SlideShare a Scribd company logo

Introduction to penetration testing

Download as PPTX, PDF
N
Nezar Alazzabi

this is a simple presentation that will give you a general overview and introduction to penetration testing.

Technology
1 of 14
Penetration Testing These Slides to those who want to enter and learn about the world of Penetration Testing. Nezar Alazzabi 2019-09-25
What is penetration Testing Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit, Penetration testing can be automated with software applications or performed manually Either way. The process of pen testing involves gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. The main objective of penetration testing is to identify security weaknesses. Penetration testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.
Types of Penetration Testing BLACKBOX TESTING In a black-box testing assignment, the penetration tester is placed in the role of the average hacker, with no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network This means that black-box penetration testing relies on dynamic analysis of currently running programs and systems within the target network. A black-box penetration tester must be familiar with automated scanning tools and methodologies for manual penetration testing. Black-box penetration testers also need to be capable of creating their own map of a target network based on their observations since no such diagram is provided to them. WHITEBOX TESTING White-box testing goes by several different names, including clear-box, open-box, auxiliary and logic-driven testing. It falls on the opposite end of the spectrum from black-box testing and penetration testers are given full access to source code, architecture documentation and so forth. The main challenge with white-box testing is sifting through the massive amount of data available to identify potential points of weakness, making it the most time-consuming type of penetration testing.
Penetration Testing Steps Reconnaissance – It is the process of collecting information before deploying any real attacks. Enumeration – It is the process of identifying the likely entry points into the target system. Vulnerability Analysis – is the process which defines, locates, and classifies the security leaks in a computer, network, or application. Exploitation – It is the process of enabling pen testers to compromise a system and expose to further attacks. Reporting – It is the process of documenting all the steps that led to a successful attack during the test.
Phases of a Penetration Test
What do you need to start a pentest journey? At the beginning you should start by reading about the subject. Using articles, books and guides, and videos on the subject , not just on pentesting but on general cybersecurity issues across the board. In summary, you will be expected to understand: ● Cybersecurity: Techniques, tricks, vectors, threat profiles and the anatomy of cyberattacks. ● Hardware and networks ● Operating systems, databases ● Applications, including web apps and APIs ● Data analysis: At least in terms of analyzing security issues and presenting solutions ● Programming languages including Python , Ruby , php & JS. ● Scripting languages including Shell scripting , Powershell , batch files.
Penetration Test Terms ● CVE The common vulnerabilities and exposures , (CVE) program has been cataloging software and firmware vulnerabilities for 18 years. ● A vulnerability is a weak point or a bug in a piece of software , hardware or operating system that leaves a system open and vulnerable to attacks and unauthorized access, The weakness could be simple as a weak password or complex as SQL Injection , Buffer Overflow (BOF). ● An exploit is a code that takes advantage of a software vulnerability or security flaw. It is written either by security researchers as a proof-of-concept (POC) or by malicious actors and attackers for use in their operations, Exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network or computer systems. ● A payload is a piece of code that executed through exploit. Have a look at the Metasploit Framework. It is simply a collection of exploits and payloads. Each exploit can be attached with various payloads like reverse or bind shells, the meterpreter shell etc. [Argument: The answer should be "What you do to the target after it is exploited".
Most Common Types of Cyber Attacks ● Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. ● Social Engineering. ● Man in The Middle Attack (MITM). ● Phishing and spear Attacks. ● Drive-by Attack. ● SQL Injection Attack. ● Cross-Site Scripting (XSS) Attack. ● Eavesdropping Attack. ● Malware Attacks.
