Penetration Testing - CompTIA Security+ SY0-701 - 4.3

Pentest

Simulate an attack

Similar to vulnerability scanning, but performing actual exploits

Often a compliance mandate

- Regular pen testing done by 3rd party

NIST Technical Guide to Information Security

https://professormesser.link/800115

Rules of Engagement

• An important document

- Defines purpose and scope

- Makes everyone aware of the test parameters

• Type of testing and schedule

- On-site physical breach, internal test, external test

- Normal working hours, after 6 PM only, etc.

• The rules

- IP address ranges

- Emergency contacts

- How to handle sensitive information

- In-scope and out-of-scope devices or applications

Exploiting Vulnerabilities

• Try to break into the system

• Be careful; this can cause

a denial of service or loss of data

• Buffer overflows can cause instability

• Gain privilege escalation

• You may need to try many

different vulnerability types

• Password brute-force

• Social engineering

• Database injections

• Buffer overflows

• You'll only be sure you're vulnerable

if you can bypass security

• If you can get through, the bad guys can get through

The process

Initial exploitation

- Get into the network

Lateral movement

- Move from system to system

- The inside of the network is relatively unprotected

Persistence

- Once you're there, you need to make sure theres a way back in]

- Set up a backdoor, build user accounts, change or verify default passwords

The pivot

- Gain access to systems that would normally not be accessible

- Use a vulnerable system as a proxy or relay

Responsible disclosure program

• It takes time to fix a vulnerability

- Software changes, testing, deployment, etc.

• Bug bounty programs

- A reward for discovering vulnerabilities

- Earn money for hacking a system

- Document the vulnerability to earn cash

• A controlled information release

- Researcher reports the vulnerability

- Manufacturer creates a fix

- The vulnerability is announced publicly