0% found this document useful (0 votes)

74 views7 pages

Penetration Testing Fundamentals

Penetration Testing, also known as Ethical Hacking, is a legal simulation of cyberattacks aimed at identifying vulnerabilities in systems. The process involves five phases: reconnaissance, scanning, gaining access, maintaining access, and covering tracks/reporting, utilizing various tools and techniques. Ethical considerations are crucial, requiring written permission and adherence to a code of ethics to ensure security improvement rather than system damage.

Uploaded by

raphaelvicuna

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

74 views7 pages

Penetration Testing Fundamentals

Uploaded by

raphaelvicuna

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 7

🕵️‍♂️ Penetration Testing (Ethical Hacking) – Full Notes

🔐 What Is Penetration Testing?

● Penetration Testing (aka Ethical Hacking) is the authorized, legal simulation of
cyberattacks on a system to identify vulnerabilities before malicious hackers do.

● It is part of a broader cybersecurity strategy.

✅ Goals of Penetration Testing

● Identify security weaknesses.

● Test the effectiveness of security controls.

● Evaluate response capabilities.

● Improve overall security posture.

● Ensure compliance (e.g., PCI-DSS, HIPAA).

🧩 Types of Penetration Testing

Type Description

Black Tester has no prior knowledge of the system.

Bo
x
White Full knowledge of the system (code, architecture, etc.) is
Bo shared.
x

Gray Partial knowledge is provided to simulate insider threats.

Bo
x

Extern Tests from outside the network (e.g., targeting a web

al server).

Interna Tests from within the organization’s network.

🧭 The 5 Phases of a Penetration Test

🔹 1. Reconnaissance (Information Gathering)
● Goal: Gather as much information as possible.

● Types:

○ Passive Recon: No direct interaction (e.g., Google dorking, WHOIS, DNS info).

○ Active Recon: Involves scanning and probing systems.

Tools:
whois, nslookup, theHarvester, Google hacking, Shodan

🔹 2. Scanning and Enumeration

● Goal: Identify open ports, services, and detailed system information.

Scanning Types:

● Port Scanning – Find open ports (TCP/UDP).

● Vulnerability Scanning – Check for known vulnerabilities.

● Service Enumeration – Banner grabbing, OS detection.

Tools:
Nmap, Netcat, Nessus, Nikto, OpenVAS

🔹 3. Gaining Access
● Goal: Exploit vulnerabilities to gain unauthorized access.

Techniques:

● Exploiting misconfigurations

● Buffer overflows

● SQL injection

● Cross-site scripting (XSS)

● Brute force attacks

Tools:
Metasploit, sqlmap, Burp Suite, Hydra, John the Ripper

🔹 4. Maintaining Access
● Goal: Simulate how an attacker would create a backdoor to return later.

Techniques:
● Installing remote access trojans (RATs)

● Creating backdoors or persistence scripts

● Exploiting privilege escalation

Tools:
Netcat, Meterpreter, Empire, PowerSploit

🔹 5. Covering Tracks / Reporting

● Ethical hackers don’t hide their tracks maliciously, but they understand how attackers do.

Actions include:

● Clearing logs

● Modifying timestamps

● Removing tools and payloads

Then:

● Prepare a detailed report:

○ Vulnerabilities found

○ How they were exploited

○ Impact assessment

○ Recommendations for mitigation

⚙️ Common Tools Used in Pen Testing

Category Tools
Reconnaissanc theHarvester, Maltego,
e Recon-ng

Scanning Nmap, Nessus, OpenVAS

Exploitation Metasploit, sqlmap, Burp

Suite, XSSer

Password John the Ripper, Hydra,

Cracking Hashcat

Wireless Aircrack-ng, Kismet,

Testing Wireshark

Web App OWASP ZAP, Burp Suite, Nikto

Testing

Social SET (Social-Engineer

Engineerin Toolkit)
g

📚 Key Concepts to Understand

● Vulnerability vs Exploit: A flaw vs a method to take advantage of it.

