LinkedInGitHubPortfolioMediumTwitter

1.8 Techniques in Penetration Testing

Penetration Testing

This type of test simulates an attack which tries to identify vulnerabilities and security gaps for a company. Then the company mitigates the gaps before an attacker compromise the system. - similar to vulnerability scanning but we actually try to exploit the vulnerabilities that are found - often compliance mandate

Rules of engagement defines the scope and purpose of the pentest, includes IP address range and device in-scope, type of testing and the schedule settings.

Exploiting vulnerabilities allow a pentest to achieve its objective - gain privilege escalation - password brute-force | social engineering | database injection | buffer overflows

Lateral movement - moving from system to system (ususally having the same privilege)

Persistence - you need a way to get back into the system if they reset their computer

Pivot - gain access to other systems that would normally be not accessible initially

Cleanup - leave the network in its original state | remove any files and backdoors placed in the compromised systems

Reconnaissance

Gathering information about the target you are testing - footprinting means learning everything you can. You basically understand the security posture of the target. - gather information from passive sources (passive recon) - look at social media posts, or corporate website, online forums, social engineering, OSINT - gather information actively (active recon) - you actively send data to the target - this is visible on network traffic and logs | ping scan, port scan, DNS queries, OS fingerprinting

Security Teams

Red team = offensive security team, ethical hackers who find security holes

Blue team = defensive security team, operational security team, daily security teams - incident response - threat hunting

Purple team = red and blue team works together

White team = manages the interactions between red team and blue team - enforces the rules, resolves any issues, determines the score - manages post-event assessments, lessons learned, results

Previous1.7 Techniques in Security AssessmentsNext2.1 Security Concepts in Enterprise Environment

Last updated

Was this helpful?