A Penetration test or pentest is an ethically driven attempt to test and analyze the security defenses to protect these assets and pieces of information. A penetration test involves using the same tools, techniques, and methodologies that someone with malicious intent would use and is similar to an audit.
Hackers can be defined in three categories:
1. White Hat: Not that these guys are into white hats, but are considered good people, they act lawfully and use their skills to benefit others, such as penetration testers
2. Grey Hat: These guys are tricky, they have good intentions, however, they often do not operate within the law, such as targeting scammers and exposing them. For example, in the Mr Robot television series, I would classify Elliot as a Grey Hat hacker.
3. Black Hat: These people are criminals and often seek some personal gain in their activities. I don’t know any criminals but many of us would have heard about REvil who are known for ransomware attacks.
After understanding the type of hackers, let’s understand some rules of a penetration test.
Permission: I would say the most essential part of Penetration Testing (PT) is to legally protect individuals and organizations for the activities they carry out. For example, both parties in a PT agreement such as a security company and the organization being tested on, will provide explicit permission for PT.
Scope: A specific target or client-specific test is discussed to which the engagement should apply. For example, the penetration test may only apply to certain servers or applications but not the entire network.
Phases of Penetration testing:
Phase 1: Discovery or reconnaissance
This phase involves in information gathering about target “not scanning”, but collecting accessible information which could be valuable for the task.
Example: X employee has posted a piece of information about Y company(target), where you can find the email address of HR personnel and IP address of a server. (Hypothetical scenario).
Phase 2: Scanning and probing
This Phase involves discovering applications and services running on the systems. For example, finding a web server that may be potentially vulnerable.(Nmap)
Phase 3: Exploitation
This phase is to exploit found vulnerabilities, dig in as far as you can. (Metasploit)
Phase 4: Post exploitation or privileged exploitation
Once you are successful to put your foot in the door, you would want to see how far you can reach within the system. (Try to gain privileged access)
Phase 5: Report findings
In this phase you will mention your path and target responses, with additional information gathered during the test such as how, where, what etc.
After testing is completed, it is important to cover the tracks. 😊