Penetration Testing: Sachin Phapale (Ciseh & Cissp)

The document discusses penetration testing methodology. It outlines a 5 step process: reconnaissance, scanning and enumeration, gaining access, maintaining access, and covering tracks. It describes the tasks involved in each step such as passive information gathering, vulnerability mapping, exploiting vulnerabilities to gain access, privilege escalation, and removing tools to cover tracks. The document also mentions frameworks, customizing tools, engagement preparation, and writing quality reports for clients. The overall message is that penetration testing requires thorough research, organization, and attention to detail while avoiding illegal activities.

Uploaded by

fsdfds

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPSX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

102 views13 pages

Penetration Testing: Sachin Phapale (Ciseh & Cissp)

Uploaded by

fsdfds

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPSX, PDF, TXT or read online on Scribd

You are on page 1/ 13

Penetration Testing

Sachin Phapale
(CISEH & CISSP)
Agenda
● Introduction about me
● Penetration testing Methodology
● Pen testing Frameworks
● Customizing your tool set
● Engagement Prep
● Post Engagement
● Wrapping it all up
The about me stuff
Hello Friends,
• I am an Individual Certified Information
Security Researcher and Ethical
Hacker!(CISEH)
• Now a days working to share knowledge on
Web Security and spreading awareness
about common securities.
Ethical Pentesting Methodology?
● No such thing if you want to be successful
● You need to think like a hacker
● Pentesting methodologies cover all grounds
and help win assessments
● Attention to details and organization skills
● Push the envelope but do not cross the line
Penetration Methodology
5 step process
● Reconnaissance/Footprinting
● Scanning & Enumeration
● Gaining Access
● Maintaining Access
● Covering Tracks
Penetration Methodology Cont.
● Reconnaissance
– Gathering information passively
– Not actively scanning or exploiting anything
– Harvesting information
● Bing, google, yahoo, yandex

● Way back machine (archive)

● shodan

● Social media etc

Penetration Methodology Cont.
● Scanning & Enumeration
– Target discovery
– Enumerating
– Vulnerability mapping
Penetration Methodology Cont.
● Gaining Access
– Mapped vulns
– Important to penetrate gaining user and
escalating privs
– Try multiple vectors. This is actually a
decently easy part
– Web application, wifi, social engineer.
– Use your research
Penetration Methodology Cont.
● Maintaining Access
– Keeping account access
– Privilege escalation
– Pivoting to own all
– ET phone home
Penetration Methodology Cont.
● Covering Tracks
– Removing tools
– Backdoors, ET phone homes
– Clearing logs
– Windows security, application and system
logs
– Linux /var/log/*
– Remove audit logs carefully!!!!!
Refferences
● https://vulnerabilityassesment.co.uk
● https://pentest-standard.org
● Open Source Security Testing Methodology Manual (OSSTMM)
● Information Systems Security Assessment Framework (ISSAF)
● Open Web Application Security Project (OWASP) Top Ten
● Web Application Security Consortium Threat Classification (WASC-TC)
● https://ieeexplore.ieee.org
● https://www.ijecs.in
● www.ijirset.com
● www.academia.edu
● https://www.researchgate.net
● Book referred “The Tribe of Hacker”
Report Writing
● It is the last thing the customer sees. Make it the
best thing they see
● Customers are paying for quality
● Different reports for various teams
● Executive Summary
● Detailed Summary
Wrapping it all up
● Pentesting has numerous components
● Its not always about hacking its about research
and business
● Making sure you are NICHE at what you do.
Know your target and field
● Always improve your methods while helping
your client improve their infrastructure
● “Don't learn to hack, Hack to learn”

