Labels

Understanding the Process of Penetration Testing

In this blog post, I am going to explain the penetration testing phases and provide some useful links to study each phase. 

Penetration testing, commonly known as "pen testing," is a simulated cyber attack on a computer system, network, or web application to test its defenses and identify flaws. It is a crucial component of any organization's cybersecurity strategy since it assists in identifying and repairing vulnerabilities before they may be exploited by cybercriminals. 



There are several phases to a typical pen testing engagement, which are as follows:

  1. Planning and reconnaissance: This phase involves gathering information about the target system, including its IP addresses, open ports, and any publically available information such as company websites and social media profiles. This helps the pen tester to understand the attack surface and determine the most appropriate approach to take. Some useful tutorials, tools, and blogs to learn about this phase:

    • The Wayback Machine: https://web.archive.org/
    • Shodan: https://account.shodan.io/
    • CentralOps: https://centralops.net/co/
    • Certificate Search: https://crt.sh/
    • Certificate Transparency (CT) Exposer: https://github.com/chris408/ct-exposer
    • YouGetSignal: https://www.yougetsignal.com/
    • DomainTools: https://reverseip.domaintools.com/
    • What is my IP Address?: https://www.ipaddress.com/
    • Find out what websites are Built With: https://builtwith.com/
    • Photon-Incredibly fast crawler designed for OSINT: https://github.com/s0md3v/Photon
    • Raccoon-Offensive Security Tool for Reconnaissance and Information Gathering https://github.com/evyatarmeged/Raccoon
    • OSINT Framework: https://osintframework.com/
    • Hunter lets you find professional email addresses in seconds and connect with the people that matter to your business.: https://hunter.io/

  2. Scanning: In this phase, the pen tester uses specialized tools to scan the target system for vulnerabilities. This can include network scans, port scans, and vulnerability scans. The results of these scans are used to identify potential attack vectors. Some useful tutorials, tools, and blogs to learn about this phase:

    • netdiscover: https://www.cyberpratibha.com/blog/netdiscover/
    • Nmap: https://www.freecodecamp.org/news/what-is-nmap-and-how-to-use-it-a-tutorial-for-the-greatest-scanning-tool-of-all-time/
    • Nmap Scripting Engine: https://linuxhint.com/nmap-scripting-engine-tutorial/
    • SMB Enumeration: https://www.hackingarticles.in/a-little-guide-to-smb-enumeration/
    • Legion Framework: https://www.c-sharpcorner.com/article/an-overview-of-network-penetration-testing-using-legion-framework/
    • Nessus: https://www.tenable.com/blog/how-to-run-your-first-vulnerability-scan-with-nessus
    • OpenVAS: https://hackertarget.com/openvas-tutorial-tips/
    • Wordlist: https://github.com/berzerk0/Probable-Wordlists
    • Wordlist: https://github.com/danielmiessler/SecLists
    • Wordlist: https://github.com/xajkep/wordlists
    • Turkish Wordlist: https://github.com/utkusen/turkce-wordlist

  3. Gaining access(Exploiting): Once vulnerabilities have been identified, the pen tester will attempt to exploit them to gain access to the system. This may involve using tools such as password-cracking software or exploiting known vulnerabilities in software or operating systems. Some useful tutorials, tools, and blogs to learn about this phase:

    • Bind shell and reverse shell: https://encyclopedia.kaspersky.com/glossary/remote-shell/
    • Netcat: https://www.geeksforgeeks.org/introduction-to-netcat/
    • Metasploit: https://www.varonis.com/blog/what-is-metasploit
    • Meterpreter: https://www.javatpoint.com/meterpreter-in-ethical-hacking
    • Exploit Database: https://www.exploit-db.com/
    • Exploit Database: https://sploitus.com/
    • Exploit Database: https://cxsecurity.com/
    • Exploit Database: https://www.rapid7.com/db/
    • Exploit Database: https://www.vulnerability-lab.com/
    • Man in the Middle Attack: https://www.cyberpratibha.com/kali-linux-man-in-the-middle-attack-tutorial/
    • Promiscuous Mode: https://www.blumira.com/glossary/promiscuous-mode/
    • Packet Storm: https://packetstormsecurity.com/

  4. Maintaining access(Post Exploit): Once the pen tester has gained access to the system, they will try to maintain this access by setting up "backdoors" or other methods of maintaining access even if the original vulnerability is fixed. Post-exploit activities are a crucial part of an attacker's overall strategy, as they allow the attacker to maintain access to the compromised system and continue their malicious activities even if the initial vulnerability has been fixed. Some useful tutorials, tools, and blogs to learn about this phase:

    • Post Exploitation Concept: https://www.javatpoint.com/post-exploitation-concept
    • Windows Exploit Suggester: https://github.com/bitsadmin/wesng
    • Linux Exploit Suggester 2: https://github.com/jondonas/linux-exploit-suggester-2
    • A Guide To Linux Privilege Escalation: https://payatu.com/guide-linux-privilege-escalation/
    • Advanced persistent threat (APT): https://www.imperva.com/learn/application-security/apt-advanced-persistent-threat/
    • Using a Keylogger with Metasploit: https://www.offensive-security.com/metasploit-unleashed/keylogging/
    • Msfvenom Tutorials for Beginners: https://www.hackingarticles.in/msfvenom-tutorials-beginners/
    • Pass the Hash Attack: https://infosecwriteups.com/pass-the-hash-attack-ddf956cf9551
    • How to Implement Pivoting and Relaying Techniques Using Meterpreter: https://medium.com/axon-technologies/how-to-implement-pivoting-and-relaying-techniques-using-meterpreter-b6f5ec666795

