00:46:44 Jon Campbell: Hi all. Thanks for running this.

00:46:44 Lily Nguyen: Welcome everybody to the first webinar for the Pen
Testing 2025 short course! Your mentor for this course is Jeremy Koster.
00:47:04 Emeka Eluwa: hello everyone, greetings from Lagos Nigeria
00:47:07 Lily Nguyen: Remember to set your chat to ‘Everyone’ if you’d like
to connect with your peers.
00:47:37 Marius Baier: Hello guys
00:47:38 Matthew C: Hello!
00:47:38 Suguna Palaniyappan: hi all
00:47:39 Toindepi Graciano Zihori: hi
00:47:39 Michael Viney: welcome from sunny Perth
00:47:41 Dany leclerc: Hi Everyone from Hobart!
00:47:41 Haran Ramachandran: Good Evening all and thank you for running the
course
00:47:42 Md Ehshan Raza: Hey, I am from India
00:47:43 Rob Bowden: hi
00:47:45 Samuel Adewoye: happy to be here
00:47:45 Jeremy Koster: Hello from Sydney
00:47:45 Tara Krishna Suggula: Hi Everyone
00:47:45 Krushal Joshi: Hello Everyone
00:47:45 Jithin Aji Chandran: Hi All
00:47:47 Marlon kichamu: greetings all
00:47:47 Karen Racines: Hi everyone!
00:47:48 Adegbemiro Adeboye: Hello Everyone, good morning from Nigeria
00:47:48 Anthony Noonan: xin nian kuai le! from sydney
00:47:50 Nilantha Hewage: Hello everyone, from Auckland New Zeland
00:47:51 Wassim Rafihi: LOL
00:47:51 Fabio Vasconcelos: Hello everyone from Adelaide, Australia
00:47:53 Marcus Mroczkowski: Hi All
00:47:54 Nurangiz Aliyeva: Is recording available after webinar?
00:47:54 Shaun Lo-Ma: Happy Lunar new year!
00:47:54 Alexandra Monneret: Hi from Brisbane!
00:47:55 Daniel Montgomery: Evening everyone! Beautiful sunny evening here
in Ballarat Victoria!
00:47:56 Tim Hyde: Greetings
00:47:56 Gowrishankar Rajasidambaram: Hello Everyone.. Nice to catch-up here &
HNY. :)
00:47:56 Teddy Anangwe: anywhere from kenya?
00:47:57 Dilanja Kodituwakku: Hi from Melbourne
00:47:59 OMER AHMED: from Canada, it's 3:30 am
00:48:00 Phillip Rose: Hi from Melbourne
00:48:04 Karen Racines: Darwin
00:48:05 Marcus Mroczkowski: Ballarat
00:48:05 Prakash Panchal: Hello..
00:48:05 Anthony Noonan: Chinese new year is today :-)
00:48:06 Hung Pham: hi everyone
00:48:08 Nick Lowe: Hi, Sydney here
00:48:09 Hillary Ndarukwa: Hi from melbourne
00:48:09 NATHANIEL ELUONYE IRABOR: Hi, [from Nigeria]
00:48:09 Hessa Al Zaabi: hi from UAE
00:48:10 Nurangiz Aliyeva: I'm from Sydney
00:48:11 Wassim Rafihi: Sunny Melbourne
00:48:11 kelroy james: uk
00:48:12 Rachel Hanson: From Ghn
00:48:12 Kalyani Pathak: from bharat
00:48:13 Mohammed Ameen Wahab: hi from South Africa
00:48:14 Akrem Ben amor: hello From TUNISIA
00:48:17 Andrew Sevilla: Evening all, from Melbourne! Looking forward to the
session and onwards. ☺️
00:48:17 Esther Tapia: from Spain
00:48:17 Lokesh Goyal: india 2:30 pm
00:48:19 Andrew Robertson: Happy New Year from Melbourne.
00:48:19 ChennaKrishna Reddy Bandi: Hi, I am from Melbourne
00:48:19 Rachel Hanson: from Ghana
00:48:19 Huguette Dora Edjangue: HI! UK
00:48:20 Adedapo Omooba: Hi From Nigeria
00:48:20 Christine Tylor: Hi from Darwin
00:48:21 Ogechukwu Nweke Esther: Hi from Nigeria
00:48:25 Raymond Zheng: one more from melbourne
00:48:25 Toindepi Graciano Zihori: Hi once again from Darwin NT
00:48:25 MGBEMERE EBERE JULIANA: Hello everyone
00:48:26 Ken Jones: Sydney (Norwest)
00:48:27 FADY ASAD: Hello 🙂
00:48:27 Damien Mathiesen: Hi all from Brisbane
00:48:28 Gabriel Ighietsemhe: Hi everyone
from Nigeria
00:48:30 stephen thech: hi iam from Sydney new south wales
00:48:34 Nine Htet: Hello from UK (8:30 am)
00:48:34 Natasha John: Hi from Melbourne! Happy Chinese New Year to those
who celebrate!
00:48:37 Alvan Wazecky: Hi, I'm Alvan from Kenya
00:48:39 George Lampropoulos: Good morning from Athens.
