SlideShare a Scribd company logo

PENETRATION TESTING LECTURE SLIDES start

D
Dorcask3

The document details the framework and methodologies for penetration testing, highlighting the importance of identifying vulnerabilities in systems and networks. It outlines the phases of penetration testing, tools used, and the skills required for a penetration tester, including certification options. The workshop, conducted by Akinwale Abiodun at the Islamic University in Uganda, emphasizes the necessity of vulnerability assessments and the procedural steps involved in simulating security breaches for effective risk management.

Technology
1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
PENETRATION TESTING AFRICA CENTRE OF EXCELLENCE, OBAFEMI AWOLOWO UNIVERSITY CYBERSECURITY MODULAR WORKSHOP @ ISLAMIC UNIVERSITY IN UGANDA (MAY 22ND – MAY 26TH, 2023) AKINWALE ABIODUN PH.D. MD/CEO LOGITRONIC SYSTEMS LTD, NIGERIA
INTRODUCTION ❑BACKGROUND ❑ Simulated Attack on a System or Network to Evaluate its Security. ❑ “Surgical Operation” Identifies the Strengths and Weaknesses of a Deployment in a Holistic Assessment for Risks ad the Remediation ❑STEPS SUMMARY ❑Scanning Target Devices (Server, Workstations, Mobile Devices, etc (Wireshark) ❑Find Vulnerabilities / Loopholes to be Exploited to Gain Control (Nmap) ❑Post Exploitation Escalation of Privileges (Metasploit/Metasploitable) 20XX 2
INTRODUCTION ❑VULNERABILITY ASSESSMENT ❑ A Systematic Review Of Security Weaknesses In An Information System (3 Steps): ❑ Evaluates System Susceptibility to Known Vulnerabilities ❑ Quantifies and Assigns Severity Levels to the Vulnerabilities ❑ Recommends Remediation or Mitigation Whenever Needed Through Reports ❑ Examples of Threats Preventable by VA: ❑ SQL Injection Attack, XSS, Other Code Injections ❑ Escalation of Privileges Due to Faulty Authentication Mechanisms ❑ Insecure Defaults – Software that Ships with Insecure Settings, Such Guessable Admin Passwords. 20XX 3
INTRODUCTION ❑TYPES OF VULNERABILITY ASSESSMENT ❑Host Assessment – The Assessment of Critical Servers, Which may be Vulnerable ❑Network And Wireless Assessment – The Assessment of Policies and Practices to Prevent Unauthorized Access ❑Database Assessment – The Assessment of Databases or Big Data Systems for Vulnerabilities and Misconfigurations, Identifying Rogue Databases or Insecure Dev/Test Environments ❑Application Scans – The Identifying of Security Vulnerabilities in Web Applications and Their Source Code by Automated Scans 20XX 4
INTRODUCTION ❑ DEFINITION: Penetration Test (Pen Test), Authorised Simulated Cyber Attack to Test for Vulnerabilities ❑ Companies realize that they can’t make every system 100% secure, they are extremely interested to know exactly what kind of security issues they are dealing with on ❑ Computer Systems ❑ Applications (APIs, Frontend/Backend Servers, etc.) ❑ Networks ❑ RESULTS ❑ Fine-tune (Web Application Firewalls) WAF Security Policies ❑ Patch Detected Vulnerabilities. ❑ Deploy IPS/IDS ❑ Pen Testing Satisfies Compliance Requirements for security Auditing Procedures, including PCI DSS and SOC 2 20XX 5
PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 6 ❑ PHASE 1: PLANNING AND RECONNAISSANCE (Active and Passive Operations) ❑ Define Scope and Goals of Test: ❑ Systems to be Addressed ❑ Test Methods ❑ Intelligence Gathering ❑ Find Network and Domain Names, Mail Server ❑ Understand the Target ❑ Check for Potential Vulnerabilities
PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 7 ❑ PHASE 2: Scanning - Determine How Target Responds to Attacks (Three types: ❑ 1. Port Scanning – Detecting Open Ports and Running Services on Target Host. ❑ 2. Network Scanning – Discovering IP Addresses, Operating Systems, Topology, Protocols, etc. ❑ 3. Vulnerability Scanning – Scanning to gather information about known vulnerabilities in a target. ❑ Static Analysis: Inspect Application’s Entire Code to Estimate its Behaviour ❑ Dynamic Analysis: Inspect Web Application’s Code in Running or Production State
PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 8 ❑ PHASE 3: Gaining Access – The Ultimate Goal of Penetration Testing or The Attack Phase ❑ Gaining Access Could be as Easy as Accessing an Exposed private URL. ❑ You May Use Attacks such as Cross-Site Scripting (CSS), SQL Injection and Backdoors, to Expose Vulnerabilities ❑ Run Exploits Against Target to Gain Access i.e. Exploit Vulnerabilities: Escalate Privileges, steal Data, Intercept Traffic ❑ Run Exploits only When Necessary So as Not to Disrupt Production Lines
PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 9 ❑ EXPLOITS: A Piece of Code That Takes Advantage of a Vulnerability to Cause Unintended Behavior in the Software ❑ TYPES OF EXPLOITS: ❑ Remote exploits – Typically Used Across a Network to Hit a Remote System ❑ Local Exploits – Used to Exploit Vulnerabilities locally. E.g. Elevate the Privileges of a User on a Machine ❑ Client Side Exploits - Relies mostly on Social Engineering Techniques e.g. Sending a Malicious File that can Exploit a Vulnerable Software (Example: Internet Explorer, Adobe Reader, etc.) on Victim’s Machine. Attacker gains Access to Victim’s Machine Remotely
PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 10 ❑ PHASE 4: Maintaining Access – The Attack Phase ❑ Maintain Persistent presence in Exploited System ❑ Elevate Access: ❑ Horizontal Privilege Escalation (Same Level) ❑ Vertical Privilege Escalation (Low to Higher) ❑ Imitate Advanced Persistent Threats ❑ Steal an Organization’s Most Sensitive Data.
PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 11 ❑ PHASE 5: Analysis/Covering Tracks – Report of Pen Test and Mitigation ❑ Vulnerabilities Exploited ❑ Sensitive Data Accessed ❑ Amount of Undetected Exploitation Time
PENETRATIONTESTING METHODS ❑ EXTERNAL TESTING ❑ Target Visible Assets of a Company to Gain Access ❑ Web Application ❑ Company Website ❑ Email ❑ Domain Name Servers (DNS ❑ INTERNAL TESTING ❑ Simulates Attack Behind the Firewall ❑ BLIND TEST ❑ Only the Name of the Enterprise is Known by Tester i.e. Severely limited Information.
PENETRATIONTESTING METHODS ❑ DOUBLE-BLIND TESTING (D-BLIND) ❑ Company’s Internal Cybersecurity Personnel and System User Unaware of Test ❑ Gold Standard in Pen tests ❑ TARGETED TESTING ❑ Pen Tester and Internal Cybersecurity Personnel Work Together
PENETRATIONTESTING AND FIREWALLS ❑ PEN TEST AND WEB APPLICATION FIREWALLS ❑ Mutually exclusive ❑ Tester Uses WAF Logs for Exploitation ❑ WAF Configurations Updated after Pen Tests
PENETRATION TESTING TOOLS ❑ NETSPARKER - Accurate Automated Scanner ❑ Can Identify SQL Injection Cross- site Scripting ❑ No False Positives ❑ ACUNETIX - Automated Web Vulnerability Scanner ❑ Detects over 4500 Web Application vulnerabilities Including SQLi and XSS. SAMPLE FOOTER TEXT 20XX 15