Common Web Vulnerabilities ● SQL INJECTION: SQL Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the users data ,Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands and gives access to unauthorized data, The SQL command which when executed by web application can also expose the back-end database. ● Cross Site Scripting (XSS): XSS vulnerabilities target scripts embedded in a page that are executed on the client side i.e. user browser rather then at the server side. These flaws can occur when the application takes untrusted data and send it to the web browser without proper validation, the attackers can use XSS to execute malicious scripts on the users in this case victim browsers. Since the browser cannot know if the script is trusty or not, the script will be executed, and the attacker can hijack session cookies, deface websites, or redirect the user to an unwanted and malicious websites. ● Insecure Direct Object Reference: It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. The attacker can use this information to access other objects and can create a future attack to access the unauthorized data. ● Cross Site Request Forgery (CSRF): CSRF attack is an attack that occurs when a malicious website, email, or program causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated,a CSRF attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any other automatically included authentication information, to a vulnerable web application.
Common Network Attacks CDP Manipulation: CDP packets are enabled by default on Cisco switches and transmitted in a clear text which allows the attacker to analyze the packets and gain information about the network device, so the attacker can search for a known vulnerability and execute against this device. Telnet Enabled VTY: Telnet also transmits packets in clear text which can reveal to an attacker who’s sniffing the network , as well as SSH v1 which is also vulnerable and compromised. Mac Flooding: The attacker floods the Mac table with Mac Address more than the switch can store or handle , which makes the switch operating as a hub giving the attacker the opportunity to sniff all traffic on the segment. DHCP Spoofing: the attacker listens for DHCP requests and answers them , giving it’s IP address the default gateway for the clients , the attacker becomes a (MITM). ARP Spoofing: similar to dhcp spoofing but related to ARP Messages. VLAN Hopping: is when a station is able to access VLAN other than it’s own , this can be done trough one of the following: A- Switch Spoofing. B- 802.1q Double Tagging.
Common Pentest Tools ● Nmap: it’s not necessarily a pen-testing tool, it is a must-have tool for ethical hackers , sysadmin’s , network admin’s. This is a very popular tool that predominantly aids in understanding the characteristics of any target network, the characteristics include host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced. ● Nessus: is a scanner and it needs to be watched out for, It’s one of the most robust vulnerability identifier tools available. It specializes in compliance checks, Sensitive data searches, IPs scan, website scanning etc. and aids in finding the ‘weak-spots’. ● Acunetix: is a fully automated web vulnerability scanner that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS. ● Metasploit: This is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating a perfect framework for penetration testing. ● Wireshark: This is basically a network protocol analyzer ,popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems ● Burp-Suite: Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost effective.
Pentest roles and responsibilities ● Network and application tests to check the general security vulnerabilities across a network, the pentester will be involved in designing these tests or keeping existing ones up to date. You will be expected to know how to implement and apply pentesting tools ● Physical security tests such as checking for disaster hardening of servers to non-cyber threats (vandalism, climate impacts and so on) ● Security audits: This is a fundamental and ongoing aspect of the penetration tester’s role. You will be expected to assess the security of a given process, protocol or system. You will also need to write up reports of audits ● General security report writing and the use of metrics from tests to help develop security strategies ● Involvement in security team and security policy review: You will need to be able to communicate with your wider team and help with security policy review
Penetration Testing certificates Here is a list of the most common certificates in penetration Testing: ● EC-Council Licensed Penetration Tester (LPT) Master. ● EC-Council Certified Ethical Hacker (CEH). ● IACRB Certified Penetration Tester (CPT). ● Certified Expert Penetration Tester (CEPT). ● Offensive Security Certified Professional (OSCP). ● Certified Penetration Testing Engineer (CPTE). ● Certified Penetration Testing Consultant ( CPTC) ● GIAC Exploit Researcher and Advanced Penetration Tester (GXPN). ● Certified Powershell Hacker (CPSH). ● GIAC Web Application Penetration Tester (GWAPT). ● GIAC Penetration Tester (GPEN). ● Certified Information Systems Security Professional (CISSP). ● GIAC Certified Forensic Analyst. ● Certified Reverse Engineering Analyst.
References ● SANS: https://www.sans.org/ ● Trend Micro: https://www.trendmicro.com ● Infosec Institute: http://infosecinstitute.com/ ● Offensive Security: https://www.offensive-security.com/ ● Security Bloggers Network: https://securityboulevard.com/

