-
Penetration Testing
-
Penetration Testing:
- Security experts attempt to exploit known vulnerabilities, and find unknown vulnerabilities, with the consent of an organization.
- Requires advanced skills.
- The goal of penetration testing is to direct an organization's security policy.
- Requires both automatic and manual tools.
-
Security experts may also be called:
- White Hat Hackers
- Ethical Hackers
- Pen Testers
-
List common methodologies used to perform penetration testing:
-
Open Source Security Testing Methodology Manual (OSSTMM):
- Freely obtained from ISECOM
-
NIST Penetration Testing:
- Discussed in NIST SP800-115.
- Less thorough than OSSTMM.
- Many organizations find it satisfactory because it was created by the US government.
- It sometimes refers to the OSSTMM rather than providing more detail.
-
Reconnaissance
-
Passive Reconnaissance:
- Gaining information about a target system without engaging the system.
- Basic Port Scans
-
Active Reconnaissance:
- Gaining information about a target system using active, engaging techniques.
- Using information gathered from a basic port scan to exploit vulnerabilities associated with those ports
-
Techniques
-
Race Condition:
- A system or application is performing two tasks dependent on the same parameters, and the time between them can be exploited.
-
Also known as:
- Time-of-Check-to-Time-of-Use (TOCTOU) Attacks
-
Pivot:
- A technique used to gain access to other systems or other parts of the network after an initial system has been exploited.
-
Chaining:
- Pen testers may try to exploit a single vulnerability, or get full control of the system by chaining multiple vulnerabilities, security gaps, and misconfigurations together.
-
Persistence
- When performing a penetration test for an employer, persistence is the practice of returning to a vulnerability at a later date in the testing process to ensure that the target system, with new security measures in place, is able to withstand new means of attack.
-
Describe ways to make your system resilient to persistent threats:
- To develop systems that are resilient to persistent threats, configure a master image for all systems within your organization, utilize snapshots, or revert to known secure states after a potential security event.
-
Escalation of Privilege
- Exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would’ve been protected from an application or user.
- This results in a user gaining additional privileges, more than were originally intended by the developer of the application
-
Test Types
-
Black Box:
- The tester has little or no knowledge of the computer, infrastructure, or environment that is being tested.
- This simulates an attack from a person who is unfamiliar with the system.
-
White Box:
- The tester is provided with complete knowledge of the computer, user credentials, infrastructure, or environment to be tested.
-
Gray Box:
- The tester is given limited inside knowledge of the system or network.