PENETRATION TESTING TOOLS ❑ CORE IMPACT ❑ Claims Largest Database ❑ With Over 20 Years’ Experience ❑ INTRUDER ❑ Over 9,000 Security Checks ❑ ASTRA ❑ Over 3000 Tests Available SAMPLE FOOTER TEXT 20XX 16
PENETRATION TESTING TOOLS ❑ METASPLOIT ❑ Most Advanced and Popular Framework ❑ Based on the concept of “Exploit” ❑ Has Command-line and the GUI ❑ Works on Linux, Apple Mac OS X, and Microsoft Windows ❑ WIRESHARK (+NMAP) ❑ Network Protocol Analyzer ❑ Works on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD SAMPLE FOOTER TEXT 20XX 17
A PENETRATION TESTER PROFILE ❑ SPECIALISATION ❑ Networks and Infrastructures ❑ Windows, Linux and Mac Operating Systems ❑ Embedded Computer Systems ❑ Web/mobile Applications ❑ SCADA (supervisory control and data acquisition) control systems ❑ Internet of Things (IoTs). SAMPLE FOOTER TEXT 20XX 18
A PENETRATION TESTER PROFILE ❑ RESPONSIBILITIES ❑ Understand Complex Computer Systems and Technical Cyber Security Terms ❑ Work With Clients to Determine Their Requirements From The Test, e.g. The Number And Type of Systems They Would Like Testing ❑ Plan And Create Penetration Methods, Scripts and Tests ❑ Carry Out Remote Testing of A Client's Network or Onsite Testing Of Their Infrastructure to Expose Weaknesses in Security ❑ Simulate Security Breaches to Test a System's Relative Security 20XX 19
A PENETRATION TESTER PROFILE ❑ RESPONSIBILITIES ❑ Create Reports and Recommendations from Findings, Including Security Issues Uncovered and Level of Risk ❑ Advise on Methods to Fix or Lower Security Risks to Systems ❑ Present your Findings, Risks and Conclusions to Management and Other Relevant Parties ❑ Consider the Impact Your 'Attack' Will Have on the Business and Its Users ❑ Understand How the Flaws that you Identify Could Affect a Business, or Business Function, If They’re not Fixed. 20XX 20
A PENETRATION TESTER PROFILE ❑ SKILL SET ❑ In-depth Understanding of Computer Systems and Their Operation ❑ Excellent Spoken and Written Communication to Explain your Methods to a Technical and Non-technical Audience ❑ Attention to Detail, to be Able to Plan and Execute Tests While Considering Client Requirements ❑ Ability to Think Creatively And Strategically to Penetrate Security Systems ❑ Good Time Management and Organisational Skills to Meet Client Deadlines ❑ Ethical Integrity to Be Trusted With a High Level of Confidential Information 20XX 21
A PENETRATION TESTER PROFILE ❑ SKILL SET ❑ Ability to Think Laterally and 'Outside The Box' ❑ Teamwork Skills, to Support Colleagues and Share Techniques ❑ Exceptional Analytical and Problem- solving Skills and The Persistence to Apply Different Techniques to Get The Job Done ❑ Business Skills to Understand the Implications of Any Weaknesses You Find ❑ Commitment to Continuously Updating Your Technical Knowledge Base ❑ Good Knowledge of Phyton ad Scripting 20XX 22
A PENETRATION TESTER PROFILE ❑ CERTIFICATION ❑ CREST Registered Penetration Tester (CRT) ❑ Offensive Security Certified Professional (OSCP) ❑ Certified Ethical Hacker (CEH) Certification ❑ GIAC Certified Penetration Tester (GPEN) ❑ Company Certification Schemes from Major Vendors and Equipment Providers like Microsoft (MCP) or Cisco (CCNA Security) 20XX 23
THANKYOU! 20XX 24

