Penetration Testing Methodology and OSINT

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

2 hours 37 minutes
Video Transcription
Hi, everyone. Welcome back to the course. So in the last video, we talked about the introduction to this course. So we went over who I am, is your instructor. We talked a little bit about our objectives for the course. Again, I mentioned this is Avery hands on course. And I also mentioned the supplement of resources that are available to download again. That's predominantly step by step lab guides as well. Some other helpful information.
Now, as I mentioned in the last video as well, this course is a good prep. If you're not familiar with foot printing for both the sort of unethical hacker as well a sea pen test plus examination from calm to you. So that way you can. If you're going for either exam, this course will be a good supplement, a resource for you as you study.
So in this video, we're gonna talk about the pen testing or penetration testing methodology. We're also gonna talk about what Oh scent is
so as I mentioned are learning objectives are learning about the pen test methodology will go through The phases, however, were only covering one phase, which is footprint and reconnaissance in this particular course. And then also what Oh scent is
one quick pre assessment questions. So I want you to think through this. I'll pause for a second, and I'll answer the question for you. So Sarah is working as a penetration tester for Smith LLC.
She's tasked with performing a penetration test on the company's Web servers.
Which of the following should Sarah do first? So she she A. Should she run a vulnerability Skinner, lycopene, Voss or something similar against the Web servers?
Should she be? Should she planned out the scope of the project first?
What about C? Should she use and map to scan the target? Or should she use D Use a tool like John the Ripper to crack the administrator password?
The correct answer there is. Be right. We always want to start off by planning out the project, so I know Hollywood makes penetration testing. I would be like the super cool thing like you crack the password in a second, and there's neon lights everywhere and music blaring and stuff like that. And that's not reality.
There may be some people using that type of setup, but the reality is that
a lot of your time is spent, actually, just mapping out what you're actually gonna be doing, What kind of I p addresses. You can touch what systems you can touch and doing a lot of paperwork with the legal t. So Theo answer here is be planning out the scope of the project. Don't let's talk about the other answers briefly
running a vulnerability Skinner. That's it. That's a good idea. You know, again, you know, for like a blue team top activity of figuring out your vulnerabilities. So that way, as penetration testing companies come in and do a test, you kind of know, like some your vulnerabilities upfront, you could start plugging those
Answer C and map is a great tool to use for scanning. However, we're talking about foot printing and this particular course, and so that was easily ruled out on then. Same thing with John the Ripper. You know, that's a great tool that craft crack passwords, however again, and this course were focused on footprint. So the correct answer here again is B. We always want to plan out the scope of our project first.
All right, so what is the penetration testing methodology? Well, you're traditionally going to see it listed as footprint in reconnaissance, scanning enumeration, maybe vulnerabilities in there and then getting access, maintaining access and covering your tracks. However, as I mentioned, scope is important, so we can call this one the can Underhill pen testing methodology if you want to.
But in any event, all I've added here is scoping. So
Asai mentioned, we want to make sure that we understand what systems we can actually touch. Because, for example, here in the United States, where I'm at, if I go hack your computer and I don't have permission, I could actually go to jail, right? Even though maybe I'm just fooling around or something like that, I may go to jail. You don't have to deal with all that because I did not have permission. So
even his penetration tester, if you are touching things that you don't have permission to touch, there's a potential there that you may go to jail. Now. Of course, it's not legal advice, not an attorney. I'll have to interject that little, you know, statement there. But the reality is that you don't want to get yourself in that situation, right? So you're scoping the project. You're planning it out.
You're making sure all your your teaser cross your eyes are dotted.
You're getting all the N. D. A's in place or non disclosure agreements. If you don't know what that is, you're getting all that paperwork in line, so that way you can actually go do your test.
Now you will find that you'll have clients that'll say I don't I only want to test like one I p address for a couple of them and you'll have other clients and say, I want you to pretend you're a criminal hacker. Get in here and, you know, and figure out what's wrong here so we can fix it so you'll see a broad spectrum. If you decide to work as a pen tester, you'll see a broad spectrum of client base as far as like what their needs are and what they actually care about.
The next part of the methodology is where we're at right now. So we're talking about footprint and reconnaissance in this particular video andan this course, and then the next part of that would be scanning enumeration, especially, we're mapping out things were scanning the target systems were mapping out how their networks laid out particular operating systems and stuff like that and use.
