GISPP: GISPP SESSIONS

Penetration testing Lesson 2

Useful Links

This is a Guest Session which is conducted and recorded by PITPQ8 (Pakistani IT professionals in Kuwait). PITPQ8 has the mission to bring Pakistani IT professionals residing in Kuwait on a platform where they can share skills, experiences, exchange technological ideas, cooperate with each other and network with like-minded IT professionals in Kuwait. For more details please visit https://www.pitpq8.com/. Video Description : This is our second session of “Penetration Testing a Linux Machine” and is for educational purposes only. It is designed over VMware and Oracle platform and the level is Intermediate. In this session consequences of not enforcing correct file permissions and careless use of PHP include( ) function is demonstrated. You can download vulnerable machine from *https://www.vulnhub.com/entry/symfono. You can download Kali Linux machine from according to your host OS: https://www.kali.org/downloads/ Penetrating Methodologies Scanning • netdiscover • Nmap Enumeration • Enum4linux, submap , smbclient (SMB Share folders) • Wpscan Exploiting • Exploiting WordPress LFI (Mail Masta 1.0) • LFI to RCE via SMTP log Poising Privilege Escalation • PATH Injection • Sticky bit Speaker Profile : Mr. Najam ul Hassan is a seasoned Cyber Security professional with 12+ years of experience in Network & Information Security having extensive knowledge and hands-on experience, on Implementing and Securing Networks. He has done many Penetration Testing projects for Government Organizations and private as well. Holds prestigious Cyber Security and IT certifications including CISSP, CISM, CHE v10, CPTE (Certified Pentest Eng. by Mile2), CCNP-Sec. LinkedIn Profile :https://www.linkedin.com/in/najam-hasan-54871911/

GISPP Introduction - GISPP Introduction by its Founder

Industrial Revolution 4 - Industrial revolution 4 (IR 4) and its impact on our lives

CISSP Certification - CISSP Certification Overview

CISSP Domain 1 - Part 1 - CISSP Domain 1 - Security and Risk Management (Part 1)

CISSP Domain 1 - Part 2 - CISSP Domain 1 - Security and Risk Management (Part 2)

CISSP Domain 2 - Part 1 - CISSP Domain 2 - Asset Security (Part 1)

CISSP Domain 2 - Part 2 - CISSP Domain 2 - Asset Security (Part 2) - By GISPP

CISSP Domain 3 - Part 1 - CISSP Domain 3-Security Architecture and Engineering- Part 1

CISSP Domain 3 - Part 2 - CISSP Domain 3-Security Architecture and Engineering- Part 2

CISSP Domain 4 - Part 1 - CISSP Domain 4 - Communications and Network Security (Part-1)

CISSP Domain 4 - Part 2 - CISSP Domain 4 - Communications and Network Security (Part-2)

CISSP Domain 5 - CISSP Domain 5 - Identity and Access Management - By GISPP Pakistan

CISSP Domain 6 - CISSP Domain 6 : Security Assessment and Testing

CISSP Domain 7 - Part 1 - CISSP Domain 7 : Security Operations ( Part 1)

CISSP Domain 7 - Part 2 - CISSP Domain 7 : Security Operations ( Part 2)

CISSP Domain 8 - CISSP Domain 8 : Software Development Security

Career Advice - Information Security Career Advice

Artificial Intelligence - AI enabled Counter Intelligence & Deception : The future of Cybersecurity

CISA Exam Overview - CISA Exam Overview - By Gispp Pakistan

CISA Domain 1 - Part 1 - CISA Domain 1 : Process of Auditing Information Systems (Part 1)

CISA Domain 1 - Part 2 - CISA Domain 1 : Information System Audit Planning (Part 2) -

CISA Domain 1 - Part 3 - CISA Domain 1 : Risk based Auditing (Part 3)

CISA Domain 1 - Part 4 - CISA Domain 1 : Internal Controls (Part 4) - By GISPP Pakistan

CISA Domain 1 - Part 5 - CISA Domain 1 : Audit , Sampling and Report (Part 5) - By GISPP Pakistan

CISA Domain 2 - Part 1 - CISA Domain 2 - Introduction to IT Governance

CISA Domain 2 - Part 2 - CISA Domain 2 - IT Governance and Management

CISA Domain 2 - Part 3 - CISA Domain 2 - It Governance and Management (Part 3)