00:48:42 Ridwan Lawal: Hello everyone, from Nigeria
00:48:42 ROBERTO LOPEZ: Hi from Brisbane
00:48:42 Samuel Adewoye: Hello from Nigeria
00:48:46 James Mashiter: Hello from Melbourne!
00:48:46 Emmanuel Fadamullah: Hi from Kenya
00:48:47 Nick Lowe: Sydney here
00:48:51 KONSTANTINOS KALLIGEROS: HELLO TO EVERYONE
00:48:52 Usman Zubair: Hello from Nigeria
00:48:54 Gaonkile Vincent Leepo: Hi everyone from South Africa
00:49:00 Michelle Mutie: Hi Everyone
00:49:08 VINOTH KUMAR: Hi Everyone
00:49:10 VINOTH KUMAR: Good day
00:49:12 Raju Kunwar: Hi Everyone from Sydney, Australia
00:49:23 FADY ASAD: Hi
00:49:36 Tristan Beulah: Hey
00:49:48 ArunPrasath Nagaraj: Hello All !
00:49:52 Tejas Sevak: Hello from Melbourne
00:49:53 Jimoh Jaji: hi everyo e from Nigeria
00:49:57 Santosh Karre: Hi Everyone, from Sydney
00:50:00 Mickpatten: Hi from Canberra AU
00:50:01 KONSTANTINOS KALLIGEROS: Hello from Athens, Greece
00:50:09 Aremu Owolabi: Hi I'm from Nigeria
00:50:17 Arthi Sundaramoorthy: Hi from Arthi
00:50:22 Aremu Owolabi: Thanks for the opportunity given to me.
00:50:28 Chan Nyein Han: Hi everyone, from Thailand
00:50:34 kiran embung: hello everyone , from Sydney Australia
00:50:35 Azuka Anyabuine: hello from nigeria
00:50:39 Leanne Tran: Hello from Melbourne Australia!
00:50:42 Fred Teye: Happy New Year welcome back everyone
00:50:52 Swapna Paladugula: Hi everyone
00:50:56 María Lorena Albornoz: hello. from Argentina 😊
00:51:05 Jackson Godwin: Hello everyone from Nigeria
00:51:10 Red Newstead: Hello from Sydney, Aus
00:51:18 Vaibhav Saxena: Hello from Melbourne
00:51:23 Ijeoma Izu-Okpara: Hello from Valencia Spain
00:51:40 Nguyen Tran: Hello and Happy Lunar New Year. This is from San
Francisco
00:51:41 Michael Mowbray: ola buenas noches
00:51:44 Paul Omoregie: hello....everyone from Lagos NIgeria
00:51:45 Alexander Lopez: Hello everyone from Philippines!
00:51:47 Victor Jacinto Buendicho: Hello everyone from PH
00:51:51 Ngeje Nganate: Hello from Windhoek,Namibia
00:51:52 Moses Oloo: Hello everyone, Moses here from Nairobi, Kenya
00:51:55 Lahiru Nanayakkara: I joined the session while i'm at work. Hope
you can share the recording to refer what I'm missing during work
00:52:07 Barinedum Saturday: Hello, Samuel from Nigeria
00:52:42 Tapas Das: Hi Everyone from Australia
00:52:48 Ikenna Ihiegbunam: Hello Ikenna from , Lagos Nigeria.
00:52:52 Christoforos Charalampidis: Hi everyone, from Cyprus
00:52:58 Lily Nguyen: We'll have the webinar materials (slides, video,
etc.) available within 24 hours at http://learn.itmasters.edu.au and our YouTube
channel https://www.youtube.com/@ITMastersCSU
00:53:05 Gheorghe Octavian CHITU: Hello everyone !
00:53:05 Umaganesh Thirunanthisivam: Hello from Srilanka
00:53:15 IT Masters: The recording will be on our youtube channel and the
learn.itmasters.edu.au site tomorrow.
00:53:28 christopher king: Hello, is it okay to record this ?
00:53:43 Paul Omoregie: pls....its possible to get the recording after the
class
00:53:58 Vivek Samivel Kalidoss: Hello everyone
00:54:03 Lily Nguyen: We'll have the webinar recording available within 24
hours at http://learn.itmasters.edu.au and our YouTube channel
https://www.youtube.com/@ITMastersCSU
00:54:04 NATHANIEL ELUONYE IRABOR: @paul yes
00:54:17 Gian Carlo Casamayor: Thanks Lily!
00:54:19 Nurangiz Aliyeva: thanks
00:54:20 Simon Vannarath: Thanks Lily!
00:54:23 Veronica Achieng: Hello Everyone, Veronica from Nairobi-Kenya
00:54:39 Thulo Monyatsi: Hi, Thulo from Lesotho
00:54:41 María Lorena Albornoz: thanks!
00:54:45 Umaganesh Thirunanthisivam: is there any link for todays slides yet
00:55:52 Fabio Vasconcelos: Slied for module 1:
https://learn.itmasters.edu.au/mod/resource/view.php?id=6438
00:55:56 Suman Maharjan: hello from nepal
00:55:58 Anil Dahal: Am I muted ?
00:55:59 Umaganesh Thirunanthisivam: Thanks
00:56:00 Fabio Vasconcelos: *Slides
00:56:02 Geoffrey Pkorkor: Hola, me llamo Geoffrey de Kenya
00:56:02 Lily Nguyen: Thanks Fabio!
