1
00:00:00,150 --> 00:00:05,940
Another topic that is very important to understand is, you know, ethical hacking versus penetration

2
00:00:05,940 --> 00:00:13,080
testing, so essentially it's important to know that ethical hacking and penetration testing are actually

3
00:00:13,080 --> 00:00:13,950
the same thing.

4
00:00:14,160 --> 00:00:18,210
They typically refer to the same exact thing and can be used interchangeably.

5
00:00:18,360 --> 00:00:23,130
Ethical hackers conduct penetration tests for their clients or employers.

6
00:00:23,180 --> 00:00:23,540
All right.

7
00:00:23,700 --> 00:00:27,060
So throughout the course, you're probably going to hear me use both.

8
00:00:27,660 --> 00:00:34,830
I like to lean towards saying we're conducting penetration tests versus saying, you know, while ethical

9
00:00:34,830 --> 00:00:37,140
hacking because it just sounds a little bit better.

10
00:00:37,150 --> 00:00:40,560
It's a little bit more direct, you know, on, you know, what we're doing.

11
00:00:41,220 --> 00:00:44,460
And that's what you'll be doing if you ever become an ethical hacker.

12
00:00:44,490 --> 00:00:47,700
OK, so let's talk about some types of ethical hacking, right?

13
00:00:48,870 --> 00:00:50,090
There's three different types.

14
00:00:50,940 --> 00:00:53,230
The first one is white box hacking.

15
00:00:53,970 --> 00:01:00,240
This is before this is when you do ethical hacking and you have full knowledge of the systems, applications

16
00:01:00,240 --> 00:01:02,520
or networks that you'll be attempting to penetrate.

17
00:01:02,730 --> 00:01:10,050
So, for example, you know, exact IP addresses, you'll know specifics about the application or the

18
00:01:10,060 --> 00:01:10,680
network.

19
00:01:10,680 --> 00:01:16,490
You know, you know where you need to look, where some vulnerabilities might be just so that you can

20
00:01:16,530 --> 00:01:17,120
test them.

21
00:01:17,130 --> 00:01:17,920
That's white box.

22
00:01:17,970 --> 00:01:22,680
So full disclosure is what white box hacking is.

23
00:01:22,860 --> 00:01:27,720
Now that we have gray box, we you know, people say, you know, there's like the gray area.

24
00:01:27,720 --> 00:01:28,800
This is gray box.

25
00:01:28,800 --> 00:01:32,310
So it's you kind of know some stuff and then you kind of don't.

26
00:01:32,580 --> 00:01:38,880
So they're going to give you some information about the network or a system or an application, but

27
00:01:38,880 --> 00:01:42,340
you're not giving full details.

28
00:01:42,630 --> 00:01:50,250
So this is usually the case when a company like a client might not want you to have full access or full

29
00:01:50,250 --> 00:01:53,030
knowledge of maybe their application or their network.

30
00:01:53,220 --> 00:01:57,990
So they're not going to give you too much information and you kind of just how to go about it yourself.

31
00:01:58,170 --> 00:02:03,120
So now the last one will be black box hacking, which is proof we have no information at all.

32
00:02:03,120 --> 00:02:09,180
And they just give you, like, you know, a public IP address or they just drop you on a network or

33
00:02:09,180 --> 00:02:13,260
just in application and say, hey, hack this and we know what you can find.

34
00:02:13,560 --> 00:02:19,020
And this is the one where you really get to flex your hacker muscle a lot because, you know, you really

35
00:02:19,020 --> 00:02:24,390
have to go through the different processes that we're going to go over to make sure that you cover all

36
00:02:24,390 --> 00:02:30,960
of your bases, gather all the possible information and, you know, activate any potential exposures

37
00:02:30,960 --> 00:02:31,980
that you might find.

38
00:02:32,250 --> 00:02:37,470
So now let's go over the different types of penetration testing that you may be conducting if you were

39
00:02:37,470 --> 00:02:39,650
to become a penetration testing professional.

40
00:02:39,900 --> 00:02:46,620
So there's various types of penetration testing that you might run into when you become a professional.

41
00:02:46,770 --> 00:02:53,910
And these include internal penetration testing, external penetration testing and web application penetration

42
00:02:53,910 --> 00:02:54,400
testing.

