Penetration Testing Overview

Study Notes

Penetration testing, also known as ethical hacking, is a proactive security assessment.
It involves simulating real-world attacks to assess internal and external security systems.
Professional penetration testers conduct these assessments.

Identifies vulnerabilities and threats to an organization's assets.
Provides a comprehensive assessment of security policies, procedures, designs, and architecture.
Helps organizations to set remediation actions and secure their systems before actual hackers exploit them.
Evaluates security protection and identifies the need for additional security measures.

Blue Teaming: A security team analyzes security controls and assesses the efficiency of an information security system. Their primary focus is detecting and mitigating Red Team attacks.
Red Teaming: A team of ethical hackers (pen testers) attempt to penetrate a system with limited or no access permissions. They simulate real-world attacks to identify and evaluate vulnerabilities from an attacker's perspective.

Black Box Testing: The pen tester has no prior knowledge about the target system or any information about the target.
Gray Box Testing: The pen tester has limited prior knowledge of the system or any information, such as IP addresses, operating system, or network information.
White Box Testing: The pen tester has complete access and knowledge of the system and target information. Internal security teams or security audit teams typically perform White Box Testing.

Pre-Engagement: This involves discussion with the client to set expectations and ensure everyone understands the scope and objectives of the pen test.
Information Gathering: This involves collecting data about the target system, known as footprinting. This helps the tester understand the target's security posture and vulnerabilities.
Threat Modeling: This involves analyzing potential threats and their impact. It helps the pen tester to prioritize testing areas and focus on high-risk vulnerabilities.
Vulnerability Analysis: This involves scanning the target system for known vulnerabilities. This step identifies exploitable weaknesses that could be exploited by an attacker.
Exploitation: Once vulnerabilities are identified, the pen tester attempts to exploit them to gain access to the target system.
Post-Exploitation: Once access is gained, the pen tester explores the compromised system to understand the impact of the attack and to uncover further vulnerabilities.
Reporting: The final stage involves documenting the findings, providing recommendations for remediation, and presenting the report to the client.

Scope: Clearly define the areas to be tested.
Testing Window: Establish the timeframe for the test.
Contact Information: Establish clear communication channels.
"Get Out of Jail Free" Card: Agree on a plan for mitigating false positives or unexpected issues during the testing process.
Payment Terms: Determine the payment terms and conditions.
Non-Disclosure Agreement: Secure confidential information and privacy.

This phase is referred to as footprinting.
Gathers information about the target's internal and external security architecture.
Can be a time-consuming process, potentially taking weeks or months.
Some information can be provided by the client to save time, like IP addresses.

Scans the target system to gain a better understanding of the network.
Helps the pen tester to identify potential attack vectors and valuable data within the network.
Targets specific IP addresses and services.