And then we're looking for vulnerabilities. So once we have that information, So, for example, we do something like banner grabbing
where we, you know, send a command within map to, for example, you know, talking about. So we basically do tell, met an i P address. And then from there we put like port 80 which, obviously we know, we know that tell meant runs on port 23. Right? So we put port 80 which is http and the intent with that is to get a message back from the
target system that tells us something like, Hey, they're running Apache
or it's a Windows OS or something like that. So it's we want to get that information back along with a version of it. So again, we're not covering that type of stuff in this course. But I want you to understand that we're scanning the target. We're gonna try to figure out what what kind of software is actually in use, right? So what? Operating systems and use. And then from there, we're gonna find vulnerabilities
for that target right. So if I realize that they're running like an older version of Apache,
then I can quickly do a search for vulnerabilities in Apache. This version, whatever it is,
And then I might be able to find exploits that I can use right away. And then that moves us into the next phase of the methodology which is gaining the access, right. So we want to make sure we gain that access to the system, and then it doesn't make any sense to go through all this trouble and then not actually maintain the axis. Right? So, you know, getting access. We could do things like password crackers or, you know, different exploits.
Maintaining access will be things like a root kit, right? So we drop a root kit on there
and we maintain that access on the system and then our last step here after we don't whatever chaos we want to do, we want to cover our tracks. So that way, hopefully nobody could figure out that we were on there. Now you can do things like deleting logs, or you could also just corrupt the logs. And that's more than likely, a better way to not get caught. You know other things, like encryption, et cetera. So
all those other things are outside the scope of this particular course.
We're just focused on the foot printing and reconnaissance component of this.
So I talked about scope. So scope is gonna be our rnd A's are documents, etcetera, footprint and reconnaissance. Where we're at, you know, we've got passive footprint is where we're very hands off. So, for example, I'm doing like a Google search or something like that. We've also got active for printing a reconnaissance unit. So, for example, I go in and I start interacting with the employees of the company.
Maybe I'm trying to get in the front door or something
that's a little more active, right? There's that interaction with the with the target in some capacity
search engines, you know, social media, and then various tools that will cover in this course for for putting reconnaissance, as I mentioned was getting enumeration and vulnerabilities. I talked about banner grabbing a little bit. I talked about how we're gonna map out the network with that and then, of course, discovering those vulnerabilities and figure out the exploits that we can use against those vulnerabilities
Getting access. I mentioned you know, things like our exploits.
You know, again phishing attacks for a great way to get in, you know, So doing like a USB drop attack where you drop a bunch of us bees in the parking lot. The employees take those that think they're plugging it in to look at a funny cat video, and meanwhile, it's downloaded malware on the machine and you gain access to the machine so that that might open up up a command shell. And then, from there we can escalate privileges and do whatever else we want to do.
Maintaining that accesses, I mentioned root kits, you know, and again, our goal here to maintain the Axis is to achieve our objective as a Attackers. Whether that's as a legal Attackers, a pen tester or is a criminal attacker, we want to achieve our objectives. Then, of course, you know, I mentioned covering our tracks so
either corrupting or deleting logs, doing obfuscation or just doing encryption, which is a great way to do it.
But covering our tracks
now. I mentioned ocean. So what is that? Well, that's open source intelligence, right? And that's what we're kind of gathering throughout this entire course. With the footprint reconnaissance, we're gonna use a bunch of different tools that are publicly available, as well as information that's publicly available to gather information about our target and this course our target's gonna be Microsoft. For the most part, we'll give you from that just a little bit.
But for the most part is gonna be
mark itself that we use.
And then, as I mentioned, there's many tools that we're gonna use throughout the course that will cover as part of the O's. It. Now I do want to mention before we jump to the post assessment question that oh, scent is something that you'll definitely want to know. If you decide to go take the comedy it pin test plus exam, you definitely want to understand what it is and what kind of tools that you can use for.
All right, So a quick post assessment question
Johnny performs a successful phishing attack against Microsoft as part of a penetration test that he's doing for the company.
Which phase of the penetration testing methodology would this attack normally be categorized at? So choose the best answer here. It could be a couple different faces, but choose the best one here.
All right, So if you guessed answers, see, that is the correct answer, right? So we want to gain access. And fishing is one way we could do that. Now, of course, you could make an argument that as part of foot printing, we could do a phishing attack or a social engineering attack where we might be able to get information about a target.
But the best answer here is gonna be gaining access. Footprint is way we can gain access. So, for example, I could send you a bad Excel document with malware in it. You open it. And then from there I can get access to your system and gain the axis and then move into maintaining the axis.
So in this video, we talked about the pen test methodology is wells. We learned what oh, scent is.
And the next video we're gonna list out and talk about the different tools that we're covering in this course. Now we won't take it deep diving those tools, but I just want to show you a quick overview of each tool
Up Next