00:56:09 Veronica Achieng: Hello, Veronica from Nairobi-Kenya
00:56:57 Gabriel Ighietsemhe: Thank you Fabio
00:57:11 Fabio Vasconcelos: You are welcome
00:58:43 Benjamin owusu Asiedu: anyone from Ottawa?
00:59:33 Lily Nguyen: If you have a question for the mentor, post it in the
Q&A section.
01:00:31 Aremu Owolabi: Do you a WhatsApp or telegram group that students can
be added to?
01:01:09 David Neves de Oliveira: ok
01:02:02 Lily Nguyen: Unfortunately not Aremu, but you can chat with fellow
students on the discussion forum:
https://learn.itmasters.edu.au/mod/forum/view.php?id=6403
01:02:18 Simon Vannarath: 👍
01:02:45 Marcus Mroczkowski: Sometimes we wear multiple hats 🎩
01:03:02 Gheorghe Octavian CHITU: You may find useful these tools:
https://www.pixelqa.com/blog/post/top-20-security-testing-tools-for-testers-in-2024
01:04:35 Kishore Kumar Vaghicharala: Hello There
01:04:44 Fabio Vasconcelos: Thanks Gheorghe
01:04:52 Kishore Kumar Vaghicharala: May I know what is the duration of this
session? Thanks
01:05:04 Christine Tylor: Thanks Gheorghe
01:05:17 Marcus Mroczkowski: Should be 90 minutes
01:05:59 IT Masters: Yes roughly up to 90 minutes including Q&A
01:06:17 Kishore Kumar Vaghicharala: Thanks
01:07:02 Emeka Eluwa: 👍
01:10:48 Marcus Mroczkowski: I've DOS'd a few boxes that haven't been
configured properly - no log rotation, not enough disk space etc. Quickly brings a
system down!
01:11:39 Umaganesh Thirunanthisivam: Is this shortcourse equivilant to a
COmptia + pentest training?
01:12:00 Leanne Tran: Just wondering, is he showing slides or anything on
his screen or is it complete darkness?
01:12:30 Fabio Vasconcelos: I would say it is an introduction to it but in
no way a full replacement.
01:13:05 Meshack Mwala: Is there a recording for late comers
01:13:29 Lily Nguyen: There are definitely slides showing Leanne, maybe
switch your view to Jeremy's screen at the top of your Zoom window
01:13:44 Fabio Vasconcelos: It helps someone like me, without enough
experience to go for the certificate who needs to 'find the ropes'
01:13:56 Gabriel Ighietsemhe: I don't think it's anyway equivalent to the
CompTIA pentest+, it's gonna take more than a couple of months for the training
01:14:13 Lily Nguyen: We'll have the webinar materials (slides, video,
etc.) available within 24 hours at http://learn.itmasters.edu.au and our YouTube
channel https://www.youtube.com/@ITMastersCSU
01:14:57 kelroy james: I have just completed the Comptia Pentest. This
course will be a useful refresher and starting point for newcomers
01:15:02 Hillary Ndarukwa: I think this helps to build foundational knowledge on
certain things I’m studying for the OSCP Pen200
01:15:43 Sunil Gujjula: Probably a noob question! it is hard to break into
industry as a learner. Is there a path recommendation for AU.
01:15:46 Umaganesh Thirunanthisivam: Thanks fabio
01:15:59 Bilal Rana: Does this course give certificate as well?
01:16:02 Marcus Mroczkowski: You're more likely to find out about new tools
and techniques from a course like this.
01:16:09 Rachel Hanson: can anyone mentor me to take the COMPTIA + i am new
to pentesting
01:16:19 Widget Rajasingham: Thank you Sunil!
01:17:01 Jon Campbell: Rachel, do you have any certs or experience ?
01:17:17 Lily Nguyen: You can acquire the Certificate of Completion if you
receive a mark of 50% or more in the exam to pass the course. If you pass your
exam, the certificate will be available for download below the Exam section of your
learning portal.
01:17:21 Cameron Townshend: Sunil do free work for a charity or association
as if you are working. This is a good way to get experience. That’s how I started.
I wrote software for a charity for free to learn.
01:19:05 JP Haywoood: @Rachael - the Australian Women in Security Network
(AWSN) have a mentoring program.
01:19:06 Akrem Ben amor: this is a fundamentals of Cybersecurity
01:19:29 Sunil Gujjula: Thanks Cameron! it is a good approach.
01:19:39 Marcus Mroczkowski: @sunil - PenTestings is a bit different. Best
bet is to invest in a decent sized computer and run up a few VMs for testing
against. You can't get into trouble for breaking your own stuff.

doing this on an external system/webapp without permission will get you a different
type of experience i.e prison
01:19:45 Gowrishankar Rajasidambaram: is there any chance to open directly
PenTest tool and talk about all the functions and how to frame the tests, test data
and how to execute and how to view/download report.?
01:20:03 Krishna Raval: I am working as an automation test analyst and now I
want to start learning pen testing. Can anyone suggest pen testing course for
beginner to advanced level?
01:20:12 Leanne Tran: ok, it finally works! I guess joining via browser
results in audio only? something to remember haha
01:20:24 Rachel Hanson: I have no prior experience
01:20:36 Hillary Ndarukwa: OSCP Pen200 is pretty good along with hack the box
01:20:41 Terry P: Apologies if this questions has been asked already, Is
there course material or access to slides?
