SlideShare a Scribd company logo

NETWORK PENETRATION TESTING

Download as PPTX, PDF
Er Vivek Rana, profile picture
Er Vivek Rana

This 1-day course introduces network penetration testing concepts and provides an overview of the penetration testing process. It covers prerequisites, objectives, benefits, definitions, types of penetration testing and phases including reconnaissance, scanning, exploitation, and reporting. The goal is to prepare students to understand and assist with penetration tests, though they will not be able to independently conduct professional tests after this introductory course.

Technology
1 of 20
Downloaded 403 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Most read
17
Most read
18
19
20
Most read
NAS103: Essentials of Network Penetration Testing
Course Introduction • Duration: 1 Day – 3 Sessions • Objectives – Introduce you to definitions involved in Penetration Testing – Prepare you for a Network based Penetration Test – Take you through a Network Penetration Test Tools and Methodology – Enable you Understand and Write a Penetration Testing Report – No Tool, Tool, Tool Demonstration. Conceptual knowledge for strong base • Prerequisites – Working knowledge of TCP/IP – Working knowledge of Windows Commands – Working knowledge of Bash Commands
Course Benefits • This course will be helpful for – Penetration Testing Practitioners within the Organizations or Consultants – Network Penetration Testing Project Leads – Network Engineers and Administrators – Prospective Network Penetration Testing Clients • At the end, you will be able to – Setup a Basic Network Penetration Testing Lab – Brainstorm and Dialog with Professional Penetration Testers – Write Basic Network Penetration Testing Reports – Understand Paid Network Penetration Reports • You will not be able to – Setup a Professional Network Penetration Testing Lab – Perform Professional Network Penetration Testing – Write rigorous Penetration Testing Report
Course Author • Praful Agarwal • Over 6 Years of Work Experience • Schooling from CBSE • Bachelor in Information Technology from PTU • PG in Cyber Crime Prosecution and Defense from Asian School of Cyber Law • ISO 27001:2005 Lead Auditor • Started hacking at the age of 13 • Lectured in Indian Navy, Indian Air Force, IISc Bengaluru, etc. • No Criminal Cases, so a Good Hacker 
Mindset • “We break computers, making them do stuff that their designers, implementers, and system administrators didn’t plan on them doing.” by a Noted Penetration Tester • Successful penetration testers and ethical hackers – Think out of the box, to do things differently – Be pragmatic but careful – Take notes regularly to make work reproducible
What is Security? • Confidentiality – Confidentiality, also referred to as privacy, is the process of making sure that data remains private and confidential • Integrity – Integrity is the guarantee that data is protected from accidental or deliberate (malicious) modification • Availability – From a security perspective, availability means that systems remain available for legitimate users
Base Definitions • Threat: An agent that may cause harm to the target organizations • Vulnerability: Flaw or loophole in our resources that can be used by an attacker to cause damage or destruction • Risk: Identification of vulnerabilities and threats shape into risks. That is, we have a risk when our system carries a vulnerability which can be attacked by a threat • Exploit: Exploit is an object which is initiated by the threat agent to cause damage to the organization using a vulnerability • Attack: Series of actions that exploits vulnerabilities in the target which may violate Confidentiality, Integrity and Availability of the organization
What is Ethical Hacking? • Hacking (traditional) – Manipulating technology to make it do something that it is not designed to do • Hacking (threatening) – Breaking into computers and network systems without permissions • Hacking – Computer Security (wikipedia) – Hacking means finding out weaknesses in a computer or computer network and exploiting them, though the term can also refer to someone with an advanced understanding of computers and computer networks • Ethical Hacking (wikianswers) – Ethical hacking is where a person hacks to find weaknesses in a system and then usually patches them
What is Penetration Testing? • Focused on finding security vulnerabilities in a target environment that could let an attacker penetrate the network or computer systems, or steal information – Using tools and techniques very similar to those employed by criminals – To prevent a thief, you may need to think like a thief – The goal is actual penetration – compromising target systems and getting access to information • Penetration testing is a subset of ethical hacking Ethical Hacking Penetration Testing
Ethical Hacking v/s PenTest • Ethical hacking is a general process of using hacker techniques for good purpose, which includes vulnerability discovery in a target organization’s network, software product vulnerability research, and other tasks • Penetration testing is more narrowly focused phrase, dealing with process of finding flaws in a target environment with the goal of penetrating systems, taking control of them • Penetration testing is focused on penetrating the target organization’s defenses, compromising systems and getting access to information
