Section - Pentesting Fundamentals

Notes (by task):

  • Task 1 - Overview of pentesting
    • 2200 cyber attacks each day
  • Task 2 - Ethics of pentesting
    • A penetration test is only a test, when it has been authorised
    • While some things may be legal to do during an engagement, it could be ethically a gray area
      • It’s important to lay down some ground rules for myself around ethics
      • I like this quote *”Ethics is the moral debate between right and wrong; where an action may be legal, it may go against an individual’s belief system of right and wrong.”_
    • Rules of Engagement
      • This is a document that you do NOT want to skip over. It is essentially the rules and the “how” of the engagement. SANS Example
        • Permission Section
          • Legal protections for actions that will be carried out
        • Test Scope / Scope
          • What targets / machines the engagement should be carried out upon, in other words, what systems are fair game, and what systems are not
        • Rules
          • These are the rules and also the “hows” of the engagement. It may state you can perform a phishing attack, but not a MITM attack.
    • Task 3 - Methodologies, stages, and so forth.
      • All pentests have different end goals and objectives, so they are all different in some way. In this case methodology is the steps taken by the tester.
      • General Themes / Stages within each common methodology
        • Information Gathering
          • Obtain as much public information as possible about a target
          • No scanning is involved here. All OSINT and research
        • Enumeration/Scanning
          • Typically this means looking for applications and services within the network
        • Exploitation
          • Using vulnerabilities found in the Enum/Scanning section against a system
          • Could be an exploit as in a program made, or simply utilizing a bug etc to achieve the end goal whatever that may be
        • Privilege Escalation
          • Once within a system, this is where you’d attempt to expand access and permissions. Gain more control.
            • Horizontal Escalation - Accessing another account/user
            • Vertical Escalation - Accessing an administrator account, or specialized account (i.e. different group)
        • Post-exploitation
          • Figuring out where to go next, is there anything else we can gather information wise?
          • Covering tracks
          • Reporting/completing the engagement (or section)
      • Common Methodologies
        • OSSTMM -VoIP, Wireless, Wired, this is a well rounded one
        • OWASP - Web Apps
        • NIST 1.1 - A fairly common standard that is fairly well rounded
        • NCSC CAF -Data security, system security, access control, response/recovery
    • Task 4 - Terminology
      • Black-Box Testing
        • We know almost nothing, we essentially are given the same starting knowledge a regular user would have.
      • Grey-Box Testing
        • We will have limited knowledge of the target, but not a ton
      • White-Box Testing
        • We will have full knowledge of the target. Usually this ensures every surface can be checked/tested.
    • Task 5
      • N/A - TryHackMe activity (this is a free room - link)

Additional Notes:

N/A

Copyright © 2022 AJ Nicoloff Original Theme by Zheli Design