● Payload: Code executed on the target (e.g., reverse shell).

● Post-Exploitation: Actions taken after initial access is gained.

● Privilege Escalation: Gaining higher-level access than originally obtained.

● Pivoting: Using one compromised machine to attack others.

🧠 Ethical and Legal Considerations

● Always have written permission before testing a system.

● Follow code of ethics (e.g., EC-Council's code for CEH).

● Misuse of skills can lead to criminal prosecution.

● Pen testing should aim to improve security, not damage systems.

🛡️ Certifications (Optional but Popular)

Cert Provider Level

CEH (Certified Ethical Hacker) EC-Council Entry-lev

OSCP (Offensive Security Certified Offensive Advance

Professional) Security d

CompTIA Pentest+ CompTIA Intermed

iate

CPT (Certified Penetration Tester) IACRB Intermed

iate
🧩 Resources for Practice
● TryHackMe – Guided labs for beginners.

● Hack The Box – Realistic CTF challenges.

● OverTheWire – Wargames for security concepts.

● OWASP Juice Shop – A vulnerable web app to practice on.

●

Ethical Hacking & Pen Testing Guide
No ratings yet
Ethical Hacking & Pen Testing Guide
49 pages
Ethical Hacking for IT Students
No ratings yet
Ethical Hacking for IT Students
8 pages
Penetration Testing
No ratings yet
Penetration Testing
2 pages
7 Penetration Testing (1) - Tagged
No ratings yet
7 Penetration Testing (1) - Tagged
49 pages
Ethical Hacking and Penetration Testing Lecture 1
100% (1)
Ethical Hacking and Penetration Testing Lecture 1
19 pages
2-Ethical Hacking Methodology
No ratings yet
2-Ethical Hacking Methodology
21 pages
Ethical Hacking Guide: Concepts & Practices
No ratings yet
Ethical Hacking Guide: Concepts & Practices
22 pages
Ethicalhcking Penatration Testing
No ratings yet
Ethicalhcking Penatration Testing
2 pages
Ethical Hacking and Penetration Testing
No ratings yet
Ethical Hacking and Penetration Testing
4 pages
EH JCE Class Notes
No ratings yet
EH JCE Class Notes
360 pages
Introductiontopentesting 190926185919
No ratings yet
Introductiontopentesting 190926185919
14 pages
Penetration Testing
No ratings yet
Penetration Testing
6 pages
Ethical Hacking
No ratings yet
Ethical Hacking
15 pages
Unit 5
No ratings yet
Unit 5
4 pages
Penetration Testing Guide
No ratings yet
Penetration Testing Guide
14 pages
IJCRT2311307
No ratings yet
IJCRT2311307
7 pages
1 - MSF-I - Introduction To MSF
No ratings yet
1 - MSF-I - Introduction To MSF
28 pages
Ethical Hacking for Beginners
100% (1)
Ethical Hacking for Beginners
5 pages
Ethical Hacking
No ratings yet
Ethical Hacking
16 pages
Vulnerability Assessment For Applications Security Through Penetration Simulation and Testing
No ratings yet
Vulnerability Assessment For Applications Security Through Penetration Simulation and Testing
22 pages
Pen Testing Basics
100% (2)
Pen Testing Basics
153 pages
Semi 1
No ratings yet
Semi 1
15 pages
KFA SCT 115 Security Computing Week 10
No ratings yet
KFA SCT 115 Security Computing Week 10
17 pages
7 Cyberssyll
No ratings yet
7 Cyberssyll
14 pages
Ethical Hacking Firefox Plugin by Srikanta Sen
No ratings yet
