The simplest stage in a penetration test is data exfiltration, or is it? With the advent of new types of attackers, testing this is more critical than ever before. In this course, you'll explore some of the processes involved in this stage.
Safeguarding a network today requires a multiple stage approach, not only is it important to keep attackers out, but it is also important to keep data from leaving the network. This means that we need to begin looking at data exfiltration not just as a stage in the penetration test, but as a more comprehensive solution that requires more robust checks from the client to lock down. In this course, Post Exploitation: Pillaging and Data Exfiltration, you’ll gain the ability to evaluate the systems not just for the data that they may possess through pillaging, but also begin to look at each system as another step in a long chain that can be leveraged to exfiltration. First, you’ll explore pillaging, critically evaluating the value of the system with pre-determined parameters. Next, you’ll discover how to chain multiple attacks together to create the final path for data exfiltration, touching upon bypassing some modern protection mechanisms. Finally, you’ll learn how to ask yourself the questions that will enable you to create your own processes. When you’re finished with this course, you’ll have the skills and knowledge of pillaging and data exfiltration needed to create, build, and execute attacks upon networks in a manner that will enable you to create a report that has value to your clients.
Rithwik Jayasimha is an information security researcher and consultant who has a passion for all things hackable. He loves open-source and is a regular contributor to several infosec projects. He is experienced in both offensive and defensive security techniques. He got his first computer in first grade, and has never looked back. He loves a good challenge and loves learning!
Course Overview (Music) Hi everyone. My name's Rithwik Jayasimha, and welcome to my course, Post Exploitation: Pillaging and Data Exfiltration. I'm an independent security consultant based out of Bangalore and have a passion for breaking things. This course is for anyone interested in the processes in the post-exploitation stage and follows the guidelines outlined in the Pen Test Execution Standard. Some of the major topics that we will cover include pillaging, the what, how, and whys; the processes involved in the final stages of a pen test prior to reporting; the best practices to be followed during the process of pillaging and data exfiltration; evading detection by systems put in place, such as IDS. By the end of this course, you'll know some of the various techniques involved in the pillaging stage and data exfiltration stages and will further be able to create your own custom chains of attack to exfiltrate data. Before beginning the course, you should be familiar with the command line and with networking fundamentals. From here, you should feel comfortable diving into live pen tests with courses on custom exploit development and advanced IDS evasion techniques. I hope you'll join me in this journey to learn about post exploitation, with the Post Exploitation: Pillaging and Data Exfiltration course, at Pluralsight.