01:20:45 Sunil Gujjula: @Marcus 100% don't want to get into trouble :)
01:21:59 Toindepi Graciano Zihori: The slides are in the course at
learn.itmasters.edu.au already and the video will be on youtube tomorrow
01:22:11 Shimelis Abera: Nice webinar Shimelis from Ethiopia.
01:22:12 steve Tancred: How do you effectively communicate the importance of
mitigation when the cost to resolve an issue exceeds the potential insurance claim
payout, despite high-risk assessment ratings?
01:22:26 steve Tancred: this is becoming more and more common these days
01:23:23 steve Tancred: and or the fine the company can recieved
01:23:23 Marcus Mroczkowski: There are a number of free VMs that can be
downloaded and tested against, things like Hack the Box are also good options.

offsec.com also run a PenTest course specific for KALI Linux

01:23:52 Lily Nguyen: All webinar materials (slides, video, etc.) will be
made available within 24 hours at http://learn.itmasters.edu.au and our YouTube
channel https://www.youtube.com/@ITMastersCSU
01:24:14 Terry P: Thank you!
01:24:28 Phoebe Zhang: Many thanks!
01:24:30 Paul Omoregie: much appreciated
01:24:37 Rob Bowden: Check out Atomic Red team for testing security controls
that align to Mitre Attack 👍
01:24:45 Akrem Ben amor: techniques and tacttics
01:25:04 Victor Alabi: yes
01:25:18 Marcus Mroczkowski: It's not just the risk these days. Reputational
damage has a lot of weight as does the massive fines that governments are imposing
for data leaks/loss, especially if the business knew there was a problem, but
ignored it.
01:25:29 Meshack Mwala: Actually building ones VM for practice is one of the
best approach... using kali and vulnerable Metasplotable 2 etc..teaches one a lot..
the from here use the hosted VMs on different platforms
01:26:53 Akrem Ben amor: Assembly
01:27:08 Akrem Ben amor: and C
01:27:37 Moses Oloo: Great thoughts there on Risk, Marcus
01:28:19 Widget Rajasingham: Coursera has a "C for everybody" course which
seems rather good.😊
01:29:25 Daniel Montgomery: Does anyone have any good links to Github
repositories for pentesting?
01:29:31 Rob Bowden: Fines, reputational damage, data loss would come under
Impact on the risk matrix
01:29:44 Lawrence Katuruza: Can testing methodologies be used in hybrid
approach?
01:30:40 Tristan Beulah: would it be unethical to hide zero day attacks?
01:30:56 Akrem Ben amor: @Daniel
https://github.com/swisskyrepo/PayloadsAllTheThings
https://github.com/Virdoexhunter/CheckLists
https://github.com/1N3/IntruderPayloads
01:31:05 Daniel Montgomery: Thanks Akrem!
01:31:12 Widget Rajasingham: I was a little late joining. What is the
"Seam"?
01:31:16 Rob Bowden: @Daniel https://github.com/rapid7/metasploit-framework
01:31:17 Akrem Ben amor: @Daniel u welcome
01:31:27 Mian Rehman: @Daniel https://github.com/michelbernardods/labs-
pentest
01:31:35 Christoforos Charalampidis: SIEM - Security Incident Event Management
01:31:48 Nick Lowe: This ^^
01:31:49 Christoforos Charalampidis: if that is what you are asking @widget
01:31:57 Marcus Mroczkowski: SIEM - Log repository for all logs for all
things (mostly)
01:32:07 Widget Rajasingham: Thank you Christoforos. It was what I was
asking.
01:32:40 Marcus Mroczkowski: Security information and event management
(SIEM) is a security solution that helps organizations detect threats before they
disrupt business.
01:32:51 SCOVIA MUKANSANGA: hi colleagues ,I am Scovia from Rwanda
01:33:06 Widget Rajasingham: Thank you Marcus.
01:33:31 Phil Cohen: There’s a lot of good info in the chat being shared, does
this chat log also get uploaded to the learning portal?
01:33:31 Barinedum Saturday: Welcome Scovia
01:33:45 Mian Rehman: would there be any example documentation available
for MDAs, MSAs, and statement for work
01:34:20 Craig Garland: Just ask ChatGPT for an example
01:34:21 Christoforos Charalampidis: @Mian ChatGPT is your friend for examples
(beware of hallucinations though) but at a high level it's good
01:34:25 steve Tancred: Reputation damage is no longer considered a high-risk
factor, as its impact is typically short-lived. For example, despite significant
media coverage, the Optus incident had minimal long-term effects on customers and
shareholders.
01:34:50 Christoforos Charalampidis: @Steve do you have any references for
that statement?
01:35:10 Christoforos Charalampidis: also it's impact not risk factor?
01:35:17 steve Tancred: review the share prices at the time before and after
and now
01:35:19 Craig Garland: and is that public reputation impact vs corporate
impact.
01:35:21 B Heemann: reputational damage = financial damage... loss of
customers, potential never to return
01:35:23 Brendon Root: @Steve just like Solarwinds
01:35:32 steve Tancred: its not the tool
01:36:05 Christoforos Charalampidis: @Steve can I go to my CEO and tell him
Steve said that reputational damage is medium impact?