Ethical Hacking Firefox Plugin by Srikanta Sen
131 pages
Cybersecurity Threat Actors
No ratings yet
Cybersecurity Threat Actors
14 pages
Itec413 15
100% (1)
Itec413 15
33 pages
Penetration Testing
No ratings yet
Penetration Testing
28 pages
Nufuzetme 1
No ratings yet
Nufuzetme 1
6 pages
Ethical Hacking & Vulnerability Guide
No ratings yet
Ethical Hacking & Vulnerability Guide
25 pages
The Digital Landscape
0% (1)
The Digital Landscape
21 pages
1 Overview
No ratings yet
1 Overview
29 pages
Ethical Hacking
No ratings yet
Ethical Hacking
2 pages
Cours Ceh
No ratings yet
Cours Ceh
23 pages
Ethical Hacking and Penetration Testing
No ratings yet
Ethical Hacking and Penetration Testing
29 pages
03 Introduction To Penetration Testing Web and Wireless Security
No ratings yet
03 Introduction To Penetration Testing Web and Wireless Security
113 pages
Unit V-Eh-Notes-Q&a
No ratings yet
Unit V-Eh-Notes-Q&a
39 pages
Ethical Hacking Essentials
No ratings yet
Ethical Hacking Essentials
18 pages
Penetration Testing Guide & Types
No ratings yet
Penetration Testing Guide & Types
35 pages
Intro Pentesting
No ratings yet
Intro Pentesting
3 pages
Penetration Testing Insights
50% (2)
Penetration Testing Insights
15 pages
Ethical Hacking Presentation Complete
No ratings yet
Ethical Hacking Presentation Complete
16 pages
Introduction To EHPT
No ratings yet
Introduction To EHPT
20 pages
Os Mini Project Report Sample-1
No ratings yet
Os Mini Project Report Sample-1
19 pages
Introduction To Ethical Hacking
No ratings yet
Introduction To Ethical Hacking
2 pages
Exp-10 Pen Test 23-24 Even Sem
No ratings yet
Exp-10 Pen Test 23-24 Even Sem
2 pages
Ethical Hacking Introduction
No ratings yet
Ethical Hacking Introduction
29 pages
1) Introduction To Penetration Testing
No ratings yet
1) Introduction To Penetration Testing
8 pages
Ethical Hacking - UNIT 2-6
No ratings yet
Ethical Hacking - UNIT 2-6
9 pages
Ethicalhacking Scheme
100% (1)
Ethicalhacking Scheme
5 pages
Day 3
No ratings yet
Day 3
10 pages
Penetration Testing - Report
No ratings yet
Penetration Testing - Report
3 pages
Ehd Topic02 Ethicalhacker
No ratings yet
Ehd Topic02 Ethicalhacker
44 pages
Pentesting On Web Applications Using Ethical Hacking: Rina Elizabeth Lopez de Jimenez
No ratings yet
Pentesting On Web Applications Using Ethical Hacking: Rina Elizabeth Lopez de Jimenez
6 pages
Penetration Testing Assignment
No ratings yet
Penetration Testing Assignment
2 pages
Types of Penetration Testing
No ratings yet
Types of Penetration Testing
4 pages
Sebuah Seni Untuk Bersikap Bodo Amat
100% (13)
Sebuah Seni Untuk Bersikap Bodo Amat
251 pages
(ID) Komunikasi Itu Ada Seninya - Oh Su Hyang
100% (7)
(ID) Komunikasi Itu Ada Seninya - Oh Su Hyang
192 pages
Filosofi Teras - Henry Manampiring
100% (8)
Filosofi Teras - Henry Manampiring
346 pages
Think and Grow Rich Napolleon Hill
100% (4)
Think and Grow Rich Napolleon Hill
406 pages
Atomic Habits - Perubahan Kecil Yang Memberikan Hasil Luar Biasa by James Clear Ebook
88% (8)
Atomic Habits - Perubahan Kecil Yang Memberikan Hasil Luar Biasa by James Clear Ebook
356 pages
Berdamai Dengan Rasa Marah