2-Ethical Hacking Methodology
No ratings yet
2-Ethical Hacking Methodology
21 pages
Penetration Testing Fundamentals
No ratings yet
Penetration Testing Fundamentals
7 pages
Ethical Hacking and Penetration Testing Lecture 1
100% (1)
Ethical Hacking and Penetration Testing Lecture 1
19 pages
Pentest Methodologies
No ratings yet
Pentest Methodologies
19 pages
CHapter - 4netwrok
No ratings yet
CHapter - 4netwrok
16 pages
Ethical Hacking & Pen Testing Guide
No ratings yet
Ethical Hacking & Pen Testing Guide
49 pages
Ethical Hacking Module1
No ratings yet
Ethical Hacking Module1
6 pages
7 Cyberssyll
No ratings yet
7 Cyberssyll
14 pages
Penetration Testing Hyd Chapter
No ratings yet
Penetration Testing Hyd Chapter
23 pages
Ethical Hacking & Pen Testing Guide
No ratings yet
Ethical Hacking & Pen Testing Guide
29 pages
Ethical Hacking
No ratings yet
Ethical Hacking
15 pages
Ethical Hacking and Penetration Testing
No ratings yet
Ethical Hacking and Penetration Testing
29 pages
WM4
100% (1)
WM4
47 pages
Penetration Testing Methodologies
No ratings yet
Penetration Testing Methodologies
8 pages
Ethical Hacking Presentation Complete
No ratings yet
Ethical Hacking Presentation Complete
16 pages
UAD Plug-Ins Manual
No ratings yet
UAD Plug-Ins Manual
19 pages
InfoSec Pen Testing Part 1 Info Gathering
No ratings yet
InfoSec Pen Testing Part 1 Info Gathering
20 pages
CompTIA Pentest Study Guide PDF
100% (1)
CompTIA Pentest Study Guide PDF
71 pages
Penetration Testing
No ratings yet
Penetration Testing
28 pages
EHPT Module 09
No ratings yet
EHPT Module 09
39 pages
Hack Yourself First Final
100% (1)
Hack Yourself First Final
62 pages
Hack Your Self First
No ratings yet
Hack Your Self First
62 pages
Ethical Hacking and Penetration Testing
No ratings yet
Ethical Hacking and Penetration Testing
4 pages
Unit 5
No ratings yet
Unit 5
4 pages
Penetration Testingdc
No ratings yet
Penetration Testingdc
4 pages
Penetration Testing Methodology: (Company Name)
No ratings yet
Penetration Testing Methodology: (Company Name)
6 pages
XXX Report: Client Logo Placeholder
No ratings yet
XXX Report: Client Logo Placeholder
37 pages
Module III
No ratings yet
Module III
8 pages
Ethical Hacking for Beginners
100% (1)
Ethical Hacking for Beginners
5 pages
Effective Penetration Testing With Metasploit Framework and Methodologies
No ratings yet
Effective Penetration Testing With Metasploit Framework and Methodologies
6 pages
Ethical Hacking Firefox Plugin by Srikanta Sen
No ratings yet
Ethical Hacking Firefox Plugin by Srikanta Sen
131 pages
Ethical Hacking for IT Students
No ratings yet
Ethical Hacking for IT Students
8 pages
Penetration Testing
No ratings yet
Penetration Testing
12 pages
Vulnerability Assessment and Penetration Testing IJERTV10IS050111
No ratings yet
Vulnerability Assessment and Penetration Testing IJERTV10IS050111
6 pages
Penetration Testing Planning Guide
No ratings yet
Penetration Testing Planning Guide
6 pages
WEB PT - Final - 2
No ratings yet
WEB PT - Final - 2
15 pages
2.1.2 Pentration Test Process and Types Facts
No ratings yet
2.1.2 Pentration Test Process and Types Facts
3 pages
Ethical Hacking - UNIT 2-6
No ratings yet
Ethical Hacking - UNIT 2-6
9 pages
Penetration Testing Seminar Report
No ratings yet
Penetration Testing Seminar Report
15 pages
Penetration Testing Guide
No ratings yet
Penetration Testing Guide
9 pages
Penetration Testing
No ratings yet
Penetration Testing
14 pages
Web App Security & Pentesting Guide
No ratings yet
Web App Security & Pentesting Guide
