om
l.c
1@
gm
ai
CODENAME: Samurai Skills
Course
br
y6
89
Module 1: Solid Introduction to
Penetration Testing
Ninja-Sec.com
�om
What is a Penetration Test?
89
1@
gm
ai
l.c
A method of evaluating the security of a computer system or
network by simulating an attack from a malicious source that may
involve active exploitation of security vulnerabilities. The process
involves an active analysis of the system for any potential
vulnerabilities that may result from poor or improper system
configuration, known and/or unknown hardware or software flaws,
or operational weaknesses in process or technical
countermeasures.
br
y6
Wow This Is a Nice Big Statement, but how do we define a service
out of it?
�om
Penetration Testing Services
br
y6
89
1@
gm
ai
l.c
Finding vulnerabilities in applications and protocols through custom
exploit development
A service where exploits and tools may need to be written on the fly
during the assessment.
Identifying and exploiting code and business logic insecurities in web
applications
Tricking someone into divulging sensitive information
Testing the physical security protections of an organization
Cracking a network perimeter, exfiltration data and demonstrating
impact of successful penetrations.
Attempting to gain access to a system while evading security
monitoring capabilities
Finding as many weaknesses in technical controls as quickly as possible
Simply validating findings identified during a vulnerability assessment
�om
One Current Approach to Definitions
br
y6
89
1@
gm
ai
l.c
We sometimes define a penetration tests by
the level of knowledge the tester will have of
the infrastructure to be tested:
White Box: Full prior knowledge
Black Box: No knowledge
Grey Box or Crystal Box: Some variation in
between
�om
Another Current Approach to Definitions
ai
l.c
A somewhat better approach is to define a penetration tests
by the technology and/or activity:
br
y6
89
1@
gm
Network Services penetration test
Wireless Security penetration test
Web Application penetration test
Social Engineering penetration test
Physical penetration test
Client Side penetration test
Mobile Application Penetration test
etc.
�om
Community Wide Efforts for Improving Competency
gm
ai
l.c
National Board of Information Security
Examiners (NBISE)
y6
89
1@
Council for Registered Ethical Security Testers
(CREST)
br
Penetration Testing Execution Standard (PTES)
�y6
l.c
ai
gm
1@
89
Reconnaissance
Scanning
Exploitation
Reporting
br
om
Penetration Testing Overall Process
�om
What Are Penetration Testing Goals ?
br
y6
89
1@
gm
ai
l.c
Independently assess a system from the viewpoint of a
malicious attacker, whether a malicious insider or an
uninformed outsider.
determining business impact from a successful attack.
Test information security detection and response
capabilities in ways only an actual cyber-attack can.
Test a system with active exploitation tools and
techniques, validating both technical and non-technical
vulnerabilities.
�om
What are Goals of this course?
br
y6
89
1@
gm
ai
l.c
we made our course to provide you with the
ability to conduct an effective hands on penetration
test
we are focusing on medium level penetration test
(NS|PT)
we have another course that focusing on
Advanced level penetration test (NS|APT)
we have a dedicated online penetration testing
labs that mimic REAL WORLD Penetration Testing
Scenarios
�l.c
Both Are Different dont Mix!
om
Vulnerability Assessment Vs. Penetration Testing
1@
gm
ai
Vulnerability Assessment : just find and report
Vulnerabilities in a system network with out
trying to exploit these vulnerabilities
br
y6
89
Penetration Testing : Finding and Exploiting these
vulnerabilities and take advantage of them to
going deeper on system or network and gain
more power on system
�om
Vulnerability Vs. Exploit
1@
gm
ai
l.c
Vulnerability is a flaw or weakness in a system
that an attacker can exploit it to gain more
power on the system
br
y6
89
Exploit is a piece of code or a technique that
can be used by an attacker to take advantage
of a vulnerability
�Exploits Types :
Remote Exploit
Local Exploit
Dos Exploit
l.c
ai
Vulnerabilities types :
Network Service Vulnerabilities
Web Application Vulnerabilities
Mobile Application Vulnerabilities
Local Service Vulnerabilities
System Vulnerabilities
Human Vulnerabilities
Physical Vulnerabilities
br
y6
89
1@
gm
om
Types of Vulnerabilities and Exploits
�om
Exploits and tools sources for Penetration Testers
br
y6
89
1@
gm
ai
l.c
http://www.exploit-db.com
http://www.securityfocus.com
http://packetstormsecurity.org
�y6
l.c
ai
gm
1@
89
us-cert.gov
cve.mitre.org
secunia.com
vupen.com
br
om
Vulnerability Research Sources for Penetration Testers
�y6
89
l.c
ai
gm
1@
Metasploit pro
NeXpose
SAINT
IBM Rational Appscan
Immunity canvas
Core impact
Nessus professional feed
HP Web Inspect
Acunetix WVS
And many others .
br
om
Commercial Tools for Penetration Testers
�om
Penetration Testing Methodologies
br
y6
89
1@
gm
ai
l.c
NIST 800-115 (Technical Guide for Information Security
Testing)
OSSTMM (Open Source Security Testing Methodology
Manual)
OWASP Testing Guide
ISSAF (Information Systems Security Assessment
Framework)
Penetration Testing Framework
PTES (Penetration Testing Execution Standard)
�om
Penetration Test Report
ai
l.c
This is The most important thing in penetration
testing process
y6
89
1@
gm
We show managers and technical guys at
company what vulnerabilities they have in either
their Network ,systems ,web apps , mobile apps ,
wireless and how they can secure them with
detailed and clear explanation
br
You can download and view a very good
penetration testing reports :
�om
Introduction : References -1
l.c
Vulnerability Types
Top Vulnerabilities
1@
http://secunia.com/resources/reports/
gm
ai
http://nvd.nist.gov/cwe.cfm
89
Exploit Availability Repositories
br
y6
http://www.exploit-db.com/
http://packetstormsecurity.org/
http://securityreason.com/
�om
Introduction : References -2
br
y6
89
1@
gm
ai
l.c
NIST 800-115: http://csrc.nist.gov/publications/nistpubs/800115/SP800-115.pdf
OSSTM: http://www.isecom.org/osstmm/
OWASP Testing Project:
https://www.owasp.org/index.php/OWASP_Testing_Project
ISSAF: http://www.oissg.org/issaf
Penetration Testing Framework:
http://www.vulnerabilityassessment.co.uk/Penetration%20Tes
t.html
PTES: http://www.pentest-standard.org/index.php/Main_Page
Interesting discussion on the use of standards:
http://resources.infosecinstitute.com/standards-forpenetration-testing/
�om
Introduction : References -3
gm
ai
l.c
http://www.vulnerabilityassessment.co.uk/rep
ort%20template.html
89
1@
Penetration test reports
br
y6
http://www.mediafire.com/?wl969qbtptzfp13
