THE ABSOLUTE BASICS OF PENETRATION TESTING
THE ABSOLUTE BASICS OF PENETRATION TESTING
Penetration testing is a way for you to simulate the methods that an attacker might use to circumvent security controls and gain access to an organization’s systems. Penetration testing is more than running scanners and automated tools and then writing a report.And you won’t become an expert penetration tester overnight; it takes years of practice and real-world
experience to become proficient.
a. The Phases of the PTES
PTES(Penetration Testing execution standard) phases are designed to define a penetration test and assure the client organization that a standardized level of effort will be expended in a penetration test by anyone conducting this type of assessment. The standard is divided into seven categories with different levels of effort required for each, depending on the organization under attack.
1.Pre-engagement interactions typically occur when you discuss the scope and terms
of the penetration test with your client
2.This stage also serves as your
opportunity to educate your customer about what is to be expected from a thorough, full-scope penetration test—one without restrictions regarding what can and will be tested during the engagement.
1.In the intelligence gathering phase, you will gather any information you can
about the organization you are attacking by using social-media networks,
Google hacking, footprinting the target, and so on.
2. gathering as much as possible information of target/client.
1.Threat modeling involves looking at an organization as an adversary
and attempting to exploit weaknesses as an attacker would.
During vulnerability analysis, you combine the information that you’ve learned from the prior phases and use it to understand what attacks might be viable.
Exploitation is probably one of the most glamorous parts of a penetration test, yet it is often done with brute force rather than with precision. An exploit should be performed only when you know almost beyond a shadow of a doubt that a particular exploit will be successful.
1.Post exploitation is one of those tricky scenarios in which you must take
the time to learn what information is available to you and then use that infor-
mation to your benefit. An attacker would generally spend a significant amount
of time in a compromised system doing the same. Think like a malicious
attacker—be creative, adapt quickly, and rely on your wits instead of auto-
2. it simply means getting sensitive data of client organization.
Reporting is by far the most important element of a penetration test. You will
use reports to communicate what you did, how you did it, and, most impor-
tant, how the organization should fix the vulnerabilities discovered during
the penetration test.
b.Types of Penetration Tests
Now that you have a basic understanding of the seven PTES categories, let’s examine the two main types of penetration tests: overt and covert. An overt pen test, or “white hat” test, occurs with the organization’s full knowledge; covert tests are designed to simulate the actions of an unknown and unannounced attacker. Both tests offer advantages and disadvantages.
i.Overt Penetration Testing
1.Using overt penetration testing, you work with the organization to identify potential security threats, and the organization’s IT or security team shows you the organization’s systems. The one main benefit of an overt test is that you have access to insider knowledge and can launch attacks without fear of being blocked.
2.A potential downside to overt testing is that overt tests might not effectively test the client’s incident response program or identify how well the security program detects certain attacks. When time is limited and certain PTES steps such as intelligence gathering are out of scope, an overt test may be your best option.
ii.Covert Penetration Testing
1.Unlike overt testing, sanctioned covert penetration testing is designed to simulate the actions of an attacker and is performed without the knowledge of most of the organization. Covert tests are performed to test the internal security team’s ability to detect and respond to an attack.
2.Covert tests can be costly and time consuming, and they require more skill than overt tests. In the eyes of penetration testers in the security industry,the covert scenario is often preferred because it most closely simulates a true attack. Covert attacks rely on your ability to gain information by reconnaissance. Therefore, as a covert tester, you will typically not attempt to find a large number of vulnerabilities in a target but will simply attempt to find the
easiest way to gain access to a system, undetected.