In a new deep-dive tutorial for CompTIA PenTest+ PT0-003, ethical hacking instructor Professor Erica covers the foundational network-level attacks that set the stage for advanced exploitation. The video, part of the Domain 4 curriculum, demonstrates techniques including VLAN hopping, man-in-the-middle (MITM) attacks, and packet sniffing, along with a real-world case study of the NotPetya 2017 attack.
The session begins with VLAN hopping, a technique that allows an attacker to bypass virtual LAN segmentation. Two primary methods are explored: switch spoofing using Dynamic Trunking Protocol (DTP) and double-tagging (QinQ) to evade access control. Both can grant unauthorized access to traffic on different VLANs.
Next, the tutorial moves to ARP poisoning for MITM positioning. Professor Erica shows how tools like Ettercap and Bettercap can be used to intercept traffic between two hosts on the same local network by corrupting their ARP caches. Once the attacker is in the middle, all communication can be captured, modified, or dropped.
The third segment focuses on packet sniffing using industry-standard tools: Wireshark for deep protocol analysis, tcpdump for command-line capture, and Scapy for crafting custom packets. These tools enable analysts to examine network traffic and identify vulnerabilities or malicious activity.
Finally, the video ties the concepts together with the NotPetya 2017 attack as a case study, showing how network attacks chain together to cause widespread damage. The lesson concludes with a suggested lab workflow for practicing these attacks and a quiz to reinforce learning.
Full course content is available on Professor Erica's YouTube channel, with 52 lessons covering the PenTest+ PT0-003 objectives.