01:36:31 steve Tancred: no
01:37:09 Brendon Root: @Steve Especially the Crowdstrike Outage
01:37:09 steve Tancred: let take this offline and discuss this
01:37:09 Marcus Mroczkowski: My employer has an anaphylactic allergy to
being on the front page of any newspaper for the wrong reasons, so reputational
damage is a driving force in everything we do.
01:37:44 Widget Rajasingham: Brilliantly put Marcus!😄
01:38:28 Christoforos Charalampidis: Crowdstrike share price took 6 months to
go back to where it was.
01:38:29 Akrem Ben amor: It's authorized in black box to delivery a malware
via a email phishing after a reconnaissance ?
01:38:34 Nine Htet: I would recommend https://tryhackme.com (THM) for beginner.
In my experience THM is more beginner friendly than HTB (Hack The Box), HTB is for
Intermediate level users.
01:39:07 Sunil Gujjula: some AU orgs seem to think they are Teflon coated or
atleast they thing they are
01:39:12 Brian Anderson: Really depends on your customer base. Som very large
companies have survived well with a breach and bad publicity, others have not. If
you are in a market where your customers are very flightly and have alternatives
then its a huge risk. if you have a monopoly or a very large customer base, its not
so much
01:39:17 steve Tancred: I would hope that every company would have the
adversary being on the front page.
01:40:01 steve Tancred: totally agree Brain
01:40:23 steve Tancred: I think frame it better than i did
01:40:46 B Heemann: just because a share price gets back to where it was,
doesn't mean it wouldn't have been significantly higher if the incident didn't
happen. It's permanent damage to the brand, even if they continue to grow
regardless, their growth could've been far greater.
01:41:04 Mudassara Alvi: How long is this webinar?
01:41:19 Marcus Mroczkowski: 90 minutes-ish
01:41:21 Christoforos Charalampidis: I hope Jeremy can chime in with his years
of experience :)
01:41:45 Christine Tylor: DarkNet diaries podcast is a wonderful source for
deepdive on various OSINT methods, tactics and real life stories
01:41:45 Evelyn Wangui: where can one get the recording after the webinar?
01:42:11 Amit Wadhwani: Is this course recommened for someone new to PenTest?
01:42:16 Amit Wadhwani: What are the PenTest charges?
01:42:42 Lily Nguyen: All webinar materials (slides, video, etc.) will be
made available within 24 hours at http://learn.itmasters.edu.au and our YouTube
channel https://www.youtube.com/@ITMastersCSU
01:42:56 Leanne Tran: From the itMasters course website probably, "within
24 hours of the event." https://learn.itmasters.edu.au/course/view.php?id=3873
01:43:02 Christoforos Charalampidis: @Christine Malicious Life also is a great
Podcast (I second Darknet Diaries too)
01:43:30 Evelyn Wangui: thank you Lilly and Leanne
01:43:33 Thomas John: Cloud providers requires prior approval before
pentesting.
01:43:56 Akrem Ben amor: It's authorized in black box to delivery a malware
via a email phishing after a reconnaissane of Company ?
01:44:20 Marcus Mroczkowski: Normally best to let the "Client" do the
negotiation with the hosting provider if the site/webapp is hosted offsite.

The "Client" has the relationship with the host and are better placed to arrange a
pentest window for you to work in.
01:45:31 Brian Anderson: Point in case Equifax Sep 2017 when breach exposed =
Stock is at approx. $107, dropped about $40 for a month then back up again....it
snow $273USB stock price
01:46:31 Cameron Townshend: What’s the follow on Masters course that ties
in to this Short Course
01:46:42 Christine Tylor: Darknet diaries has a good episode on Pentester
targeting wrong system
01:47:36 Hillary Ndarukwa: That’s unfortunate
01:47:48 Andrew Sevilla: There's also the Risky Biz podcast which is more on
the news side of the security world.

https://risky.biz/
01:48:19 Izaac Wicks: There was a scam site a while ago that was aimed at
falsely hiring pentesters to "pentest" sites that the owner wanted to hack
01:49:36 Mark Not: You could have a publically disclosed disclosure policy
stateing tythat you will inform the techology provider of the vulnerability if the
client doesn't adress the vulnerability.
01:49:36 Emeka Eluwa: is this webinar enough to pass the CompTIA pentest
exam
01:49:43 Emeka Eluwa: is this webinar enough to pass the CompTIA pentest
exam
01:49:55 Christine Tylor: @Chrisoforos, 100% agree, and its also entertaining
01:50:31 Akrem Ben amor: Search for leaks data in deep & dark web
01:50:42 Izaac Wicks: LinkedIn is an amazing resource for checking out a
company, if they have a bunch of SQL engineers, you know they have an SQL database
01:50:47 GEORGE UKANWA-ADIKA: Very insightful..
01:50:57 B Heemann: is anyone else having trouble getting the
learn.itmasters.edu.au site to load? I'm with Exetel and it just won't go...
01:51:11 Hillary Ndarukwa: Has anyone done Offsec’s Pen200?