15 pages
Itec413 15
100% (1)
Itec413 15
33 pages
130 To 148
No ratings yet
130 To 148
114 pages
Semi 1
No ratings yet
Semi 1
15 pages
EHPT Module 03
No ratings yet
EHPT Module 03
57 pages
Section A Ethical Hacking
No ratings yet
Section A Ethical Hacking
16 pages
Pen Testing
No ratings yet
Pen Testing
18 pages
Penetration Testing Insights
No ratings yet
Penetration Testing Insights
20 pages
Lab Assignment 5
No ratings yet
Lab Assignment 5
1 page
CISSP Aide Memoire (E) v4
No ratings yet
CISSP Aide Memoire (E) v4
11 pages
Black Elegant and Modern Startup Pitch Deck Presentation
No ratings yet
Black Elegant and Modern Startup Pitch Deck Presentation
5 pages
En CCNAS v11 Ch01
No ratings yet
En CCNAS v11 Ch01
67 pages
Cryptography Prateek Sharma
No ratings yet
Cryptography Prateek Sharma
27 pages
Panduan Email CBN - Outlook 2013 2016
No ratings yet
Panduan Email CBN - Outlook 2013 2016
7 pages
AI Project
No ratings yet
AI Project
15 pages
How To Hack Instagram Account - How To Hack An Instagram Account
No ratings yet
How To Hack Instagram Account - How To Hack An Instagram Account
2 pages
Information Technology Act, 2000 and Contracts in The Area of Banking - Balasaheb Pandhare
100% (3)
Information Technology Act, 2000 and Contracts in The Area of Banking - Balasaheb Pandhare
121 pages
Internet and Its Uses Igcse (Topic 5)
100% (1)
Internet and Its Uses Igcse (Topic 5)
13 pages
Information Transmission in Crime Branch Using Steganography
No ratings yet
Information Transmission in Crime Branch Using Steganography
2 pages
VIT Hostel Allotment Guide
No ratings yet
VIT Hostel Allotment Guide
2 pages
ESET Antivirus License Keys
100% (1)
ESET Antivirus License Keys
4 pages
(Technical) Pen-Testing Resources
No ratings yet
(Technical) Pen-Testing Resources
108 pages
Case Study
0% (1)
Case Study
6 pages
Proxmox Mail Gateway: Deployment Guide
No ratings yet
Proxmox Mail Gateway: Deployment Guide
49 pages
Defensive Security Essentials
No ratings yet
Defensive Security Essentials
8 pages
Security Goals and Mechanisms
No ratings yet
Security Goals and Mechanisms
57 pages
Vulnerabilities in E-commerce Platforms
No ratings yet
Vulnerabilities in E-commerce Platforms
1 page
Sources of Security Threats
No ratings yet
Sources of Security Threats
33 pages
Cyber Security 15 Slides Design
No ratings yet
Cyber Security 15 Slides Design
15 pages
API Document
No ratings yet
API Document
4 pages
Syllabus and Course Policies: NT101-Network Security
No ratings yet
Syllabus and Course Policies: NT101-Network Security
16 pages
Dokomant
No ratings yet
Dokomant
10 pages
Bca 6 Sem Information Security 75014 Dec 2018
No ratings yet
Bca 6 Sem Information Security 75014 Dec 2018
2 pages
Periodic Table of Cloud Security
No ratings yet
Periodic Table of Cloud Security
1 page
Dec2008 Testing Assessment SP800 115
No ratings yet
Dec2008 Testing Assessment SP800 115
8 pages
UNIT-III Society Law and Ethics (NOTES)
No ratings yet
UNIT-III Society Law and Ethics (NOTES)
14 pages
Cyber Talk - Know All About VPNs - Telangana Today
No ratings yet
Cyber Talk - Know All About VPNs - Telangana Today
7 pages
AcademyCloudFoundations Module 04 AWS Cloud Security
No ratings yet
AcademyCloudFoundations Module 04 AWS Cloud Security
63 pages
Bia Proj
No ratings yet
Bia Proj
29 pages

Penetration Testing: Sachin Phapale (Ciseh & Cissp)

Uploaded by

Penetration Testing: Sachin Phapale (Ciseh & Cissp)

Uploaded by

Penetration Testing

● Way back machine (archive)

● Social media etc

You might also like