Please enable JavaScript.
Coggle requires JavaScript to display documents.
Network Security - Pentesting (How to pentest? (Technical requirements /…
Network Security - Pentesting
What is pentesting
short for penetration testing
attacking a system or network
with consent of the owner
simulating and attacker
goal: Fin relevant security problems and fix them
attacker has one simple goal: to get the goal
being nice to you
your money
your user data
your system
problem: no two attackers are the same
Why doing pentesting?
doing the right thing
requirements from institutions/regulators
heavily regulated markets
selling point to cutomers
avoiding liability
data protection
enabling risk management
How to pentest?
Technical requirements / Technology used
OS/Network infrastructure knowledge
Think/thin/local client applications
Web applications
mobile applications
Social Engineering
Pishing
CEO Scams
people cannot imagine that they would fall for this
whitebox / blackbox
broad spectrum of topics
generalist vs. specialist
never on productive system
Phases of pentest
Preperation / Scoping
How does the project work
what does the project do
understand business perspective
what goals are critical -> CIA
what happens if system goes down
how much does it cost
how long to restore
Whats the infrastructure
where are interesting points
what are starting points
how many people do you need
what kind of specialization
where to spend the time
scope
together with the client
that systems are off limit
when are you doing your test
"every pentest is an individual, delivate flower"
Reconnaisance
Passive information gathering
what is running and where
information gathering
fine tune preperation phase
public availabe data as source
where to get more information
DNS
WHOis
network ranges
company structures/subsidiaries
dumpster diving
web scraping
social media
Enumeration
active information gathering
identify attack vectors
port scanning
scripts
connecting to single services
version information
running software
jop between subnets / subsystems
firewalls / proxies, etc
Exploitation
exploit weaknesses found durin enumeration
proof of concept (POC) to show what you did
video recording works great
where to get the POC
roll your own exploits
use already published ones if available
metasploit
try to bruceforce logins
compute found password hashs
use credentials to access other systems
try do DoS if availability is goal
Documentation
ideally during the pentest
at least take notes
document findings so you will understand qhat you did in 2 years
take screenshots
results should be reproducable
deliver a nice report
in the report
suggestion how to fix
risk analysis
Debriefing
discuss the report and its findings with the client
advise on further actions and time frame