01:51:14 Izaac Wicks: Working fine for me
01:51:15 Red Newstead: Emeka - refer earlier notes - this is an Introductory
resource, you'll need to practise & research much more
01:51:22 Aremu Owolabi: Please let only admin share link to us here because
of scammers. @Admin take note
01:51:41 IT Masters: HI Cameron - or Cyber Security Grad cert and masters are
the courses most associated with this - but it can be a subject in some of our
other courses as well. Chat to one of our course advisors if you want more info or
just have a look at itmasters.edu.au
01:51:52 Widget Rajasingham: Excellent point @Izaac
01:51:59 Phil Cohen: Portal Working fine for me too
01:52:21 Tim Hyde: Is there a threshold / standard / ability level, that
someone looking to join the security industry could measure themselves against to
guage how successfull they might be?
01:52:49 Brian Anderson: There was a story on I think Darknet Diaries about a
pentester that went for a Job interview at a target company to get more info from a
company that suspected a data leak....found out the leak was coming from the
recruiters unknowingly giving out more info than they should have
01:53:18 Hymavathi M: can we get the recording?
01:53:29 Hillary Ndarukwa: Social engineering is just next level
01:53:38 Lily Nguyen: All webinar materials (slides, video, etc.) will be
made available within 24 hours at http://learn.itmasters.edu.au and our YouTube
channel https://www.youtube.com/@ITMastersCSU
01:54:38 Suman Maharjan: learn.itmasters.edu.au how to get username and
password for this
01:54:55 Leanne Tran: You can check if your data might have been breached
on sites like https://haveibeenpwned.com/
01:55:18 Christoforos Charalampidis: @Tim that's a loaded question - Security
industry is very broad and covers assets, applications, people (physical - the most
important asset to safeguard)
01:55:19 Aaron Cox: DNS txt records can sometimes show some interesting things
01:55:40 Christoforos Charalampidis: I think go to chagpt - put in your skills
that you have now and ask it where you fit in?
01:55:43 Brendon Root: @Leanne what if you have been pwned
01:56:04 Hillary Ndarukwa: Learning a lot in this chat keep it going gang
01:56:12 Raymond Wu Won: Outdated password rotation policies encourage poor
password selection - NIST now has newer guidance emphasising length (Special
Publication 800-63B)
01:56:58 Fahami Y: Can we get recording post the session.. I have joined late
01:57:17 Raymond Wu Won: yep die hard 4.0
01:57:24 Widget Rajasingham: @Brendon, I don't think there is a lot you can
do, other than change passwords and user IDs if possible.
01:57:41 Leanne Tran: @Brendan nothing much, just update your passwords, be
more aware of possible scams being sent to you with real info about yourself. sadly
your data is out in the world
01:57:44 Marcus Mroczkowski: Microsoft are now recommending long passwords
with a long expiry, i.e only change when required to.

My preferred password length is around 20 characters and please use a reputable

password manager.
01:57:47 Jon Campbell: I met Kevin Smith after seeing him in Die Hard 4.0 as
the Warlock.
01:57:57 Lily Nguyen: All webinar materials (slides, video, etc.) will be
made available within 24 hours at http://learn.itmasters.edu.au and our YouTube
channel https://www.youtube.com/@ITMastersCSU
01:58:21 Raymond Wu Won: https://nmap.org/movies/
01:58:30 Aaron Cox: Responder and LLMNR is fun
01:58:35 Leanne Tran: Password manager like bitwarden can help since you
can make completely random keysmash passwords for each and every login you have
01:59:04 Craig Garland: dose not a 12 Character Password take a billion years
to break
01:59:14 Marcus Mroczkowski: Ahhh nope.
01:59:27 Fabio Vasconcelos: On password managers, what are your thoughts on
KeePassXC?
01:59:47 Thomas John: passwords alone aren't the best strategy, Strong
MFA's in combination with zero trust framework is better pathway.
02:00:01 Jon Campbell: https://external-content.duckduckgo.com/iu/?u=https
%3A%2F%2Fs.locker.io%2Fresources
%2F25110736%2Fhive_password_table.jpg&f=1&nofb=1&ipt=bd4363dbcec01d9d0d14b160dc016d
9fac2c7cc7d31e46452634334b5d2a6757&ipo=images
02:00:09 Akrem Ben amor: Firewall Bypass technique in NMAP ,NSE Script
02:00:13 Widget Rajasingham: @Craig, it can take a long time if you're
attempting a brute force attack. Unfortunately there are other attacks that can
significantly shorten the time required.
02:00:20 Marcus Mroczkowski: In a poorly configured Microsoft system, 12
character passwords are stored in an insecure way - password should be greater than
15 characters to avoid this.
02:00:33 Jon Campbell: I self host Vaultwarden (Bitwarden alternative)
02:01:29 Widget Rajasingham: @Craig and what @Marcus said. 😊
02:01:45 Nathan McFarlane: I second VaultWarden
02:02:00 Marcus Mroczkowski: Dashlane in use here
02:02:13 Craig Garland: Yes, but could not the same the same attacks for a 20
character password
02:02:17 Kim Green: sorry, got busy and missed the start, I'll catch it on
recording. Hi from US/NC.
