Penetration Testing#

Free Video Course#

If you’re looking to get into penetration testing, this is the course for you! MCSI’s videos will give you the foundation you need to get started in this exciting and important field. You’ll learn about the tools and techniques used by penetration testers, and how to apply them in real-world scenarios.

Chapter 1: Introduction to Penetration Testing#

Chapter 2: Fundamental Concepts#

Chapter 3: The Testing Process#


There are several types of penetration testing techniques that can be used in order to assess the security of a system. One type of penetration testing is known as black box testing, which is where the tester has no knowledge of the system beforehand and attempts to find vulnerabilities through trial and error. Another type of penetration testing is known as white box testing, which is where the tester has full knowledge of the system and attempts to find vulnerabilities by looking for weaknesses in the system’s design. One of the most common penetration testing techniques is known as social engineering, which is where the tester tries to trick users into revealing sensitive information or granting access to the system.


The reconnaissance phase is the first phase of penetration testing and is used to gather information about the target system. This information can be used to identify potential vulnerabilities that can be exploited. Information gathering can be done manually or through automated tools. Automated tools can be used to scan for open ports, running services, and installed software. This information can help identify potential attack vectors.

Application Vulnerabilities#

Application vulnerabilities are weaknesses in software that can be exploited by attackers to gain unauthorized access, compromise data, or cause other malicious activities. Common causes of vulnerabilities include poor coding practices, insecure configuration settings, and outdated software components. Attackers can exploit vulnerabilities to gain access to sensitive information, execute malicious code, or Denial-of-Service attacks. To prevent vulnerabilities from being exploited, developers need to follow secure coding practices and keep software up-to-date. Administrators also need to properly configure systems and deploy security controls.

Cloud Services Penetration Testing#

Cloud penetration testing is a type of security testing that is used to assess the security of a cloud computing environment. The goal of cloud penetration testing is to identify vulnerabilities and weaknesses in the security of the system that could be exploited by an attacker. Cloud penetration testing can be used to test the security of both public and private cloud environments.

Network Vulnerabilities#

A network vulnerability is a security flaw that can be exploited to gain unauthorized access to a computer network. Common network vulnerabilities include unpatched software, weak passwords, and open ports. Exploiting a network vulnerability can allow an attacker to gain access to sensitive data, install malware, or launch denial-of-service attacks.

Endpoint Vulnerabilities#


Brute Force Attacks#

A brute force attack is a type of cyberattack where a hacker uses a automated tool to guess passwords or passphrases until they find the correct one. This type of attack is usually very time-consuming and can be very difficult to execute if the target has a long and complex password. However, if the hacker has a large enough list of common passwords, they may be able to successfully guess the correct one relatively quickly. Brute force attacks can be prevented by using strong and unique passwords, as well as by employing security measures such as rate-limiting or CAPTCHAs.


Metasploit is a free and open source penetration testing platform that enables you to find and exploit vulnerabilities in systems. It is one of the most popular tools in the ethical hacking community and is used by security professionals and Penetration testers to test the security of systems and applications. Metasploit can be used to launch attacks against systems, to test the security of systems, and to find vulnerabilities in systems.


The image below proposes a workflow you can use to learn penetration testing:

Penetration testing procedure and workflow