Penetration testing is the technique of simulating a real-world cyber-attack on an organization systems and networks.
Companies hire an "ethical" hacker to hack their network to discover any security vulnerabilities.
The "ethical" hacker will look for vulnerabilities and exploit them, thus breaking into the system
At the end of a penetration test, the ethical hacker provides a report which contains all the vulnerabilities found and how each can be exploited.
The organization uses this information from the report to improve the security on their network, such as applying patches, updates and even closing unused network ports on systems.
The need for penetration testing - each day new vulnerabilities are being discovered by security researchers and hackers.
It's important to perform continuous testing on your network to ensure all backdoors and security flaws are fixed before a real hacker compromises your network.
This phase is where the attacker does passive information gather
The attack uses various resources on the Internet such as social media sites to gather information about target.
Passive reconnaissance is an indirect method of gathering information without engaging the target
Active Reconnaissance - The attacker actively engages the target to gather information
An example of Active Reconnaissance can be checking the target's website, retrieving DNS records, performing a port scan and fingerprinting an operating system.
The attacker also performs vulnerability scanning to find any weakness
Once vulnerabilities are found, the attacker uses an exploit to break into a system or network.
During this phase, the exploit code many or many not work.
The attacker can use multiple techniques to compromise the target system such as social engineering or perform buffer overflow attacks to gain access to a system.
Usually after an attacker gains access to the system, the attack ensure he/she will be able to access the compromise system in future. This is called persistent access.
Creates a backdoor on the compromise system to allow the attacker.
Attacker are also able to pivot their attack from a compromise system allowing them to move around the insider network
In this phase, the attacker attempts to clear all logs and any traces of evidence that may indicate the system was compromised.
Black Box - In this type of test, the penetration tester does not have any prior knowledge of the organization's system or network
White Box - In this test, the penetration tester is given all the details about the systems and network.
Gray Box - The gray box test is in-between the white and box testing. The penetration tester knows some details about the network but not all the details.
Timeline for the test
When the test can happen
What can be tested
What data can be gathered
Legal concerns
Third-party concern
Communication
Red-team - Discover security vulnerabilities and exploit those security weaknesses. They also assist in resolving security vulnerabilities that are discovered. This team usually not part of the organization.
Blue-team - Focuses on detecting and preventing threats. This teams is responsible for the defensive side of security and protecting the organization's assets.
White-team - Ensuring both red and blue team abide by the rules and maintaining their integrity. Helps the organization to understand the lessons-learned.
Purple-team - The purple team is a combination of both red and blue teaming.