A penetration test, or pentest, is an authorized, simulated attack on a computer system, performed to evaluate the security of the system by actively exploiting found vulnerabilities. Also called Ethical hacking.
Penetration Testing Requirements
Scope document of what will be tested.
Permission to test (get-out-of-jail-free card).
Skills to attack resources limiting harm or collateral damage.
Plan of attack/steps.
Resources & access to conduct the test.
Information Gathering, Discovery, & Reconnaissance
Passive Reconnaissance - An attempt to gain info about targeted computers and networks without actively engaging with the systems. Examples: collecting information from public databases, talking to employees/partners, dumpster diving, etc.
Active Reconnaissance- Gathering information about targeted systems by actively engaging with the targeted system. Directly focuses on the system (port scans, traceroute info, network mapping, vulnerability scanning) to identify weaknesses that could be used to launch an attack.
Types of Testing
Black Box - The tester has no knowledge of the system and is functioning in the same manner as an outside attacker.
White Box- The tester has significant knowledge of the system. This simulates an attack from an insider - a rogue employee.
Gray Box - This is a middle ground between the first two types of testing. In gray box testing, the tester has some limited knowledge of the target system.
Non-intrusive Tests - Involve passively testing security controls, performing vulnerability scans and probing for weaknesses but not exploiting them.
Intrusive Tests- Involve actually trying to exploit vulnerabilities to break into the network.
Penetration Testing Activities
Initial Exploitation- Gain a foothold on a system/network. This is often with lesser privileges or access.
Pivot - Attacking a system using another, compromised system that's trusted to the one you are attacking. Often done on the same network through island hopping.
Persistence - Maintaining access for a period of time / hiding.
Escalation of Privilege - Gaining elevated privileged access to resources that are normally protected from an application or user.
Penetration Testing vs Vulnerability Scanning vs Risk Assessment
See definition above. A penetration test is essentially an attempt to exploit these vulnerabilities.
Vulnerability Scanning - Allows tester to identify specific vulnerabilities in a network, system, or application. Most penetration testers will start with this procedure so that they can identify likely targets to attack.
Risk Assessment - Allows an organization to understand the cyber-security risk to organizational operations (including mission, functions, image, or reputation), organizational assets, systems, or individuals.