  5. Covering tracks: In this phase, the pen tester will try to cover their tracks by deleting any log files or other evidence of their activities. This is important to prevent the system administrator from detecting the pen test and potentially fixing the vulnerabilities before the testing is complete. Some useful tutorials, tools, and blogs to learn about this phase:

    • Penetration Testing: Covering Tracks: https://resources.infosecinstitute.com/topic/penetration-testing-covering-tracks/
    • How to cover your tracks after a penetration test: https://talkingcyber.uk/2022/09/10/how-to-cover-your-tracks-after-a-penetration-test/
    • Eraser is a tool that can be used to securely delete files and wipe free space on a hard drive, making it more difficult for an attacker's activities to be detected
    • BleachBit is a tool that can be used to securely delete files, clear browser history and cache, and more, making it more difficult for an attacker's activities to be detected.
    • Covering Track for EH on Penetration testing: https://tanmay26.medium.com/covering-track-for-eh-on-penetration-testing-8b9d8915b8ce

  6. Reporting: The final phase of a pen test is to report on the findings and provide recommendations for how to fix any vulnerabilities that were identified. This report should include a detailed description of the vulnerabilities and any recommendations for fixing them. Some useful tutorials, tools, and blogs to learn about this phase:

    • https://www.e-spincorp.com/pdf/Service/serviceDescription_externalpentest_internalsecurityassessment.pdf
    • What To Look For In A Penetration Testing Statement Of Work?: https://www.triaxiomsecurity.com/what-to-look-for-in-a-penetration-testing-statement-of-work/
    • Rapid7 Master Services Agreement: https://www.rapid7.com/legal/msa/
    • Abnormal Security Cloud Terms of Service: https://legal.abnormalsecurity.com/
    • Non Disclosure: http://www.m5computersecurity.com/partners/NDA-M5-Systems.pdf
    • Non Disclosure:https://www.dla.gov.in/sites/default/files/pdf/NondisclosureAgreement.pdf
    • WHY YOU NEED PENETRATION TESTING RULES OF ENGAGEMENT AS PART OF YOUR PENETRATION TEST: https://www.emagined.com/blog/why-you-need-rules-of-engagement-as-part-of-your-penetration-test
    • Penetration Test Report: https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
    • Penetration Test Report: https://pentestreports.com/reports/PrimoConnect/SAMPLE+Security+Testing+Findings.pdf



  7. Security Hardening: The process of enhancing the security of a system or application by reducing its attack surface and minimizing the potential for successful attacks. This can be achieved through a variety of methods, including:

    • What Is SMB Protocol and Why Is it a Security Concern?: https://cybersophia.net/articles/what-is/what-is-smb-protocol-and-why-is-it-a-security-concern/
    • Restrict access on RDP by IP Address: https://www.mivocloud.com/en/blog/Restrict-access-on-RDP-by-IP-Address
    • Restrict Access to Only Specified Users or Computers: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices
    • Disabling NTLMV1: https://www.csun.edu/it/ntlmv1#:~:text=Disabling%20NTLMV1,disable%20NTLMv1%20through%20the%20registry.
    • Debug Privilege: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/debug-privilege
    • Password security – Understanding the basics: https://saferinternet.org.uk/blog/password-security-understanding-the-basics
    • GPO - Disable cached-account logon: https://techexpert.tips/windows/gpo-disable-cached-account-logon/
    • RDP: https://www.eshlomo.us/restricted-rdp-for-admin-restrictedadmin/#:~:text=Restricted%20Admin%20Mode,-Restricted%20Admin%20Mode&text=This%20means%20that%20if%20malware,for%20the%20malware%20to%20attack.
    • Share and NTFS Permissions: https://learn.microsoft.com/en-us/iis/web-hosting/configuring-servers-in-the-windows-web-platform/configuring-share-and-ntfs-permissions
    • How to Disable NetBIOS and LLMNR Protocols in Windows Using GPO?: https://woshub.com/how-to-disable-netbios-over-tcpip-and-llmnr-using-gpo/
    • ARP Poisoning: What it is & How to Prevent ARP Spoofing Attacks: https://www.varonis.com/blog/arp-poisoning
    • Antivirus tests: https://www.av-test.org/en/
    • Why You Need To Know About HSTS and SSL Stripping Attack?: https://www.encryptionconsulting.com/hsts-and-ssl-stripping-attack/

By following a structured approach and covering all of these phases, organizations can ensure that they are thoroughly testing the security of their systems and identifying any vulnerabilities that may be exploited by cybercriminals. Make sure to include all of these phases in your pen-testing process to keep your systems secure.

Publish date: 08 January 2023

References:

  • https://chat.openai.com/
  • https://www.udemy.com/user/kayhan-20/
Labels:

Comments

Post a Comment