Types of Penetration Testing • Overt – Also known as White Hat Testing, involves performing external and/or internal testing with the knowledge and consent of the organization’s IT staff, enabling comprehensive evaluation of the network or system security posture. – As IT staff is fully aware of and involved in the testing, it may be able to provide guidance to limit the testing’s impact along with some training opportunity, with staff observing the activities and methods used by assessors to evaluate and potentially circumvent implemented security measures • Covert – Also known as Black Hat Testing, takes an adversarial approach by performing testing without the knowledge of the organization’s IT staff but with the full knowledge and permission of upper management – Purpose of this testing is to examine the damage or impact an adversary can cause—it does not focus on identifying vulnerabilities.
Types of Network PenTest • External – This testing is conducted from outside the organization’s security perimeter. This offers the ability to view the environment’s security posture as it appears outside the security perimeter—usually as seen from the Internet—with the goal of revealing vulnerabilities that could be exploited by an external attacker • Internal – In this type of testing, assessors work from the internal network and assume the identity of a trusted insider or an attacker who has penetrated the perimeter defenses. This kind of testing can reveal vulnerabilities that could be exploited from inside, and demonstrates the potential damage an internal attacker could cause • If both internal and external testing is to be performed, the external testing usually takes place first. This is particularly beneficial if the same assessors will be performing both types of testing
Phases of an Attack • Both malicious and ethical hackers rely on various phases in their attacks: – Reconnaissance – Scanning – Exploitation • Malicious attackers often go further, into phases such as: – Maintaining Access with backdoors and rootkits – Covering tracks with covert channels and log editing
Reconnaissance • Also known as Passive Information Gathering, this phase includes gathering information about the target from public sources – Web presence not just website – Search engines – Web archives – Personal websites of employees – Job postings – Newsgroups – Domain Registrar • By the end of this phase, the penetration tester will have a wealth of information regarding the target without ever visiting the target’s network. All passive information is gathered from third- party sources that have collected information about our target, or have legal requirements to retain this data.
Scanning • Also known as Active Information Gathering, this phase includes gathering information by interacting with the target network – Network addresses of live hosts, firewalls, routers, etc – Network topology – Operating systems on live hosts – Open ports – Running services – Potential vulnerable services • Minimize the chance of damaging the target machine(s), as there is always a possibility that our interactions could cause a target system or service to buzz the alarm of intrusion
Type of Scanning • Network Sweeping – Identifying live hosts at IP addresses by sending probe packets • Port Scanning – Determining listening TCP and UDP ports on systems • OS Fingerprinting – Determining target operating system type based on network behavior • Service Scanning – Identifying running services and protocols from open ports along with versions • Vulnerability Scanning – Listing down potential vulnerabilities in the target environment
Exploitation • Taking advantage of a vulnerable service in gaining access to a machine in target environment to run command in it • Exploitation may involve: – Moving files to a target machine – Taking files from a target machine – Sniffing network data in the target network – Install software in target machine – Using one vulnerable machine to compromise whole network • Acts as Proof of Exploitation (PoE), to be mentioned in the penetration testing report
Exploitation Risks • Exploiting target machines does bring some significant risks which must be carefully discussed with the target organization • Exploitation risks involve: – Service Crash – System Crash – Severe impact on system stability – Data exposure
Types of Exploitation • Server Side Exploits – Attacking a service which is listening on the network by generating and sending exploitation packets – User interaction on the target machine is not required • Client Side Exploits – Attacking a client application that fetches content from a server machine – Requires user interaction to actively pull content from the machine • Local Privilege Escalation – Attacking the local machine with limited privileges to jump to higher privileges on the machine such as root, admin – May or may not require user interaction
PenTest Reports • Executive Summary • Test Methodology • Findings – High Risks – Medium Risks • Conclusions • Remediations

More Related Content

PPTX
Network Penetration Testing
Mohammed Adam
 
PPTX
Pen Testing Explained
Rand W. Hirt
 
PPT
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
PPT
Penetration Testing Basics
Rick Wanner
 