CISA Domain 2 - Part 4 - CISA Domain 2 - IT Governance and Management (Part 4)

CISA Domain 2 - Part 5 - CISA Domain 2 - IT Governance and Management (Part 5)

CISA Domain 3 - Part 1 - CISA Domain 3 - Information Systems, Acquisition, Development and Implementation (Part 1)

CISA Domain 3 - Part 2 - CISA Domain 3 - Information Systems, Acquisition, Development and Implementation (Part21)

Penetration testing Career Path - Cyber Security : How to Progress as a Penetration Tester

Cisco Certifications 2020 - An Overview of 2020 Cisco Certifications

NGFW Policy fundamentals - NGFW policy fundamentals and threat tuning for Palo Alto Firewalls

DMARC Introduction - Securing your organizational reputation via DMARC

CRISC Exam overview - CRISC Exam review and Domain-1: It Risk Identification - By GISPP Pakistan

CRISC Domain 2 - CRISC Domain 2 : IT Risk Assessment

CRISC Domain 3 - CRISC Domain 3: Risk Response and Mitigation

CRISC Domain 4 - CRISC : Domain 4 - Risk and Control Monitoring and Reporting - By GISPP Pakistan

AWS Overview - Overview of Amazon Web Services (AWS)

Active Directory Advanced attacks - Detecting and Protecting Active Directory Environment againts Advanced attacks

APT Analysis - An eye opening Foray to APT( Advanced Persistent Threat) Land

Next Generation SOC - How to build a next generation Security Operations Center (SOC) from scratch

Penetration testing Lesson 1 - Penetration Testing a Linux Machine (Beginners Level)

Penetration testing Lesson 2 - Penetration Testing a Linux Machine (Intermediate Level)

Python Basics - How to Automate your technology using Python

CV Building tips - Best Practices to Make Impressive CV

An Introduction to Splunk Enterprise - Splunk Essentials

Splunk Essentials Lab - Splunk Installation and Basic Configuration

Linux for Dummies (Part 1) - Linux history and Linux flavors

Linux for Dummies (Part 2) - Installing Linux , Basic Commands using Terminal.

Linux for Dummies (Part 3) - Use Accounts & Monitoring Commands.

Linux for Dummies (Part 4) - Linux File System Partitions, File System Check Commands.

Linux for Dummies (Part 5) - Linux Desktop and It's Different Components.

Splunk Enterprise Logs Onboarding - Syslog-NG and Logs Collection using it.

Splunk Logs Onboarding with SyslogNG Demo - Logs Onboarding with SyslogNG Demonstration

Advanced Usage of Nmap - Nmap Usage - Advanced Usage,

What is Digital and Computer Forensics - Digital and Computer Forensics Overview

Digital and Computer Forensics Demo - Autopsy usage and demonstration

Cross Site Scripting (XSS) Vulnerability Comprehensive Review - Cross Site Scripting & Types.

Risk Management - Risk Management & Risk Assessment.

Infoblox DDI and DNS Security Solution Introduction - DDI and DNS Security

What is Digital Transformation - Digital Transformation Concepts

OWASP Software Assurance Maturity Model (SAMM) Introduction - SAMM Introduction.

Getting Started with Bug Bounty - Bug Bounty Hunting

How to Utilize Purple Teaming in DFIR Activities - DFIR

Breaking into Cybersecurity as a SOC Analyst - Information Security Graduates.

Shahzad subhani

GISPP (Global Information Security Society for Professionals of Pakistan) was initiated by a group of Pakistani Information Security professionals living and working in Saudi Arabia. Despite being a humble start, GISPP is now actively present on different social connectivity platforms including Telegram, Facebook, Instagram, Twitter, YouTube, LinkedIn and largely on Whatsapp. As of now , GISPP has members from 18 countries including Pakistan, Saudi Arabia, UAE, Qatar, Kuwait, Oman, USA, Canada, United Kingdom, Australia and New Zealand. If you are a Pakistani and working in Information security field anywhere in the world ,you are welcome to join GISPP by following the links mentioned on our website . In order to join our Whatsapp Groups ,you can message us your name ,city and LinkedIn Profile.