More Related Content

Similar to PENETRATION TESTING LECTURE SLIDES start (20)

PPTX
Vapt life cycle
penetration Tester
 
PDF
5 howtomitigate
richarddxd
 
PPTX
Web application Testing
OWASP Foundation
 
PDF
Datasheet app vulnerability_assess
Birodh Rijal
 
PPTX
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
PDF
Common Tools Used in Penetration Testing.pptx (1).pdf
Rosy G
 
PDF
Network Vulnerability and Patching
Emmanuel Udeagha B.
 
PDF
Monitoring threats for pci compliance
Shiva Hullavarad
 
PDF
Monitoring threats for pci compliance
Shiva Hullavarad
 
DOCX
penetration test
Hajer alriyami
 
PDF
The Art of Penetration Testing in Cybersecurity.
Expeed Software
 
PPTX
Network security ppt presentation and download
deva1211
 
PPT
Penetration testing, What’s this?
Dmitry Evteev
 
PDF
Building Security Controls around Attack Models
SeniorStoryteller
 
PDF
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
David Sweigert
 
PDF
Infrastructure & Network Vulnerability Assessment and Penetration Testing
ElanusTechnologies
 
PPTX
Network Vulnerability Assessment: Key Decision Points
PivotPointSecurity
 
PDF
What is Penetration & Penetration test ?
Bhavin Shah
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PDF
(VAPT) Vulnerability Assessment And Penetration Testing
Bluechip Gulf IT Services
 
Vapt life cycle
penetration Tester
 
5 howtomitigate
richarddxd
 
Web application Testing
OWASP Foundation
 
Datasheet app vulnerability_assess
Birodh Rijal
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
Common Tools Used in Penetration Testing.pptx (1).pdf
Rosy G
 
Network Vulnerability and Patching
Emmanuel Udeagha B.
 
Monitoring threats for pci compliance
Shiva Hullavarad
 
Monitoring threats for pci compliance
Shiva Hullavarad
 
penetration test
Hajer alriyami
 
The Art of Penetration Testing in Cybersecurity.
Expeed Software
 
Network security ppt presentation and download
deva1211
 
Penetration testing, What’s this?
Dmitry Evteev
 
Building Security Controls around Attack Models
SeniorStoryteller
 
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
David Sweigert
 
Infrastructure & Network Vulnerability Assessment and Penetration Testing
ElanusTechnologies
 
Network Vulnerability Assessment: Key Decision Points
PivotPointSecurity
 
What is Penetration & Penetration test ?
Bhavin Shah
 
Introduction to penetration testing
Nezar Alazzabi
 
(VAPT) Vulnerability Assessment And Penetration Testing
Bluechip Gulf IT Services
 

More from Dorcask3 (14)

PPTX
DNS & SITES-SERVICES OF Active Directory.pptx
Dorcask3
 
PPTX
FAMILY CONFERENCE UCU MAY 21-22. S UBOMBA-JASWA.pptx
Dorcask3
 
PPTX
FINAL PRESENTATION - COMMODITY STRATEGY.pptx
Dorcask3
 
PPTX
FAMILY CRISIS _crisis in uganda-202.pptx
Dorcask3
 
PPTX
Victron-Global-Remote-and-Victron-E.pptx
Dorcask3
 
PPT
BGP Policy Control Guidelines to fol.ppt
Dorcask3
 
PPTX
00.2_IP_Addressing lecture about IPV.pptx
Dorcask3
 
PPTX
Backups _Disaster_Recovery for 202 .pptx
Dorcask3
 
PDF
FOUNDATIONS OF CYBERSECURITY beginner l
Dorcask3
 
PDF
Computer Network Security study mate.pdf
Dorcask3
 
PPTX
ITE8_Chp3ciscoitessentialsslidessss.pptx
Dorcask3
 
PPTX
Windows Configuration steps and guidesss
Dorcask3
 
PDF
Kabale University Academic Prog Brochure
Dorcask3
 
PPTX
Workstations-02.pptx
Dorcask3
 
DNS & SITES-SERVICES OF Active Directory.pptx
Dorcask3
 
FAMILY CONFERENCE UCU MAY 21-22. S UBOMBA-JASWA.pptx
Dorcask3
 
FINAL PRESENTATION - COMMODITY STRATEGY.pptx
Dorcask3
 
FAMILY CRISIS _crisis in uganda-202.pptx
Dorcask3
 
Victron-Global-Remote-and-Victron-E.pptx
Dorcask3
 
BGP Policy Control Guidelines to fol.ppt
Dorcask3
 
00.2_IP_Addressing lecture about IPV.pptx
Dorcask3
 
Backups _Disaster_Recovery for 202 .pptx
Dorcask3
 
FOUNDATIONS OF CYBERSECURITY beginner l
Dorcask3
 
Computer Network Security study mate.pdf
Dorcask3
 
ITE8_Chp3ciscoitessentialsslidessss.pptx
Dorcask3
 
Windows Configuration steps and guidesss
Dorcask3
 
Kabale University Academic Prog Brochure
Dorcask3
 
Workstations-02.pptx
Dorcask3
 
Ad

Recently uploaded (20)