Recommended

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
RomSoft SRL
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 

Recommended

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
RomSoft SRL
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
Danny Wong
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Marco Morana
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals
211 Check
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 

More Related Content

What's hot

OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Marco Morana
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 

What's hot (20)

OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Penetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity ProfessionalsPenetration Testing for Cybersecurity Professionals
Penetration Testing for Cybersecurity Professionals
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Web application security
Web application securityWeb application security
Web application security
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 

Similar to Introduction to penetration testing

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guide
Matt Ford
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 

Similar to Introduction to penetration testing (20)

Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guide
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Vulnerability
VulnerabilityVulnerability
Vulnerability
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless AttackAn Introduction of SQL Injection, Buffer Overflow & Wireless Attack
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
 
Metasploit
MetasploitMetasploit
Metasploit
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows Computer
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

Introduction to penetration testing

  • 1. Penetration Testing These Slides to those who want to enter and learn about the world of Penetration Testing. Nezar Alazzabi 2019-09-25
  • 2. What is penetration Testing Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit, Penetration testing can be automated with software applications or performed manually Either way. The process of pen testing involves gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. The main objective of penetration testing is to identify security weaknesses. Penetration testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.
  • 3. Types of Penetration Testing BLACKBOX TESTING In a black-box testing assignment, the penetration tester is placed in the role of the average hacker, with no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network This means that black-box penetration testing relies on dynamic analysis of currently running programs and systems within the target network. A black-box penetration tester must be familiar with automated scanning tools and methodologies for manual penetration testing. Black-box penetration testers also need to be capable of creating their own map of a target network based on their observations since no such diagram is provided to them. WHITEBOX TESTING White-box testing goes by several different names, including clear-box, open-box, auxiliary and logic-driven testing. It falls on the opposite end of the spectrum from black-box testing and penetration testers are given full access to source code, architecture documentation and so forth. The main challenge with white-box testing is sifting through the massive amount of data available to identify potential points of weakness, making it the most time-consuming type of penetration testing.
  • 4. Penetration Testing Steps Reconnaissance – It is the process of collecting information before deploying any real attacks. Enumeration – It is the process of identifying the likely entry points into the target system. Vulnerability Analysis – is the process which defines, locates, and classifies the security leaks in a computer, network, or application. Exploitation – It is the process of enabling pen testers to compromise a system and expose to further attacks. Reporting – It is the process of documenting all the steps that led to a successful attack during the test.
  • 6. What do you need to start a pentest journey? At the beginning you should start by reading about the subject. Using articles, books and guides, and videos on the subject , not just on pentesting but on general cybersecurity issues across the board. In summary, you will be expected to understand: ● Cybersecurity: Techniques, tricks, vectors, threat profiles and the anatomy of cyberattacks. ● Hardware and networks ● Operating systems, databases ● Applications, including web apps and APIs ● Data analysis: At least in terms of analyzing security issues and presenting solutions ● Programming languages including Python , Ruby , php & JS. ● Scripting languages including Shell scripting , Powershell , batch files.
  • 7. Penetration Test Terms ● CVE The common vulnerabilities and exposures , (CVE) program has been cataloging software and firmware vulnerabilities for 18 years. ● A vulnerability is a weak point or a bug in a piece of software , hardware or operating system that leaves a system open and vulnerable to attacks and unauthorized access, The weakness could be simple as a weak password or complex as SQL Injection , Buffer Overflow (BOF). ● An exploit is a code that takes advantage of a software vulnerability or security flaw. It is written either by security researchers as a proof-of-concept (POC) or by malicious actors and attackers for use in their operations, Exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network or computer systems. ● A payload is a piece of code that executed through exploit. Have a look at the Metasploit Framework. It is simply a collection of exploits and payloads. Each exploit can be attached with various payloads like reverse or bind shells, the meterpreter shell etc. [Argument: The answer should be "What you do to the target after it is exploited".
