Lecture 1 on Advanced Pen-Testing with Kali Linux.
For Complete course visit
www.aspirantz.in
Visit my blog for user friendly tutorials & tips:
hackyourdreams.wordpress.com
Lecture 1 on Advanced Pen-Testing with Kali Linux.
For Complete course visit
www.aspirantz.in
Visit my blog for user friendly tutorials & tips:
hackyourdreams.wordpress.com
Lecture 1 on Advanced Pen-Testing with Kali Linux.
For Complete course visit
www.aspirantz.in
Visit my blog for user friendly tutorials & tips:
hackyourdreams.wordpress.com
Lecture 1 : Introduction What is Penetration Testing Offence for Defence White hat hackers do it for security. It is also referred to as ethical hacking Most effective method to identify systemic weaknesses and deficiencies Mimics the ways of a real malicious hacker in a non destructive way Why Penetration Testing Allows the business to understand if the mitigation strategies employed are actually working as expected Proving that they were able to compromise the critical systems targeted Prove without a doubt that the vulnerabilities that are found will lead to a significant loss of revenue What about Kali Linux Formerly Known as Backtrack Linux Distribution exclusively for Security Testing developed by Mati Aharoni and Devon Kearns of Offensive Security Includes tools for Pen-Testing, Reverse Engineering, Forensics, Stress testing, Hardware Testing and so on Highly configurable & uses open source tools Current Version 1.0.9 Prerequisites for a Pen-test Lab Windows/Linux/Mac OS as Host VM Client (Preferably VMWare Work Station) GNS3 Virtual Network Builder VMs: Its gonna be a long list(see next page) VMs Required Metasploitable2 Ubuntu 12.04+ Windows XP,7,8 MacOSX ML+ CentOS/RHEL 6 Windows Server 2003,2008,2012 Of course the one and only KALI Linux Installing the Kali Linux in a VM Create a new VM MIN:1 processor, 1GB RAM, 20GB HDD Select Kali Linux ISO for Disk Drive and change boot order Network settings: Change to Bridged connection(Discuss about Bridge, NAT, Virtual Networks) Turn on VM & in Kali menu select Graphical Install Proceed up to network configuration. If dhcp fails, set static IP Proceed till partitioning. In partitioning menu select Create custom layout Make new partition of size 18GB, select / as mount point & ext4 as filesystem. Make new partition from rest of the space. Select filesystemas swap. Discuss about advanced partitioning: separate /home, LVM, RAID etc. Standards of Pentesting PTES: Penetration Testing & Execution Standards OSSTM: Open Source Security Testing Methodology ISSAF: Information Systems Security Assessment Framework OWASP: Open Web Application Security Project LPT: Licensed Penetration Testing Penetration Testing Execution Standard New standard designed to provide both businesses and security service providers with a common language and scope for performing penetration testing Started in early 2009 after discussions from founders who were then in various departments Consists of 7 domains namely: Pre-engagement Interactions Intelligence Gathering Threat Modelling Vulnerability Analysis Exploitation Post Exploitation Reporting Open Source Security Testing Methodology Open Source Security Testing Methodology Manual (OSSTMM) was written by Pete Herzog, and is being distributed by Institute for Security and Open Methodologies (ISECOM) It gives emphasis on getting business value. If gives helpful broad description of categories of testing, and it includes step-by- step process description and information, but not deep with particular penetration testing tools and commands OSSTM covers Competitive Intelligence Review, Internet Security (port scanning, firewalls, etc. ), Communication Security, Physical Security, Wireless Security, etc. Includes numerous information-gathering templates. Information Systems Security Assessment Framework ISSAF is one of the largest free-assessment methodologies available Its Control tests has detailed instruction for operating testing tools and what results to look for Split into 2 docs One for business aspect & other with technical Open Web Application Security Project created to assist web developers and security practitioners to better secure web applications OWASP is non-profit organization & has created number of tools for testing web applications OWASP testing guide has become the standard for web application testing Version 3 was released in December of 2008 OWASP The OWASP testing methodology is split as follows: Information gathering Configuration management Authentication testing Session management Authorization testing Business logic testing Data validation testing Denial of service testing Denial of service testing Web services testing AJAX testing OWASP project also has a subproject called WEBGOAT that enables you to load a vulnerable website in a controlled environment to test these techniques against a live system. Licensed Penetration Testing The ECSA-LPT programme from EC-Council Licensed Penetration Tester licence provides assurance to your employer or prospective clients that you possess the ability to perform a methodological security assessment Developed after through analysis of other frameworks Bolstered by incorporating the strengths of other frameworks into one certification PenTest Classifications White Box Black Box White Box Pen Testing Inside details of the System/Network/Programe is known Mostly sourcecode/topology/infrastructure is given before testing starts Deep and thorough testing Maximizes testing time Extends the testing area where black box testing can not reach (such as quality of code, application design, etc.) Non realistic attack Black Box Pent Testing Takes the approach of an uninformed/real attacker No previous information about the target system/network/code It simulates a very realistic scenario Testing time can not be maximised in certain scenarios Grey Box Pen Testing In between that of White & Black Only Minimal details are known to the Pen-tester. Saves Reconnaissance time Vulnerability Assessment Vulnerability assessments are necessary for discovering potential vulnerabilities throughout the environment Many Automation tools available Examples are Nessus, GFI Languard, NeXopose Lynsis etc Systems are typically enumerated and evaluated for vulnerabilities with or without authentication Full exploitation is not done during Vulnerability assesment Scope of Test determins what, when & how to test. Scope of VAPT Details, procedures,rules & agreements to be considered Main details include Contract between Company & Pentester Black Box or White Box Range of IP & Systems tested How are compromised systems or dbs handled Other legal issues This list varies in accordance to methodology adopted Test Profiling Understanding Client requirements Modifying scope on the basis of clients needs Dealing with legal concerns Taking necessary legal precautions Preparing an action plan Check listing the plan Cross verifying that it meet the client requirements Framing the test Boundary Frame the boundary of test Determine what & what not to look into In case of urls, determine the base url Estimate the time required testing Deploy teams accordingly Vulnerability Assessment V/S Penetration Testing Penetration Testing is the post process of Vulnerability Assessment Exploitation of systems occurs in Pen-Tests Complete Enumeration of a system takes place during VA Vulnerability Report includes details of Vulnerability, Impact, and Patch information. Pen test report only proves that a found-out vulnerability exists & it Is exploitable Advanced Penetration Methodologies Includes more secure environments Patched environments Managed system configuration & hardened policies Multi layered DMZs Highly configured Firewalls IDS/IPS systems Both Wired & Wireless Web-App Intrusion Detection systems These environments make VAPT harder Advanced PT goes beyond any standards, taking advantage of new threats & security researches Its the Pen-testers duty to make the client confident that their systems are hard to break into But remember Nothing(Data) is Completely Secure