PPT
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
PPTX
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
PPTX
Ethical Hacking - sniffing
Bhavya Chawla
 
PDF
Penetration testing
Ammar WK
 
Network Penetration Testing
Mohammed Adam
 
Pen Testing Explained
Rand W. Hirt
 
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Penetration Testing Basics
Rick Wanner
 
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
Overview of Vulnerability Scanning.pptx
AjayKumar73315
 
Ethical Hacking - sniffing
Bhavya Chawla
 
Penetration testing
Ammar WK
 

What's hot (20)

PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
PDF
What is Penetration & Penetration test ?
Bhavin Shah
 
PDF
Penetrasyon Testlerinde Açık Kod Yazılımların Kullanımı
BGA Cyber Security
 
PPTX
Penetration Testing
RomSoft SRL
 
PPTX
Penetration testing reporting and methodology
Rashad Aliyev
 
PPTX
WTF is Penetration Testing v.2
Scott Sutherland
 
PDF
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
PDF
Penetration testing web application web application (in) security
Nahidul Kibria
 
PDF
Network Security Fundamentals
Rahmat Suhatman
 
PPTX
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Mehmet Caner Köroğlu
 
PPTX
Vulnerabilities in modern web applications
Niyas Nazar
 
PDF
Web Uygulama Pentest Eğitimi
BGA Cyber Security
 
PDF
Vulnerability Management
asherad
 
PPTX
Web Application Penetration Testing Introduction
gbud7
 
PDF
Attacker's Perspective of Active Directory
Sunny Neo
 
PPTX
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
PPTX
BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 2
BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
PDF
Penetration Testing Execution Phases
Nasir Bhutta
 
PPT
Port scanning
Hemanth Pasumarthi
 
PDF
Siber Guvenlik ve Etik Hhacking -2-
Murat KARA
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
What is Penetration & Penetration test ?
Bhavin Shah
 
Penetrasyon Testlerinde Açık Kod Yazılımların Kullanımı
BGA Cyber Security
 
Penetration Testing
RomSoft SRL
 
Penetration testing reporting and methodology
Rashad Aliyev
 
WTF is Penetration Testing v.2
Scott Sutherland
 
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Penetration testing web application web application (in) security
Nahidul Kibria
 
Network Security Fundamentals
Rahmat Suhatman
 
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Mehmet Caner Köroğlu
 
Vulnerabilities in modern web applications
Niyas Nazar
 
Web Uygulama Pentest Eğitimi
BGA Cyber Security
 
Vulnerability Management
asherad
 
Web Application Penetration Testing Introduction
gbud7
 
Attacker's Perspective of Active Directory
Sunny Neo
 
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 2
BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Penetration Testing Execution Phases
Nasir Bhutta
 
Port scanning
Hemanth Pasumarthi
 
Siber Guvenlik ve Etik Hhacking -2-
Murat KARA
 
Ad

Similar to NETWORK PENETRATION TESTING (20)

DOCX
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 
PDF
ethical Hack
Viggi Unbeaten
 
PDF
Wm4
Umang Patel
 
PDF
Wm4
Umang Patel
 
PDF
Security and Penetration Testing Overview
QA InfoTech
 
PDF
Ethical hacking
Khairi Aiman
 
PPTX
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
PPTX
Ethical Hacking and Defense Penetration
Jay Nagar
 
PPTX
GETTING STARTED WITH THE ETHICAL HACKING.pptx
BishalRay8
 
PDF
ethical-hacking-guide
Matt Ford
 
PDF
Ethical hacking-guide-infosec
CMR WORLD TECH
 
PDF
Ethical hacking-guide-infosec
Erfan Mallick
 
PDF
WTF is Penetration Testing
Scott Sutherland
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
PDF
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
PPTX
UNIT I PPT.pptxsdVDSVDAVDSBGVGNhfzgnnzgdngfh
Tejaswini Vontela
 
PDF
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
PDF
Vulnerability assessment on cyber security
rb5ylf93do
 
PPTX
Vapt life cycle
penetration Tester
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 
ethical Hack
Viggi Unbeaten
 