  • 8. Most Common Types of Cyber Attacks ● Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. ● Social Engineering. ● Man in The Middle Attack (MITM). ● Phishing and spear Attacks. ● Drive-by Attack. ● SQL Injection Attack. ● Cross-Site Scripting (XSS) Attack. ● Eavesdropping Attack. ● Malware Attacks.
  • 9. Common Web Vulnerabilities ● SQL INJECTION: SQL Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the users data ,Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands and gives access to unauthorized data, The SQL command which when executed by web application can also expose the back-end database. ● Cross Site Scripting (XSS): XSS vulnerabilities target scripts embedded in a page that are executed on the client side i.e. user browser rather then at the server side. These flaws can occur when the application takes untrusted data and send it to the web browser without proper validation, the attackers can use XSS to execute malicious scripts on the users in this case victim browsers. Since the browser cannot know if the script is trusty or not, the script will be executed, and the attacker can hijack session cookies, deface websites, or redirect the user to an unwanted and malicious websites. ● Insecure Direct Object Reference: It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. The attacker can use this information to access other objects and can create a future attack to access the unauthorized data. ● Cross Site Request Forgery (CSRF): CSRF attack is an attack that occurs when a malicious website, email, or program causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated,a CSRF attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any other automatically included authentication information, to a vulnerable web application.
  • 10. Common Network Attacks CDP Manipulation: CDP packets are enabled by default on Cisco switches and transmitted in a clear text which allows the attacker to analyze the packets and gain information about the network device, so the attacker can search for a known vulnerability and execute against this device. Telnet Enabled VTY: Telnet also transmits packets in clear text which can reveal to an attacker who’s sniffing the network , as well as SSH v1 which is also vulnerable and compromised. Mac Flooding: The attacker floods the Mac table with Mac Address more than the switch can store or handle , which makes the switch operating as a hub giving the attacker the opportunity to sniff all traffic on the segment. DHCP Spoofing: the attacker listens for DHCP requests and answers them , giving it’s IP address the default gateway for the clients , the attacker becomes a (MITM). ARP Spoofing: similar to dhcp spoofing but related to ARP Messages. VLAN Hopping: is when a station is able to access VLAN other than it’s own , this can be done trough one of the following: A- Switch Spoofing. B- 802.1q Double Tagging.
  • 11. Common Pentest Tools ● Nmap: it’s not necessarily a pen-testing tool, it is a must-have tool for ethical hackers , sysadmin’s , network admin’s. This is a very popular tool that predominantly aids in understanding the characteristics of any target network, the characteristics include host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced. ● Nessus: is a scanner and it needs to be watched out for, It’s one of the most robust vulnerability identifier tools available. It specializes in compliance checks, Sensitive data searches, IPs scan, website scanning etc. and aids in finding the ‘weak-spots’. ● Acunetix: is a fully automated web vulnerability scanner that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS. ● Metasploit: This is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating a perfect framework for penetration testing. ● Wireshark: This is basically a network protocol analyzer ,popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems ● Burp-Suite: Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost effective.
  • 12. Pentest roles and responsibilities ● Network and application tests to check the general security vulnerabilities across a network, the pentester will be involved in designing these tests or keeping existing ones up to date. You will be expected to know how to implement and apply pentesting tools ● Physical security tests such as checking for disaster hardening of servers to non-cyber threats (vandalism, climate impacts and so on) ● Security audits: This is a fundamental and ongoing aspect of the penetration tester’s role. You will be expected to assess the security of a given process, protocol or system. You will also need to write up reports of audits ● General security report writing and the use of metrics from tests to help develop security strategies ● Involvement in security team and security policy review: You will need to be able to communicate with your wider team and help with security policy review
  • 13. Penetration Testing certificates Here is a list of the most common certificates in penetration Testing: ● EC-Council Licensed Penetration Tester (LPT) Master. ● EC-Council Certified Ethical Hacker (CEH). ● IACRB Certified Penetration Tester (CPT). ● Certified Expert Penetration Tester (CEPT). ● Offensive Security Certified Professional (OSCP). ● Certified Penetration Testing Engineer (CPTE). ● Certified Penetration Testing Consultant ( CPTC) ● GIAC Exploit Researcher and Advanced Penetration Tester (GXPN). ● Certified Powershell Hacker (CPSH). ● GIAC Web Application Penetration Tester (GWAPT). ● GIAC Penetration Tester (GPEN). ● Certified Information Systems Security Professional (CISSP). ● GIAC Certified Forensic Analyst. ● Certified Reverse Engineering Analyst.
  • 14. References ● SANS: https://www.sans.org/ ● Trend Micro: https://www.trendmicro.com ● Infosec Institute: http://infosecinstitute.com/ ● Offensive Security: https://www.offensive-security.com/ ● Security Bloggers Network: https://securityboulevard.com/