100% (6)
Berdamai Dengan Rasa Marah
345 pages
Cerdik Berbicara Cerdas Menguasai Suasana - Jusra Chandra
100% (3)
Cerdik Berbicara Cerdas Menguasai Suasana - Jusra Chandra
173 pages
CamScanner Document
100% (1)
CamScanner Document
212 pages
(ID) Marketing Plan! Dalam Bisnis (Third Edition) Oleh Titik Wijayanti
100% (1)
(ID) Marketing Plan! Dalam Bisnis (Third Edition) Oleh Titik Wijayanti
210 pages
The Complete Cyber Security Course, Hacking Exposed
97% (31)
The Complete Cyber Security Course, Hacking Exposed
282 pages
Super Memory
100% (6)
Super Memory
166 pages
Rahasia Bersikap Tenang Dalam Kondisi Apa Pun (Sabrina Ara)
79% (14)
Rahasia Bersikap Tenang Dalam Kondisi Apa Pun (Sabrina Ara)
122 pages
Seni Hidup Minimalis (Terjemahan) by Francine Jay
100% (2)
Seni Hidup Minimalis (Terjemahan) by Francine Jay
278 pages
Baca Buku Ini Saat Engkau Ingin Berubah
100% (1)
Baca Buku Ini Saat Engkau Ingin Berubah
265 pages
Sebuah Seni Untuk Bersikap Bodo Amat
100% (5)
Sebuah Seni Untuk Bersikap Bodo Amat
256 pages
Ethical Hacking for Beginners
100% (9)
Ethical Hacking for Beginners
185 pages
200 ChatGPT Prompts
87% (60)
200 ChatGPT Prompts
14 pages
Hacking
87% (23)
Hacking
78 pages
Beginner's English Guide
100% (6)
Beginner's English Guide
282 pages
(Cover Baru) The Alpha Girl S Guide (Henry Manampiring)
92% (12)
(Cover Baru) The Alpha Girl S Guide (Henry Manampiring)
263 pages
Sukses Menjalin Relasi by Dale Carnegie Associates
100% (3)
Sukses Menjalin Relasi by Dale Carnegie Associates
228 pages
Linux Essentials For Cybersecurity
100% (23)
Linux Essentials For Cybersecurity
1,966 pages
Masak Lezat Chinese Food Ala Ny Liem
100% (1)
Masak Lezat Chinese Food Ala Ny Liem
137 pages
MeetBooks Repeated Text Document
No ratings yet
MeetBooks Repeated Text Document
184 pages
Pulang by Tere Liye
50% (2)
Pulang by Tere Liye
486 pages
Si Anak Badai - Tere Liye
100% (6)
Si Anak Badai - Tere Liye
304 pages
Kajian Magnet Rezeki - Edisi Revisi
100% (10)
Kajian Magnet Rezeki - Edisi Revisi
354 pages
Marketing 4.0 Bergerak Dari Tradisional Ke Digital
100% (1)
Marketing 4.0 Bergerak Dari Tradisional Ke Digital
196 pages
Ghozali 2018
67% (27)
Ghozali 2018
14 pages
TOEFL Structure Test Questions and Answers
88% (52)
TOEFL Structure Test Questions and Answers
48 pages
Algorithms in Assembly Programming
No ratings yet
Algorithms in Assembly Programming
6 pages
C Complete Overview
No ratings yet
C Complete Overview
15 pages
Algorithms in Math - Key Notes
No ratings yet
Algorithms in Math - Key Notes
3 pages
Linux File Viewing and Editing Commands
No ratings yet
Linux File Viewing and Editing Commands
1 page
Discrete Math Complete Overview
No ratings yet
Discrete Math Complete Overview
7 pages
Linux Process Management Commands
No ratings yet
Linux Process Management Commands
1 page
Finished 13.3.1 Packet Tracer - Use ICMP To Test and Correct Network Connectivity
No ratings yet
Finished 13.3.1 Packet Tracer - Use ICMP To Test and Correct Network Connectivity
2 pages
2 - Intro To Object-Object Oriented Paradigm
No ratings yet
2 - Intro To Object-Object Oriented Paradigm