Wm4
Umang Patel
 
Wm4
Umang Patel
 
Security and Penetration Testing Overview
QA InfoTech
 
Ethical hacking
Khairi Aiman
 
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
Ethical Hacking and Defense Penetration
Jay Nagar
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
BishalRay8
 
ethical-hacking-guide
Matt Ford
 
Ethical hacking-guide-infosec
CMR WORLD TECH
 
Ethical hacking-guide-infosec
Erfan Mallick
 
WTF is Penetration Testing
Scott Sutherland
 
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
UNIT I PPT.pptxsdVDSVDAVDSBGVGNhfzgnnzgdngfh
Tejaswini Vontela
 
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Vulnerability assessment on cyber security
rb5ylf93do
 
Vapt life cycle
penetration Tester
 
Introduction to penetration testing
Nezar Alazzabi
 
Ad

Recently uploaded (20)

PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 

NETWORK PENETRATION TESTING

  • 2. Course Introduction • Duration: 1 Day – 3 Sessions • Objectives – Introduce you to definitions involved in Penetration Testing – Prepare you for a Network based Penetration Test – Take you through a Network Penetration Test Tools and Methodology – Enable you Understand and Write a Penetration Testing Report – No Tool, Tool, Tool Demonstration. Conceptual knowledge for strong base • Prerequisites – Working knowledge of TCP/IP – Working knowledge of Windows Commands – Working knowledge of Bash Commands
  • 3. Course Benefits • This course will be helpful for – Penetration Testing Practitioners within the Organizations or Consultants – Network Penetration Testing Project Leads – Network Engineers and Administrators – Prospective Network Penetration Testing Clients • At the end, you will be able to – Setup a Basic Network Penetration Testing Lab – Brainstorm and Dialog with Professional Penetration Testers – Write Basic Network Penetration Testing Reports – Understand Paid Network Penetration Reports • You will not be able to – Setup a Professional Network Penetration Testing Lab – Perform Professional Network Penetration Testing – Write rigorous Penetration Testing Report
  • 4. Course Author • Praful Agarwal • Over 6 Years of Work Experience • Schooling from CBSE • Bachelor in Information Technology from PTU • PG in Cyber Crime Prosecution and Defense from Asian School of Cyber Law • ISO 27001:2005 Lead Auditor • Started hacking at the age of 13 • Lectured in Indian Navy, Indian Air Force, IISc Bengaluru, etc. • No Criminal Cases, so a Good Hacker 
  • 5. Mindset • “We break computers, making them do stuff that their designers, implementers, and system administrators didn’t plan on them doing.” by a Noted Penetration Tester • Successful penetration testers and ethical hackers – Think out of the box, to do things differently – Be pragmatic but careful – Take notes regularly to make work reproducible
  • 6. What is Security? • Confidentiality – Confidentiality, also referred to as privacy, is the process of making sure that data remains private and confidential • Integrity – Integrity is the guarantee that data is protected from accidental or deliberate (malicious) modification • Availability – From a security perspective, availability means that systems remain available for legitimate users
  • 7. Base Definitions • Threat: An agent that may cause harm to the target organizations • Vulnerability: Flaw or loophole in our resources that can be used by an attacker to cause damage or destruction • Risk: Identification of vulnerabilities and threats shape into risks. That is, we have a risk when our system carries a vulnerability which can be attacked by a threat • Exploit: Exploit is an object which is initiated by the threat agent to cause damage to the organization using a vulnerability • Attack: Series of actions that exploits vulnerabilities in the target which may violate Confidentiality, Integrity and Availability of the organization
  • 8. What is Ethical Hacking? • Hacking (traditional) – Manipulating technology to make it do something that it is not designed to do • Hacking (threatening) – Breaking into computers and network systems without permissions • Hacking – Computer Security (wikipedia) – Hacking means finding out weaknesses in a computer or computer network and exploiting them, though the term can also refer to someone with an advanced understanding of computers and computer networks • Ethical Hacking (wikianswers) – Ethical hacking is where a person hacks to find weaknesses in a system and then usually patches them
  • 9. What is Penetration Testing? • Focused on finding security vulnerabilities in a target environment that could let an attacker penetrate the network or computer systems, or steal information – Using tools and techniques very similar to those employed by criminals – To prevent a thief, you may need to think like a thief – The goal is actual penetration – compromising target systems and getting access to information • Penetration testing is a subset of ethical hacking Ethical Hacking Penetration Testing
  • 10. Ethical Hacking v/s PenTest • Ethical hacking is a general process of using hacker techniques for good purpose, which includes vulnerability discovery in a target organization’s network, software product vulnerability research, and other tasks • Penetration testing is more narrowly focused phrase, dealing with process of finding flaws in a target environment with the goal of penetrating systems, taking control of them • Penetration testing is focused on penetrating the target organization’s defenses, compromising systems and getting access to information
