anitsh
commented
4 years ago Open anitsh opened 4 years ago
anitsh
commented
4 years ago anitsh
commented
4 years ago A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyber attack on a computer system, performed to evaluate the security of the system.
Pentest IS NOT “vulnerability scan”, “compliance audit” or “security assessment”.
The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.
A penetration test doesn’t stop at simply uncovering vulnerabilities: it goes the next step to actively exploit those vulnerabilities in order to prove (or disprove) real-world attack vectors against an organization’s IT assets, data, humans, and/or physical security.
While a penetration test may involve use of automated tools and process frameworks, the focus is ultimately on the individual or team of testers, the experience they bring to the test, and the skills and wherewithal they leverage in the context of an active attack on your organization. This can’t be over-emphasized. Even highly automated, well-resourced, and advanced networks employing sophisticated counter-measure technologies are often vulnerable to the unique nature of the human mind, which can think laterally and outside of the box, can both analyze and synthesize, and is armed with motive and determination.
A penetration test is designed to answer the question: “What is the real-world effectiveness of my existing security controls against an active, human, skilled attacker?” We can contrast this with security or compliance audits that check for the existence of required controls and their correct configurations, by establishing a simple scenario: Even a 100% compliant organization may still be vulnerable in the real world against a skilled human threat agent.
A penetration test allows for multiple attack vectors to be explored against the same target. Often it is the combination of information or vulnerabilities across different systems that will lead to a successful compromise. While there are examples of penetration testing that limit their scope to only one target via one vector (example, a web application pen test conducted only from the point of view of the Internet browser), their results should always be taken with a grain of salt: while the test may have provided valuable results, its results are only useful within the same context the test was conducted. Put another way, limiting scope and vector yields limited real-world understanding of security risk.
anitsh
commented
4 years ago It’s best to have a pen test performed by someone with little-to-no prior knowledge of how the system is secured because they may be able to expose blind spots missed by the developers who built the system. For this reason, outside contractors are usually brought in to perform the tests. These contractors are often referred to as ‘ethical hackers’ since they are being hired to hack into a system with permission and for the purpose of increasing security.
Many ethical hackers are experienced developers with advanced degrees and a certification for pen testing. On the other hand, some of the best ethical hackers are self-taught. In fact, some are reformed criminal hackers who now use their expertise to help fix security flaws rather than exploit them. The best candidate to carry out a pen test can vary greatly depending on the target company and what type of pen test they want to initiate.
anitsh
commented
4 years ago White box pen test - In a white box test, the hacker will be provided with some information ahead of time regarding the target company’s security info.
Black box pen test - Also known as a ‘blind’ test, this is one where the hacker is given no background information besides the name of the target company.
Covert pen test - Also known as a ‘double-blind’ pen test, this is a situation where almost no one in the company is aware that the pen test is happening, including the IT and security professionals who will be responding to the attack. For covert tests, it is especially important for the hacker to have the scope and other details of the test in writing beforehand to avoid any problems with law enforcement.
External pen test - In an external test, the ethical hacker goes up against the company’s external-facing technology, such as their website and external network servers. In some cases, the hacker may not even be allowed to enter the company’s building. This can mean conducting the attack from a remote location or carrying out the test from a truck or van parked nearby.
Internal pen test - In an internal test, the ethical hacker performs the test from the company’s internal network. This kind of test is useful in determining how much damage a disgruntled employee can cause from behind the company’s firewall.
anitsh
commented
4 years ago Pen tests start with a phase of reconnaissance, during which an ethical hacker spends time gathering data and information that they will use to plan their simulated attack. After that, the focus becomes gaining and maintaining access to the target system, which requires a broad set of tools.
Tools for attack include software designed to produce brute-force attacks or SQL injections. There is also hardware specifically designed for pen testing, such as small inconspicuous boxes that can be plugged into a computer on the network to provide the hacker with remote access to that network. In addition, an ethical hacker may use social engineering techniques to find vulnerabilities. For example, sending phishing emails to company employees, or even disguising themselves as delivery people to gain physical access to the building.
The hacker wraps up the test by covering their tracks; this means removing any embedded hardware and doing everything else they can to avoid detection and leave the target system exactly how they found it.
anitsh
commented
4 years ago After completing a pen test, the ethical hacker will share their findings with the target company’s security team. This information can then be used to implement security upgrades to plug up any vulnerabilities discovered during the test. These upgrades can include rate limiting, new WAF rules, and DDoS mitigation, as well as tighter form validations and sanitization.
anitsh
commented
4 years ago Through these tests a business can identify: Security vulnerabilities before a hacker does Gaps in information security compliance The response time of their information security team, i.e. how long it takes the team to realize that there is a breach and mitigate the impact The potential real-world effect of a data breach or cybersecurity attack Actionable remediation guidance
anitsh
commented
4 years ago OS for Pen testing
anitsh
commented
4 years ago Enumeration is often considered as a critical phase in Penetration testing, as the outcome of enumeration can be used directly for exploiting the system. We need to know about this Operating System enumeration as It will be useful as one little step when we want to do privilege escalation.
What is the distribution type? cat /etc/issue cat /etc/*-release cat /etc/lsb-release cat /etc/redhat-release
What is the kernel version? 32-bit or 64-bit? cat /proc/version uname -a uname -mrs rpm -q kernel dmesg | grep Linux ls /boot | grep vmlinuz-
Find out the printer is it available or not. lpstat -a
Learn from the environmental variable cat /etc/profile cat /etc/bashrc cat ~/.bash_profile cat ~/.bashrc cat ~/.bash_logout env set