28 pages
CCICOMP - Problem Set 1 Worksheet
No ratings yet
CCICOMP - Problem Set 1 Worksheet
3 pages
Finished 12.6.6 Packet Tracer - Configure IPv6 Addressing
No ratings yet
Finished 12.6.6 Packet Tracer - Configure IPv6 Addressing
3 pages
June 2024 IT P2 Answers
No ratings yet
June 2024 IT P2 Answers
16 pages
Cryptography Quiz for Students
No ratings yet
Cryptography Quiz for Students
13 pages
Privacy Policy for Property Managers
No ratings yet
Privacy Policy for Property Managers
2 pages
Deeper Investigating Adequate Secret Key Specifications For A Variable Length Cryptographic Cellular Automata Based Model
No ratings yet
Deeper Investigating Adequate Secret Key Specifications For A Variable Length Cryptographic Cellular Automata Based Model
21 pages
Public Key Infrastructure
No ratings yet
Public Key Infrastructure
10 pages
Cyber 1,2
No ratings yet
Cyber 1,2
57 pages
Information Assurance and Security
No ratings yet
Information Assurance and Security
4 pages
SDWAN Deployment and Troubleshooting Control Plane
No ratings yet
SDWAN Deployment and Troubleshooting Control Plane
106 pages
Cypherpunk Privacy Principles
100% (1)
Cypherpunk Privacy Principles
2 pages
Veribestthai Leaked by k3nnx
No ratings yet
Veribestthai Leaked by k3nnx
11 pages
Gov Secure Bulletin Board Login
No ratings yet
Gov Secure Bulletin Board Login
6 pages
Sophos-Intercept-X - For PCs License-Guide
No ratings yet
Sophos-Intercept-X - For PCs License-Guide
6 pages
Cyber Security in Legal Profession
No ratings yet
Cyber Security in Legal Profession
20 pages
19cse335 - VII Sem Mid-Term - Odd 2023
No ratings yet
19cse335 - VII Sem Mid-Term - Odd 2023
4 pages
Cryptlib Manual
No ratings yet
Cryptlib Manual
354 pages
Ethics Guide Privacy Versus Productivity: The BYOD Dilemma?: Group 1
No ratings yet
Ethics Guide Privacy Versus Productivity: The BYOD Dilemma?: Group 1
19 pages
Wireless Hacking Report
No ratings yet
Wireless Hacking Report
3 pages
Fluxion PDF 1642365199
No ratings yet
Fluxion PDF 1642365199
18 pages
EcoStruxure Building Management - System Hardening Guide
No ratings yet
EcoStruxure Building Management - System Hardening Guide
33 pages
Starsign Crypto Usb Token: High Security - Seamless Integration
No ratings yet
Starsign Crypto Usb Token: High Security - Seamless Integration
2 pages
Top 100 Ethical Hacking Tools 2023
67% (3)
Top 100 Ethical Hacking Tools 2023
28 pages
Cryptography and Security.
No ratings yet
Cryptography and Security.
3 pages
QC
No ratings yet
QC
2 pages
Cybersecurity Threats - Report
No ratings yet
Cybersecurity Threats - Report
8 pages
Securing Information Systems: Dr. Abhishek N. Singh
No ratings yet
Securing Information Systems: Dr. Abhishek N. Singh
32 pages
CSF Unit 1
No ratings yet
CSF Unit 1
15 pages
Spycloud Datasheet Vip Guardian
No ratings yet
Spycloud Datasheet Vip Guardian
2 pages
Create User Account
No ratings yet
Create User Account
19 pages
NFT Wallet Guide for Collectors
No ratings yet
NFT Wallet Guide for Collectors
4 pages
I.T CSEC Computer Security and Cybersecurity
No ratings yet
I.T CSEC Computer Security and Cybersecurity
54 pages