vault backup: 2024-10-16 09:12:37
This commit is contained in:
boris
92
Penetration Testing/Week 1/Lecture 1 - Intro.md
Normal file
92
Penetration Testing/Week 1/Lecture 1 - Intro.md
Normal file
@@ -0,0 +1,92 @@
|
||||
# Assessments
|
||||
|
||||
## T1
|
||||
|
||||
Assignment coursework (Written) (50%) - Reconnaissance of real organisation
|
||||
Assignment coursework (Practical Work) (50%) - Penetration Testing vulnerable machines
|
||||
|
||||
# What is Penetration Testing?
|
||||
|
||||
Definition: “A method for gaining assurance in the security of an IT system by attempting to breach
|
||||
some or all of that system's security, using the same tools and techniques as an adversary might.”
|
||||
|
||||
“Penetration testing should be viewed as a method for gaining assurance in your organisation's
|
||||
vulnerability assessment and management processes, not as a primary method for identifying
|
||||
vulnerabilities.”
|
||||
|
||||
Penetration testing should be used to mitigate vulnerabilities before a black hat exploits them.
|
||||
|
||||
# Penetration Testing Vs Vulnerability Assessment
|
||||
|
||||
Penetration testing is the step after vulnerability assessment. it **proves** the vulnerability can be exploited in a real-world scenario.
|
||||
Vulnerability assessment seeks to validate the minimum level of security that should be applied, usually a precursor. It does not exploit or replicate a real attack, nor considers the overall security process.
|
||||
Penetration tests are ethical attack simulations that attempt to validate the effectiveness of security controls by highlighting risks.
|
||||
|
||||
# Types of Pentesting
|
||||
|
||||
## Whitebox Testing
|
||||
|
||||
- Full information about target is shared.
|
||||
- Confirms efficacy of internal vulnerability assessment & management controls
|
||||
- Identifies existence of known vulnerabilities and misconfiguration
|
||||
|
||||
## Greybox Testing
|
||||
|
||||
- Limited amount of information about target, ex:
|
||||
- IP range
|
||||
- Access to database / backend, but not source code.
|
||||
|
||||
## Blackbox Testing
|
||||
|
||||
- No information shared
|
||||
- Performed from external perspectives
|
||||
- Aimed at identifying ways to access assets
|
||||
- More accurately models risk
|
||||
- Lack of information could result in unknown vulnerabilities being uncovered.
|
||||
|
||||
# Red Vs Blue Teaming
|
||||
|
||||
## Red Teaming
|
||||
|
||||
- Adversarial, goal based assessment.
|
||||
- Provides real-world view into attacker's methods
|
||||
- Evades Blue Team
|
||||
|
||||
## Blue Teaming
|
||||
|
||||
- Defensive role of an organisation
|
||||
- Detects red team.
|
||||
|
||||
# Penetration Testing Lifecycle
|
||||
|
||||
1. Reconnaissance
|
||||
- Gathering information (active, high interaction; passive, no interaction)
|
||||
- Passive interaction uses mostly public information
|
||||
2. Vulnerability Scanning
|
||||
- Port Scanning
|
||||
- Network Hosts
|
||||
- Unpatched known exploits
|
||||
- Unmanaged devices
|
||||
- Poorly configured firewalls
|
||||
- Weak findings
|
||||
- Negligence
|
||||
3. Exploitation
|
||||
- Kernel attacks
|
||||
- Application attacks
|
||||
- Privilege Elevation
|
||||
- Denial of Service
|
||||
4. Post-Exploitation
|
||||
- Uploading information
|
||||
- Downloading information
|
||||
- Implement backdoor
|
||||
- Cover tracks
|
||||
- Pivoting, attacking different stations until finding important information
|
||||
5. Repeat
|
||||
|
||||
# Tools Learned on Module
|
||||
|
||||
- Linux Bash
|
||||
- Windows Terminal
|
||||
- Operating system mechanisms
|
||||
- Network applications
|
||||
- Basic C programs and python
|
||||
Reference in New Issue
Block a user