cost to the organization. 00:03:35.230 --> 00:03:40.130 And the last phase is Re-import Writing Report. 00:03:40.210 --> 00:03:47.860 Writing is exactly as it sounds and is one of the most important elements of any penetration test penetration 00:03:47.860 --> 00:03:48.220 testing. 00:03:48.220 --> 00:03:55.120 Maybe this helps, but report writing is a deliverable that the client sees and is the only tangible 00:03:55.120 --> 00:04:01.810 element given to the client at the end of the assessment report shall be given as much attention and 00:04:01.810 --> 00:04:03.020 care as the testing. 00:04:03.950 --> 00:04:12.430 I our report for writing in greater detail later on this course, but report for writing involves much 00:04:12.430 --> 00:04:16.770 more than listing and few vulnerabilities discovered during the assessment. 00:04:17.170 --> 00:04:20.620 It is the medium in which to convey risk business impacts. 00:04:20.620 --> 00:04:24.280 Summarize your findings and include remediation steps. 00:04:24.640 --> 00:04:25.870 A good penetration test. 00:04:25.870 --> 00:04:32.230 Our needs to be a good report writer or the users they find will be lost and may never be understood 00:04:32.230 --> 00:04:35.670 by the client who hired them to conduct their assessment. 00:04:36.160 --> 00:04:44.680 Having completed this lecture, you are now able to describe each pace of penetration test testing here. 00:04:44.740 --> 00:04:53.260 Birchmore you have a better idea of expectation of penetration testers and expectation penetration testers 00:04:53.260 --> 00:04:54.180 in the industry. 00:04:54.520 --> 00:05:01.450 Next, we will dive into understanding various penetration testing methodologies, standards and frameworks. 00:05:01.540 --> 00:05:03.460 So I am waiting you in Ecclesia.6071