  • 11. Types of Penetration Testing • Overt – Also known as White Hat Testing, involves performing external and/or internal testing with the knowledge and consent of the organization’s IT staff, enabling comprehensive evaluation of the network or system security posture. – As IT staff is fully aware of and involved in the testing, it may be able to provide guidance to limit the testing’s impact along with some training opportunity, with staff observing the activities and methods used by assessors to evaluate and potentially circumvent implemented security measures • Covert – Also known as Black Hat Testing, takes an adversarial approach by performing testing without the knowledge of the organization’s IT staff but with the full knowledge and permission of upper management – Purpose of this testing is to examine the damage or impact an adversary can cause—it does not focus on identifying vulnerabilities.
  • 12. Types of Network PenTest • External – This testing is conducted from outside the organization’s security perimeter. This offers the ability to view the environment’s security posture as it appears outside the security perimeter—usually as seen from the Internet—with the goal of revealing vulnerabilities that could be exploited by an external attacker • Internal – In this type of testing, assessors work from the internal network and assume the identity of a trusted insider or an attacker who has penetrated the perimeter defenses. This kind of testing can reveal vulnerabilities that could be exploited from inside, and demonstrates the potential damage an internal attacker could cause • If both internal and external testing is to be performed, the external testing usually takes place first. This is particularly beneficial if the same assessors will be performing both types of testing
  • 13. Phases of an Attack • Both malicious and ethical hackers rely on various phases in their attacks: – Reconnaissance – Scanning – Exploitation • Malicious attackers often go further, into phases such as: – Maintaining Access with backdoors and rootkits – Covering tracks with covert channels and log editing
  • 14. Reconnaissance • Also known as Passive Information Gathering, this phase includes gathering information about the target from public sources – Web presence not just website – Search engines – Web archives – Personal websites of employees – Job postings – Newsgroups – Domain Registrar • By the end of this phase, the penetration tester will have a wealth of information regarding the target without ever visiting the target’s network. All passive information is gathered from third- party sources that have collected information about our target, or have legal requirements to retain this data.
  • 15. Scanning • Also known as Active Information Gathering, this phase includes gathering information by interacting with the target network – Network addresses of live hosts, firewalls, routers, etc – Network topology – Operating systems on live hosts – Open ports – Running services – Potential vulnerable services • Minimize the chance of damaging the target machine(s), as there is always a possibility that our interactions could cause a target system or service to buzz the alarm of intrusion
  • 16. Type of Scanning • Network Sweeping – Identifying live hosts at IP addresses by sending probe packets • Port Scanning – Determining listening TCP and UDP ports on systems • OS Fingerprinting – Determining target operating system type based on network behavior • Service Scanning – Identifying running services and protocols from open ports along with versions • Vulnerability Scanning – Listing down potential vulnerabilities in the target environment
  • 17. Exploitation • Taking advantage of a vulnerable service in gaining access to a machine in target environment to run command in it • Exploitation may involve: – Moving files to a target machine – Taking files from a target machine – Sniffing network data in the target network – Install software in target machine – Using one vulnerable machine to compromise whole network • Acts as Proof of Exploitation (PoE), to be mentioned in the penetration testing report
  • 18. Exploitation Risks • Exploiting target machines does bring some significant risks which must be carefully discussed with the target organization • Exploitation risks involve: – Service Crash – System Crash – Severe impact on system stability – Data exposure
  • 19. Types of Exploitation • Server Side Exploits – Attacking a service which is listening on the network by generating and sending exploitation packets – User interaction on the target machine is not required • Client Side Exploits – Attacking a client application that fetches content from a server machine – Requires user interaction to actively pull content from the machine • Local Privilege Escalation – Attacking the local machine with limited privileges to jump to higher privileges on the machine such as root, admin – May or may not require user interaction
  • 20. PenTest Reports • Executive Summary • Test Methodology • Findings – High Risks – Medium Risks • Conclusions • Remediations