02:03:02 Uzairu Adam: Hi From Nigeria. i missed the start of the
presentation
02:03:16 Dotun Popoola: Dotun from Nigeria
02:03:23 Marcus Mroczkowski: Brute forcing 20 characters by 96 possible
characaters will take way longer than bruting 12 characters with the same 96
character possibilities.
02:03:51 Uzairu Adam: dotun, connect with me after this session
02:04:13 Kim Green: just found out about BruteShark a bit ago, trying to figure
out how to do network mapping (also found StratoShark for sniffing API traffic
up/down to cloud)
02:04:26 Widget Rajasingham: @Craig, longer passwords make it harder to
break. It also depends on the sort of hardware that you have access to. Things
get a lot quicker if you've got access to supercomputers.
02:04:31 Craig Garland: Yeah 20 character would take longer.. But I read 12
Chac would take a billion years. So do you really need 20.
02:04:35 Uzairu Adam: wireshark still stands out
02:04:41 Brian Anderson: TheHarvester, recon-ng , Maltego are good for
searching OSINT
02:05:03 Raymond Wu Won: passphrases are easier to remember and type - good
for systems that require you to physically log in at
02:05:17 Caleb Kenny: @Uzairu Adam,
All webinar materials (slides, video, etc.) will be made available within 24 hours
at http://learn.itmasters.edu.au and our YouTube channel
https://www.youtube.com/@ITMastersCSU
02:05:17 Jon Campbell: I'm a fan of passphrases.
02:05:18 Craig Garland: I am assuming you have a basics of limited password
try with account lockout
02:05:19 Christine Tylor: Evil twin?
02:05:45 Akrem Ben amor: More information about ICS Enumeration SCADA?
02:05:49 Craig Garland: I mean you really want a password and MFA...
02:05:50 Nathan McFarlane: Human Machine interface
02:05:59 Andrew Robertson: Thanks for a great webinar.
02:06:00 Kim Green: +5000 passphrases. Don't tempt people to write down
passwords or use sucky/easy passwords.
02:06:07 Rordan Brayshaw: Mmm tastes like stuxnet
02:06:44 Ben Delamotte: We're all moving to adopt Zero Trust network
topologies aren't we?
02:06:52 Kim Green: THANK YOU. ICS are most likely to be legacy and soooo
outdated in security and support.
02:07:33 Thomas John: yes, zero trust is mostly around the corner
everywhere. However, there are any implementation difficulties.
02:07:40 Kim Green: OWASP now has a top 10 for non-human identity (API and
services and stuff) They just had a webinar on it yesterday.
02:08:10 Marcus Mroczkowski: search for hivesystems and password - you
should get a good graphic about password hacking times
02:08:33 Phillip Rose: Much appreciate the seminar. Thank you. A lot of
interesting technical comments too.
02:08:47 Brian Anderson: @Ben...in theory we should be, but money is the
driving factor and Legacy Operational Tech is notorious for being low/no security
and costing large amounts. If your not at ZTN yet, you should at least have a plan
to move
02:09:27 Anil Dahal: 💕
02:10:04 Nicholas Koutelas: How will the rise of more sophisticated AI
models and tools going to impact the Pen testing space?
02:10:17 Craig Garland: hmmm hive said about 167m years.
02:10:41 Marcus Mroczkowski: ZTN is a great concept, easily built in a
greenfield network/server fleet, not so easy when there are legacy systems that
can't be wrapped in ZTN, already in the network.
02:10:42 Kshitiz Khadka: https://github.com/michelbernardods/labs-pentest
02:10:52 Raju Kunwar: Thank you IT Masters and Jeremy for this interesting
session. Lot of good info. See you next week.
02:11:16 Brian Anderson: @Marcus...100% agree
02:11:22 Sam Lees: great session. will the chat be published with the slides.
some great recommendations from the other attendees? I am a bit concerned about
putting my name out on comments to such a large and random audience.
02:11:30 Muhammad Nasir Sattar: thanks everyone
02:11:42 Brian Heatherich: Thanks for the night.. always useful
02:11:53 Marcus Mroczkowski: @Nicholas tools like burpsuite have AI plugins
now (burpGPT).

AI is being used by miscreants - we shouldn't we use it as well.

02:12:04 Jon Campbell: Self host AI and then create your own automations.
02:12:18 K.S. Varun Chandra: hey id we are not able to crack a password with
dictionary attack or bruteforce what is the final method to crack the hash
Because i have cracked a word presss websites admin creds and now i am not able to
crack that hash it is a PHPass hash and maybe the admin setup a complicated
password which is not in the rockyou wordist now what can i do to crack that
hash ?????????????????????????
02:13:07 Linh Mai: Tks you
02:13:08 Marcus Mroczkowski: Some insurance companies require a PenTest
report before they'll issue cyber insurance.
02:13:16 Lily Nguyen: Yes, the chat will be posted to the portal.
02:13:21 Jon Campbell: I work at a council and we need to be compliant. w
02:13:28 Craig Garland: IS quantum computers a risk, as encryption can
cracked
02:13:30 Jon Campbell: We run annual pen tests and vul tests.
