93 lines
2.8 KiB
Markdown
93 lines
2.8 KiB
Markdown
# Assessments
|
|
|
|
## T1
|
|
|
|
Assignment coursework (Written) (50%) - Reconnaissance of real organisation
|
|
Assignment coursework (Practical Work) (50%) - Penetration Testing vulnerable machines
|
|
|
|
# What is Penetration Testing?
|
|
|
|
Definition: “A method for gaining assurance in the security of an IT system by attempting to breach
|
|
some or all of that system's security, using the same tools and techniques as an adversary might.”
|
|
|
|
“Penetration testing should be viewed as a method for gaining assurance in your organisation's
|
|
vulnerability assessment and management processes, not as a primary method for identifying
|
|
vulnerabilities.”
|
|
|
|
Penetration testing should be used to mitigate vulnerabilities before a black hat exploits them.
|
|
|
|
# Penetration Testing Vs Vulnerability Assessment
|
|
|
|
Penetration testing is the step after vulnerability assessment. it **proves** the vulnerability can be exploited in a real-world scenario.
|
|
Vulnerability assessment seeks to validate the minimum level of security that should be applied, usually a precursor. It does not exploit or replicate a real attack, nor considers the overall security process.
|
|
Penetration tests are ethical attack simulations that attempt to validate the effectiveness of security controls by highlighting risks.
|
|
|
|
# Types of Pentesting
|
|
|
|
## Whitebox Testing
|
|
|
|
- Full information about target is shared.
|
|
- Confirms efficacy of internal vulnerability assessment & management controls
|
|
- Identifies existence of known vulnerabilities and misconfiguration
|
|
|
|
## Greybox Testing
|
|
|
|
- Limited amount of information about target, ex:
|
|
- IP range
|
|
- Access to database / backend, but not source code.
|
|
|
|
## Blackbox Testing
|
|
|
|
- No information shared
|
|
- Performed from external perspectives
|
|
- Aimed at identifying ways to access assets
|
|
- More accurately models risk
|
|
- Lack of information could result in unknown vulnerabilities being uncovered.
|
|
|
|
# Red Vs Blue Teaming
|
|
|
|
## Red Teaming
|
|
|
|
- Adversarial, goal based assessment.
|
|
- Provides real-world view into attacker's methods
|
|
- Evades Blue Team
|
|
|
|
## Blue Teaming
|
|
|
|
- Defensive role of an organisation
|
|
- Detects red team.
|
|
|
|
# Penetration Testing Lifecycle
|
|
|
|
1. Reconnaissance
|
|
- Gathering information (active, high interaction; passive, no interaction)
|
|
- Passive interaction uses mostly public information
|
|
2. Vulnerability Scanning
|
|
- Port Scanning
|
|
- Network Hosts
|
|
- Unpatched known exploits
|
|
- Unmanaged devices
|
|
- Poorly configured firewalls
|
|
- Weak findings
|
|
- Negligence
|
|
3. Exploitation
|
|
- Kernel attacks
|
|
- Application attacks
|
|
- Privilege Elevation
|
|
- Denial of Service
|
|
4. Post-Exploitation
|
|
- Uploading information
|
|
- Downloading information
|
|
- Implement backdoor
|
|
- Cover tracks
|
|
- Pivoting, attacking different stations until finding important information
|
|
5. Repeat
|
|
|
|
# Tools Learned on Module
|
|
|
|
- Linux Bash
|
|
- Windows Terminal
|
|
- Operating system mechanisms
|
|
- Network applications
|
|
- Basic C programs and python
|