Welcome to Cyber Aires Video. Siri's in the Company of Security Plus 5 +01 Certification and Exam.
I'm your instructor Round Warner.
In this video, we'll be discussing different penetration testing techniques and concepts.
This is Section one died for in domain one threats, attacks and vulnerabilities.
In section 1.4. I'll be explaining penetration testing concepts, including the difference between penetration, testing, vulnerability assessments and risk assessments.
Also talk about active versus passive reconnaissance,
persistence, escalation of privilege
and the use of different systems, such as a black box, white box or gray box. To conduct the penetration test.
I'll begin by defining what a penetration test ISS.
A pen test is an authorized or simulated attack on a computer system performed to evaluate the security of the system or application by actively exploited, exploiting found vulnerabilities. The concept is you find vulnerabilities, then you exploit them.
This may also be known as ethical hacking
on your screen. You see the process, associate it with penetration testing
Step one information gathering step to threaten modeling,
Step three vulnerability analysis for exploitation
five post exploitation
and then six reporting reporting what you find is the ultimate objective of a pen test is to fix the problems and secure the information systems.
Before you begin a penetration test,
you need to be aware of the requirements.
First, you need to scope what you're going to be attacking.
Is it a single system, a single application, a network, a sub network?
Your scope net document needs to list everything that you will be addressing. Then you stay within that scope within your pen test.
You also need to have permission to test call this your get out of jail free card.
So if anyone accuses you of exploiting the computer systems, you can show them that you're validated by some type of authority.
You should also have the skills and to attack. The resource is make sure you're not causing inadvertent harm or collateral damage.
Also, as part of a pen test is your plan of attack and your steps. It's like a project plan, if you will. How will you go about your testing? You should be listing out those steps and to make sure you're not causing inadvertent damage.
Lastly, you need make sure you have re sources and access to conduct the test.
If you don't have the network access, that won't even begin to be successful and you have the systems and application resource is the tools.
Complete your penetration testing.
Review these testing requirements and make sure you go through each of them before you actually begin any hacking.
Earlier, I mentioned the different steps associated with the pen test.
After you've established your scope, you want to then do your information gathering, discovery and reconnaissance gaining information about thes systems, network or applications you will be attacking and trying to exploit. This could be through the Internet using open source
intelligence like I talked about in the last video
were performing some type of a reconnaissance. There's passive reconnaissance, which is an attempt to gain information about targeted computers and networks without actively engaging with the systems. For example, I can check on Google and see what's in the Google cash on that particular system, network or website
could also go to other types of public databases,
talkto employees or partners or even dumpster diving.
Then there's active reconnaissance, which is gaining information about the targeted systems by actively engaging
with them. So when I actively get my hands on the systems to gain information was the operating system and use. What is their patch level or application version? Ing
that's directly focuses on the system using port scans, trace route information network mapping and vulnerability scanning toe. Identify weaknesses that could be used to launch an attack.
When you're conducting your penetration test, you may use one of these three types of boxes, if you will,
with a black box scenario. The tester has absolutely no knowledge of the system and is functioning in the same manner as an outside attacker. So I'm going after an entity, and I don't know anything about them.
White box approach is where the tester has significant knowledge of the system. The simulates an attack, say from an insider, a rogue employee.
Gray boxes Somewhere in between, it's that middle ground in gray box testing, the tester has some limited knowledge of the targeted system.
You'll use black box testing when you want to simulate complete attack from an outside
white box would be more from an insider type of impact.
Also, be aware of the different types of testing, whether their truce, it or non intrusive
nonintrusive tests are passively testing for security controls, performing vulnerability scans and probing for weaknesses but not exploiting them. So Vulnerability Scan is a form of non intrusive, test
intrusive tests involved actively trying to exploit vulnerabilities to break into the network or the application I'm intruding into the network or into that application.
Once you've conducted your initial reconnaissance,
we'll begin planning your actual pen test activities. Determining howto have that initial exploitation gaining foothold on a system or a network?
This is often with lesser privileges or access. I'll find some type of vulnerability based level on an application
and exploited or use fishing against a employee to gain internal access to a network.
Once I have access at some level, I will then try to pivot.
It's attacking one system, using another system or one account, using a different account, taking the compromise system and attacking another that's been trusted.
This is often done on the same network through island hopping.
Persistence is maintaining access for a period of time. Basically hiding.
I might gain my initial access, but then want to kind of hide in plain sight to make sure I'm not triggering any intrusion detection system.
Lastly, is that escalation or elevation of privilege,
gaining elevated, privileged access to resources that are normally protected from an application or user.
This could also be a form of pivoting. We'll start out with a base level, access as a normal user and try to gain route or administrator access in order to conduct even more damage and exploit the system
all in an effort to understand the security atmosphere within that system. Tau offer controls to better protect it.
It's important you understand the different between penetration, testing, vulnerability assessments and risk assessments.
See the definition above for penetration test. It's actively exploiting gaining hands on internal systems and applications.
Vulnerability scan is a little more passive. Allows the tester to identify specific vulnerabilities and network system or application.
Most pen tester. Start with this procedures that can identify likely targets to attack.
Last is a risk assessment just a lot higher level? This allows an organization to understand the cyber security risk to the organizational operations, including mission functions, images, reputation,
the risk to the organizational assets systems were individuals.
I talked more about risk assessments in risk management. In another video.
In this video, I discussed section 1.4 explained Penetration testing concepts.
Let's practice on a few of sample quiz questions.
of the following types of testing steps, which focuses on directly scanning a system using techniques such as port scans, network mapping, ICMP scans all toe identify potential weaknesses.
be active reconnaissance.
This is the definition for active reconnaissance
and initially conducting a penetration test, you find vulnerabilities on a separate, less secure server on the same network as the one you're investigating.
You use access to that server to then attack the target servers.
This type of exploit is known as
pivoting. We start on one system and you pivot the others that you really want to attack.
This concludes the video for section 1.4 explained Penetration Testing Concepts.
Please refer to your study notes for more information on this topic.