PDF
Français Patch Tuesday - Juillet
Ivanti
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PPTX
Top Managed Service Providers in Los Angeles
Captain IT
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
July Patch Tuesday
Ivanti
 
PDF
NewMind AI Journal - Weekly Chronicles - July'25 Week II
NewMind AI
 
PDF
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
PDF
Meetup Kickoff & Welcome - Rohit Yadav, CSIUG Chairman
ShapeBlue
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
Smart Air Quality Monitoring with Serrax AQM190 LITE
SERRAX TECHNOLOGIES LLP
 
PPTX
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
Français Patch Tuesday - Juillet
Ivanti
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Top Managed Service Providers in Los Angeles
Captain IT
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
July Patch Tuesday
Ivanti
 
NewMind AI Journal - Weekly Chronicles - July'25 Week II
NewMind AI
 
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
Meetup Kickoff & Welcome - Rohit Yadav, CSIUG Chairman
ShapeBlue
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Smart Air Quality Monitoring with Serrax AQM190 LITE
SERRAX TECHNOLOGIES LLP
 
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
Ad

PENETRATION TESTING LECTURE SLIDES start

  • 1. PENETRATION TESTING AFRICA CENTRE OF EXCELLENCE, OBAFEMI AWOLOWO UNIVERSITY CYBERSECURITY MODULAR WORKSHOP @ ISLAMIC UNIVERSITY IN UGANDA (MAY 22ND – MAY 26TH, 2023) AKINWALE ABIODUN PH.D. MD/CEO LOGITRONIC SYSTEMS LTD, NIGERIA
  • 2. INTRODUCTION ❑BACKGROUND ❑ Simulated Attack on a System or Network to Evaluate its Security. ❑ “Surgical Operation” Identifies the Strengths and Weaknesses of a Deployment in a Holistic Assessment for Risks ad the Remediation ❑STEPS SUMMARY ❑Scanning Target Devices (Server, Workstations, Mobile Devices, etc (Wireshark) ❑Find Vulnerabilities / Loopholes to be Exploited to Gain Control (Nmap) ❑Post Exploitation Escalation of Privileges (Metasploit/Metasploitable) 20XX 2
  • 3. INTRODUCTION ❑VULNERABILITY ASSESSMENT ❑ A Systematic Review Of Security Weaknesses In An Information System (3 Steps): ❑ Evaluates System Susceptibility to Known Vulnerabilities ❑ Quantifies and Assigns Severity Levels to the Vulnerabilities ❑ Recommends Remediation or Mitigation Whenever Needed Through Reports ❑ Examples of Threats Preventable by VA: ❑ SQL Injection Attack, XSS, Other Code Injections ❑ Escalation of Privileges Due to Faulty Authentication Mechanisms ❑ Insecure Defaults – Software that Ships with Insecure Settings, Such Guessable Admin Passwords. 20XX 3
  • 4. INTRODUCTION ❑TYPES OF VULNERABILITY ASSESSMENT ❑Host Assessment – The Assessment of Critical Servers, Which may be Vulnerable ❑Network And Wireless Assessment – The Assessment of Policies and Practices to Prevent Unauthorized Access ❑Database Assessment – The Assessment of Databases or Big Data Systems for Vulnerabilities and Misconfigurations, Identifying Rogue Databases or Insecure Dev/Test Environments ❑Application Scans – The Identifying of Security Vulnerabilities in Web Applications and Their Source Code by Automated Scans 20XX 4
  • 5. INTRODUCTION ❑ DEFINITION: Penetration Test (Pen Test), Authorised Simulated Cyber Attack to Test for Vulnerabilities ❑ Companies realize that they can’t make every system 100% secure, they are extremely interested to know exactly what kind of security issues they are dealing with on ❑ Computer Systems ❑ Applications (APIs, Frontend/Backend Servers, etc.) ❑ Networks ❑ RESULTS ❑ Fine-tune (Web Application Firewalls) WAF Security Policies ❑ Patch Detected Vulnerabilities. ❑ Deploy IPS/IDS ❑ Pen Testing Satisfies Compliance Requirements for security Auditing Procedures, including PCI DSS and SOC 2 20XX 5
