The Cyber Threat Perspective Episode 67: A Day In The Life: External Penetration Testing
Nov 22, 2023
Tyler Roberts, an offensive security professional and penetration tester, takes listeners behind the scenes of external pentesting. He emphasizes the importance of meticulous planning and documentation for efficient testing. Tyler shares insights on day-one recon, the balance between automation and manual research, and the risks of forgotten client assets. He explores various attack strategies like credential stuffing and the significance of multi-factor authentication across cloud services. Ultimately, Tyler highlights how pentesters provide value by validating security processes and empowering IT teams.
AI Snips
Chapters
Transcript
Episode notes
Enumeration Drives Attack Paths
- OSINT and user enumeration are core to shaping which attacks you attempt later in the engagement.
- Subdomain discovery often reveals key attack surfaces not listed in IP scopes.
Clients Often Have Unknown Public Assets
- About half the time external tests uncover assets the client didn't know they owned.
- Forgotten subdomains often become low-hanging but real risks when they point to stale or third-party content.
Systematically Test Password Attacks
- Run credential stuffing, brute force and password spraying, and check dark-web dumps for leaked credentials first.
- Target cloud auth (Microsoft/Google) and non-MFA endpoints to find initial footholds.