Introduction to Offensive Security.pptx
- 3. `
5 Steps of a Penetration Test
- Information Gathering
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
- 4. Information Gathering
Performing reconnaissance
against a target to gather
as much information as
possible to be utilized
when penetrating the target
Level 1 - Can be obtained almost entirely by automated
tools.
Level 2 - Automated tools and some manual analysis. A
good understanding of the business, including info like
location, business relationships, org chart, etc.
Level 3 - Army level…
OSINT - Open Source Intelligence
Footprinting - WHOIS Lookups, BGP looking
glasses, Port Scanning, DNS Zone Transfer, DNS
discovery, Forward/Reverse DNS, Subdomain
enumeration
- 5. Vulnerability Analysis
Process of discovering flaws
in systems and applications
which can be leveraged by an
attacker. These flaws can
range anywhere from host and
service misconfiguration, or
insecure application design.
Although the process used to
look for flaws varies and is
highly dependent on the
particular component being
tested.
- 8. Exploitation
Establishing access to a system or
resource by bypassing security
restrictions.
If vulnerability analysis was performed
properly, this phase should be well
planned and a precision strike.
The main focus is to identify the main
entry point into the organization and
to identify high value target assets
- 9. Post Exploitation
Purpose - determine the value of the machine compromised and to maintain
control of the machine for later use.
- Persistence: Installation of backdoor that requires authentication or
Installation and/or modification of services to connect back to system.
When possible backdoor must survive reboots.
- Network configuration enumeration: Identify additional subnets, network
routers, critical servers, name servers and relationships between
machine.
- Pillaging: obtaining information (i.e. files containing personal
information, credit card information, passwords, etc.) from targeted
hosts relevant to the goals defined in the scope.
- Data exfiltration: Mapping of all possible exfiltration paths, Testing
exfiltration paths, Measuring control strengths.