  • 6. PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 6 ❑ PHASE 1: PLANNING AND RECONNAISSANCE (Active and Passive Operations) ❑ Define Scope and Goals of Test: ❑ Systems to be Addressed ❑ Test Methods ❑ Intelligence Gathering ❑ Find Network and Domain Names, Mail Server ❑ Understand the Target ❑ Check for Potential Vulnerabilities
  • 7. PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 7 ❑ PHASE 2: Scanning - Determine How Target Responds to Attacks (Three types: ❑ 1. Port Scanning – Detecting Open Ports and Running Services on Target Host. ❑ 2. Network Scanning – Discovering IP Addresses, Operating Systems, Topology, Protocols, etc. ❑ 3. Vulnerability Scanning – Scanning to gather information about known vulnerabilities in a target. ❑ Static Analysis: Inspect Application’s Entire Code to Estimate its Behaviour ❑ Dynamic Analysis: Inspect Web Application’s Code in Running or Production State
  • 8. PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 8 ❑ PHASE 3: Gaining Access – The Ultimate Goal of Penetration Testing or The Attack Phase ❑ Gaining Access Could be as Easy as Accessing an Exposed private URL. ❑ You May Use Attacks such as Cross-Site Scripting (CSS), SQL Injection and Backdoors, to Expose Vulnerabilities ❑ Run Exploits Against Target to Gain Access i.e. Exploit Vulnerabilities: Escalate Privileges, steal Data, Intercept Traffic ❑ Run Exploits only When Necessary So as Not to Disrupt Production Lines
  • 9. PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 9 ❑ EXPLOITS: A Piece of Code That Takes Advantage of a Vulnerability to Cause Unintended Behavior in the Software ❑ TYPES OF EXPLOITS: ❑ Remote exploits – Typically Used Across a Network to Hit a Remote System ❑ Local Exploits – Used to Exploit Vulnerabilities locally. E.g. Elevate the Privileges of a User on a Machine ❑ Client Side Exploits - Relies mostly on Social Engineering Techniques e.g. Sending a Malicious File that can Exploit a Vulnerable Software (Example: Internet Explorer, Adobe Reader, etc.) on Victim’s Machine. Attacker gains Access to Victim’s Machine Remotely
  • 10. PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 10 ❑ PHASE 4: Maintaining Access – The Attack Phase ❑ Maintain Persistent presence in Exploited System ❑ Elevate Access: ❑ Horizontal Privilege Escalation (Same Level) ❑ Vertical Privilege Escalation (Low to Higher) ❑ Imitate Advanced Persistent Threats ❑ Steal an Organization’s Most Sensitive Data.
  • 11. PHASES OF PENETRATION TESTING SAMPLE FOOTER TEXT 20XX 11 ❑ PHASE 5: Analysis/Covering Tracks – Report of Pen Test and Mitigation ❑ Vulnerabilities Exploited ❑ Sensitive Data Accessed ❑ Amount of Undetected Exploitation Time
  • 12. PENETRATIONTESTING METHODS ❑ EXTERNAL TESTING ❑ Target Visible Assets of a Company to Gain Access ❑ Web Application ❑ Company Website ❑ Email ❑ Domain Name Servers (DNS ❑ INTERNAL TESTING ❑ Simulates Attack Behind the Firewall ❑ BLIND TEST ❑ Only the Name of the Enterprise is Known by Tester i.e. Severely limited Information.
  • 13. PENETRATIONTESTING METHODS ❑ DOUBLE-BLIND TESTING (D-BLIND) ❑ Company’s Internal Cybersecurity Personnel and System User Unaware of Test ❑ Gold Standard in Pen tests ❑ TARGETED TESTING ❑ Pen Tester and Internal Cybersecurity Personnel Work Together
  • 14. PENETRATIONTESTING AND FIREWALLS ❑ PEN TEST AND WEB APPLICATION FIREWALLS ❑ Mutually exclusive ❑ Tester Uses WAF Logs for Exploitation ❑ WAF Configurations Updated after Pen Tests