02:13:36 Michael Mowbray: Can I Understand why we wouldn't use AI ourselves. EG
if we are trying to script. it can help iron things out and improve our abilities
02:13:39 Red Newstead: Excellent summary of legacy and contemporary tools &
techniques. Thank you Jeremy, Lily, CSU & other attendees for their remarks … 8<P
02:14:03 Brian Anderson: And some customers require you to have security
audit/Pentests done before you are granted a tender or contract
02:14:09 Tim Hyde: @christoforos RE: Lets limit to pentesting as that is
todays topic. Eg. Owning x number of boxes in y amount of time.
02:14:11 Kim Green: cyber insurance requires vulnerability/risk management
before they issue plan, and that plus checking did you follow due diligence to
remediate before paying out
02:14:25 Toindepi Graciano Zihori: Have a great day\night thank you
02:15:39 Minh Trinh: Thank you Shane. Jeremy, Lily and everyone, have a good
week 😀
02:15:47 Christoforos Charalampidis: Thanks everyone.
02:15:57 María Lorena Albornoz: thanks!!!
02:16:00 Cameron Barratt: thank you, very informative session
02:16:04 Joel Mant: Thank you
02:16:06 Anagha Haridasan Sunitha: thank you
02:16:06 Amit Wadhwani: Thank you folks for sharing all the knowledge
02:16:08 Michael Mowbray: 🙏
02:16:14 Ikenna Ihiegbunam: Thanks everyone.
02:16:15 Nipin Konthalathumkandiyil: thank you all 🙏
02:16:16 Akrem Ben amor: thank you Jeremy
02:16:24 Leanne Tran: The chat was very informative, thanks everyone! See
you next week
02:16:30 Ron Tevita: Thanks team!
02:16:31 Terry P: Thanks everyone!
02:16:31 Sunil Gujjula: thank you
02:16:34 Esther Tapia: Thanks very much. Nice week everyone
02:16:35 David Stanley: Thank you Jeremy Shane, Lily / Team - Great session !
02:16:35 Jacqui Cope: Thank you for the introduction today! Looking forward
to next week’s content
02:16:39 Christine Tylor: @Brian Anderson, that sounds like a really good
episode of DND. I might have to repeat binge to refresh my memory
02:16:39 Evelyn Wangui: thank youu!!
02:16:40 James Mashiter: Thank you all, great introduction module!
02:16:47 Simon Vannarath: Till next week everyone!
02:16:50 Craig Garland: Thanks, very interesting and love the chat
information as well
02:16:50 FADY ASAD: Thank you
02:16:56 jagat Thapa: Thank you
02:16:57 Atonio Naisara: thankyou
02:16:58 Emmanuel Fadamullah: Thanks
02:17:00 MGBEMERE EBERE JULIANA: Thank you
02:17:02 Vincent Addo: Cheers
02:17:03 Anthony Noonan: Thanks all.
02:17:04 Manuel Arribas: 👏
02:17:12 Julia: Thanks all
02:17:14 Waqas Awan: Thanks
02:17:15 Laban Orina: Thanks everyone
02:17:17 jasmeet kaur: Thanks Jeremy, IT masters and CSU for this short
course. :)
02:17:20 Lawrence Katuruza: Vey insightful session
02:17:20 Natasha John: Thank you!!! This was really helpful and informative!
I look forward to the next module :)
02:17:22 Nine Htet: Thank you all for the session.
02:17:24 Ben Delamotte: Thanks all
02:17:24 Leanne Tran: Yeah, this lecture was a very thorough introduction,
thanks Jeremy!
02:17:32 Sungmin Kim: Thanks
02:17:40 Ngeje Nganate: Thank u all..c u next week
02:17:42 Lily Nguyen: Thanks for attending everyone, we hope you've enjoyed
tonight’s webinar - see you next week! We'll have the webinar materials (slides,
video, etc.) available within 24 hours at http://learn.itmasters.edu.au
02:17:42 christopher king: Thanks for your time!
02:17:49 Usman Zubair: Thanks....
02:17:54 Vaibhav Saxena: Thank you
02:17:55 Swapna Paladugula: Thank you
02:17:56 Andrew Sevilla: Thanks Jeremy, et al!
02:17:59 Victor Jacinto Buendicho: Thank you!! See you in module 2 🙂
02:18:00 Andrew Tatow-Warren: thank you
02:18:02 Mohammed Jawad ALANGAYAM: when will be next class?
02:18:02 Huguette Dora Edjangue: THANK YOU!
02:18:04 Shyam Chavan: Thank You , appreciated.
02:18:05 Jithin Aji Chandran: Thank You
02:18:06 Brian Chatterton: Thank you
02:18:09 Prem kumar Senniappan: Thank you
02:18:12 Greg Turnbull: Thanks Jeremey. Hope you still mtbing.
02:18:13 Azuka Anyabuine: thank you jeremy
02:18:15 David Cook: Thanks everyone
02:18:15 Mickpatten: Thanks Jeremy
02:18:17 Adegbemiro Adeboye: Thank you very much Jeremy and the organizers.
See next time.
02:18:17 Brian Anderson: Thanks everyone
02:18:18 James-Patrick Riley: thank you
02:18:19 Rocky Davidson: Thank you!
02:18:19 Deepak Singh: Thanks so much.
02:18:20 Mark Oswald: thank you
02:18:20 Christos Kuznos: thank you
02:18:21 Jon Campbell: THanks guys!
02:18:22 James Rodoreda: cheers
02:18:22 Daniel Montgomery: Have a great evening everyone!