Post-test Quizz RTBT

Run automated exploits

Plant webshells

Gather target information

Create final reports

Performing a DNS zone transfer

Running a port scan with Nmap

Viewing the LinkedIn profile of target staff

Performing brute force login SSH

Maltego

TheHarvester

Nmap

Netcat

Shell script for backup

Script used for remote access via web server

Tools for SQL injection

Metasploit payload specific to Linux

.exe

.html

.php

.txt

Red Team always uses Metasploit

Red Team is full scope and resembles a real attacker

Red Team does not need a report

Red Team focuses only on one system

Accessing shell from client to server

Running exploits from the server

Opening a connection from target to attacker

Finding security vulnerabilities

Target must be on the same LAN

Attacker's port must be open and listening

Attacker must have a local IP

Target must install Metasploit first

Buying paid exploits

Searching for CVEs from official vendors

Public references for exploits and PoCs

Hosting malware

Nikto

Netcat

Sqlmap

Burp Suite