43
00:02:54,720 --> 00:03:00,030
So during this course, you're going to learn various techniques in attacks and you can use for each

44
00:03:00,030 --> 00:03:01,270
one of these types of testing.

45
00:03:01,440 --> 00:03:04,040
So first is broadband penetration testing.

46
00:03:04,110 --> 00:03:11,490
So this started penetration testing done to simulate what an attacker that has made their way into your

47
00:03:11,490 --> 00:03:13,130
network and get access to.

48
00:03:13,440 --> 00:03:18,120
Now, it's also a way that companies like to figure out, you know, what's just vulnerable in their

49
00:03:18,120 --> 00:03:18,720
network.

50
00:03:18,720 --> 00:03:24,690
You know, how you typically would be on site and connected to the network physically or through Wi-Fi

51
00:03:24,720 --> 00:03:32,040
or you'll be remotely connected, you know, like a VPN and, you know, given the right to break into

52
00:03:32,040 --> 00:03:38,010
as many machines as possible and find valuable, sensitive information like, you know, company financial

53
00:03:38,010 --> 00:03:42,000
information, employee personal information, different stuff like that.

54
00:03:42,040 --> 00:03:42,900
That's the goal.

55
00:03:42,900 --> 00:03:48,350
Kind of like Internet penetration says you want to see what can happen if someone is inside your network

56
00:03:48,370 --> 00:03:51,690
to see where you know you need to improve your security.

57
00:03:51,810 --> 00:03:55,130
So now, next up, we're going to talk about the extent of penetration testing.

58
00:03:55,440 --> 00:03:56,570
Now, this is inside.

59
00:03:56,580 --> 00:04:01,740
Penetration testing is typically done from the outside of the network, and it has the ability for hackers

60
00:04:01,740 --> 00:04:03,180
to break in from the outside.

61
00:04:03,180 --> 00:04:09,450
So you typically going to connect this kind of test with a public IP address for the network and try

62
00:04:09,450 --> 00:04:10,080
to break in.

63
00:04:10,090 --> 00:04:15,390
So you're going to be given a public IP address and we all have public IP address and Internet.

64
00:04:15,390 --> 00:04:19,020
No matter where you are, if you connect the Internet, you have a public IP address.

65
00:04:19,350 --> 00:04:26,160
So technically, anyone on the Internet and find you if you have some type of service running that might

66
00:04:26,160 --> 00:04:31,420
be vulnerable and you can see that from the outside, hackers can potentially take advantage of that.

67
00:04:31,440 --> 00:04:36,630
So that's why external penetration testing is very important, because, you know, hackers usually

68
00:04:36,630 --> 00:04:41,940
come in from the outside and we have something sitting out there on a wall that can literally within

69
00:04:41,940 --> 00:04:49,590
an instant launch off an exploit and get into your network and then you're screwed at that point.

70
00:04:50,370 --> 00:04:55,610
So now let's talk about a Web application or Web site penetration testing.

71
00:04:55,650 --> 00:04:59,790
So this type of penetration testing focuses on attempting to exploit vulnerabilities.

72
00:05:00,240 --> 00:05:07,860
In a Web application or Web site and see where is vulnerable, so you want to test this from the outside

73
00:05:08,280 --> 00:05:14,070
and from the inside, typically you want to see someone break in to the application from the outside

74
00:05:14,070 --> 00:05:22,980
and bypass authentication or in someone with, like, basic rights that logged into the application

75
00:05:22,980 --> 00:05:28,440
access, something that they shouldn't be able to be, you know, trying to exploit the application.

76
00:05:28,470 --> 00:05:30,660
That's something that's very important.

77
00:05:31,200 --> 00:05:37,740
And companies care a lot about this because, you know, they might be collecting private information

78
00:05:37,920 --> 00:05:38,920
and storing it.

79
00:05:38,940 --> 00:05:44,340
They want to make sure that their application is safe because breaches like this, if your application

80
00:05:44,340 --> 00:05:49,890
would have a breach of cost companies thousands or even millions of dollars, depending on what, you

81
00:05:49,890 --> 00:05:53,010
know, what happened, how big the breach was, different things.

82
00:05:53,190 --> 00:05:57,260
So that's why a web application for penetration testing is very important.