  • 15. PENETRATION TESTING TOOLS ❑ NETSPARKER - Accurate Automated Scanner ❑ Can Identify SQL Injection Cross- site Scripting ❑ No False Positives ❑ ACUNETIX - Automated Web Vulnerability Scanner ❑ Detects over 4500 Web Application vulnerabilities Including SQLi and XSS. SAMPLE FOOTER TEXT 20XX 15
  • 16. PENETRATION TESTING TOOLS ❑ CORE IMPACT ❑ Claims Largest Database ❑ With Over 20 Years’ Experience ❑ INTRUDER ❑ Over 9,000 Security Checks ❑ ASTRA ❑ Over 3000 Tests Available SAMPLE FOOTER TEXT 20XX 16
  • 17. PENETRATION TESTING TOOLS ❑ METASPLOIT ❑ Most Advanced and Popular Framework ❑ Based on the concept of “Exploit” ❑ Has Command-line and the GUI ❑ Works on Linux, Apple Mac OS X, and Microsoft Windows ❑ WIRESHARK (+NMAP) ❑ Network Protocol Analyzer ❑ Works on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD SAMPLE FOOTER TEXT 20XX 17
  • 18. A PENETRATION TESTER PROFILE ❑ SPECIALISATION ❑ Networks and Infrastructures ❑ Windows, Linux and Mac Operating Systems ❑ Embedded Computer Systems ❑ Web/mobile Applications ❑ SCADA (supervisory control and data acquisition) control systems ❑ Internet of Things (IoTs). SAMPLE FOOTER TEXT 20XX 18
  • 19. A PENETRATION TESTER PROFILE ❑ RESPONSIBILITIES ❑ Understand Complex Computer Systems and Technical Cyber Security Terms ❑ Work With Clients to Determine Their Requirements From The Test, e.g. The Number And Type of Systems They Would Like Testing ❑ Plan And Create Penetration Methods, Scripts and Tests ❑ Carry Out Remote Testing of A Client's Network or Onsite Testing Of Their Infrastructure to Expose Weaknesses in Security ❑ Simulate Security Breaches to Test a System's Relative Security 20XX 19
  • 20. A PENETRATION TESTER PROFILE ❑ RESPONSIBILITIES ❑ Create Reports and Recommendations from Findings, Including Security Issues Uncovered and Level of Risk ❑ Advise on Methods to Fix or Lower Security Risks to Systems ❑ Present your Findings, Risks and Conclusions to Management and Other Relevant Parties ❑ Consider the Impact Your 'Attack' Will Have on the Business and Its Users ❑ Understand How the Flaws that you Identify Could Affect a Business, or Business Function, If They’re not Fixed. 20XX 20
  • 21. A PENETRATION TESTER PROFILE ❑ SKILL SET ❑ In-depth Understanding of Computer Systems and Their Operation ❑ Excellent Spoken and Written Communication to Explain your Methods to a Technical and Non-technical Audience ❑ Attention to Detail, to be Able to Plan and Execute Tests While Considering Client Requirements ❑ Ability to Think Creatively And Strategically to Penetrate Security Systems ❑ Good Time Management and Organisational Skills to Meet Client Deadlines ❑ Ethical Integrity to Be Trusted With a High Level of Confidential Information 20XX 21
  • 22. A PENETRATION TESTER PROFILE ❑ SKILL SET ❑ Ability to Think Laterally and 'Outside The Box' ❑ Teamwork Skills, to Support Colleagues and Share Techniques ❑ Exceptional Analytical and Problem- solving Skills and The Persistence to Apply Different Techniques to Get The Job Done ❑ Business Skills to Understand the Implications of Any Weaknesses You Find ❑ Commitment to Continuously Updating Your Technical Knowledge Base ❑ Good Knowledge of Phyton ad Scripting 20XX 22
  • 23. A PENETRATION TESTER PROFILE ❑ CERTIFICATION ❑ CREST Registered Penetration Tester (CRT) ❑ Offensive Security Certified Professional (OSCP) ❑ Certified Ethical Hacker (CEH) Certification ❑ GIAC Certified Penetration Tester (GPEN) ❑ Company Certification Schemes from Major Vendors and Equipment Providers like Microsoft (MCP) or Cisco (CCNA Security) 20XX 23