Read Time:5 Minute, 46 Second

What is Penetration Testing

• Offence for Defense
• White hat hackers do it for security.
• It is also referred to as ethical hacking
• Most effective method to identify systemic weaknesses and deficiencies
• Mimics the ways of a real malicious hacker in a non destructive way




Why Penetration Testing

•Allows the business to understand if the mitigation strategies employed are actually working as expected
•Proving that they were able to compromise the critical systems targeted
•Prove without a doubt that the vulnerabilities that are found will lead to a significant loss of revenue


What about Kali Linux

•Formerly Known as Backtrack
•Linux Distribution exclusively for Security Testing developed by MatiAharoniand Devon Kearnsof Offensive Security
•Includes tools for Pen-Testing, Reverse Engineering, Forensics, Stress testing, Hardware Testing and so on
•Highly configurable & uses open source tools


Prerequisites for a Pen-test Lab

•Windows/Linux/Mac OS as Host
•VM Client (Preferably VMWare Work Station)
•GNS3 Virtual Network Builder
•VMs: It’s gonnabe a long list(see next page


VMs Required

•Ubuntu 12.04+
•Windows XP,7,8
•CentOS/RHEL 6
•Windows Server 2003,2008,2012
•Of course the one and only KALI Linux

Installing the Kali Linux in a VM

•Create a new VM
•MIN:1 processor, 1GB RAM, 20GB HDD
•Select Kali Linux ISO for Disk Drive and change boot order
•Network settings: Change to Bridged connection(Discuss about Bridge, NAT, Virtual Networks)
•Turn on VM & in Kali menu select Graphical Install
•Proceed up to network configuration.
•If dhcpfails, set static IP
•Proceed till partitioning.
•In partitioning menu select Create custom layout
•Make new partition of size 18GB, select / as mount point & ext4 as filesystem.
•Make new partition from rest of the space. Select filesystemas swap.
•Discuss about advanced partitioning: separate /home, LVM, RAID etc.


Standards of Pentesting

•PTES: Penetration Testing & Execution Standards
•OSSTM: Open Source Security Testing Methodology
•ISSAF: Information Systems Security Assessment Framework
•OWASP: Open Web Application Security Project
•LPT: Licensed Penetration Testing

Penetration Testing Execution Standard

•New standard designed to provide both businesses and security service providers with a common language and scope for performing penetration testing
•Started in early 2009 after discussions from founders who were then in various departments
•Consists of 7 domains namely:
•Pre-engagement Interactions
•Intelligence Gathering
•Threat Modelling
•Vulnerability Analysis
•Post Exploitation


Open Source Security Testing Methodology

•Open Source Security Testing Methodology Manual (OSSTMM) was written by Pete Herzog, and is being distributed by Institute for Security and Open Methodologies (ISECOM)
•It gives emphasis on getting business value.
•If gives helpful broad description of categories of testing, and it includes step-by-step process description and information, but not deep with particular penetration testing tools and commands
•OSSTM covers Competitive Intelligence Review, Internet Security (port scanning, firewalls, etc. ), Communication Security, Physical Security, Wireless Security, etc.
•Includes numerous information-gathering templates.


Information Systems Security Assessment Framework
•ISSAF is one of the largest free-assessment methodologies available
•It’s Control tests has detailed instruction for operating testing tools and what results to look for
•Split into 2 docs
•One for business aspect & other with technical

Open Web Application Security Project

•created to assist web developers and security practitioners to better secure web applications
•OWASP is non-profit organization & has created number of tools for testing web applications
•OWASP testing guide has become the standard for web application testing
•Version 3 was released in December of 2008


The OWASP testing methodology is split as follows:
•Information gathering
•Configuration management
•Authentication testing
•Session management
•Authorization testing
•Business logic testing
•Data validation testing
•Denial of service testing
•Denial of service testing
•Web services testing
•AJAX testing
OWASP project also has a subproject called WEBGOAT that enables you to load a vulnerable website in a controlled environment to test these techniques against a live system.
Licensed Penetration Testing
•The ECSA-LPT programme from EC-Council
•Licensed Penetration Tester licence provides assurance to your employer or prospective clients that you possess the ability to perform a methodological security assessment
•Developed after through analysis of other frameworks
•Bolstered by incorporating the strengths of other frameworks into one certification

PenTest Classifications

•White Box
•Black Box
White Box Pen Testing
•Inside details of the System/Network/Programeis known
•Mostly sourcecode/topology/infrastructure is given before testing starts
•Deep and thorough testing
•Maximizes testing time
•Extends the testing area where black box testing can not reach (such as quality of code, application design, etc.)
•Non realistic attack

Black Box Pent Testing

•Takes the approach of an uninformed/real attacker
•No previous information about the target system/network/code
•It simulates a very realistic scenario
•Testing time can not be maximised in certain scenarios


Grey Box Pen Testing

•In between that of White & Black
•Only Minimal details are known to the Pen-tester.
•Saves Reconnaissance time
Vulnerability Assessment
•Vulnerability assessments are necessary for discovering potential vulnerabilities throughout the environment
•Many Automation tools available
•Examples are Nessus, GFI Languard, NeXoposeLynsisetc
•Systems are typically enumerated and evaluated for vulnerabilities with or without authentication
•Full exploitation is not done during Vulnerability assesment
•Scope of Test determinswhat, when & how to test.


Scope of VAPT

•Details, procedures,rules& agreements to be considered
•Main details include
•Contract between Company & Pentester
•Black Box or White Box
•Range of IP & Systems tested
•How are compromised systems or dbshandled
•Other legal issues
•This list varies in accordance to methodology adopted


Test Profiling

•Understanding Client requirements
•Modifying scope on the basis of client’s needs
•Dealing with legal concerns
•Taking necessary legal precautions
•Preparing an action plan
•Check listing the plan
•Cross verifying that it meet the client requirements
Framing the test Boundary
•Frame the boundary of test
•Determine what & what not to look into
•In case of urls, determine the base url
•Estimate the time required testing
•Deploy teams accordingly

Vulnerability Assessment V/S Penetration Testing

•Penetration Testing is the post process of Vulnerability Assessment
•Exploitation of systems occurs in Pen-Tests
•Complete Enumeration of a system takes place during VA
•Vulnerability Report includes details of Vulnerability, Impact, and Patch information.
•Pen test report only proves that a found-out vulnerability exists & it Is exploitable

Advanced Penetration Methodologies

•Includes more secure environments
•Patched environments
•Managed system configuration & hardened policies
•Multi layered DMZs
•Highly configured Firewalls
•IDS/IPS systems –Both Wired & Wireless
•Web-App Intrusion Detection systems
•These environments make VAPT harder
•Advanced PT goes beyond any standards, taking advantage of new threats & security researches
•It’s the Pen-testers’ duty to make the client confident that their systems are hard to break into
•But remember “ Nothing(Data) is Completely Secure”

For More Message Me on Instagram :

Im Krishanu Sharma Web Penetration tester And Ethical Hacker Who Works for country’s wellness and to improve Indian Cyber Space

and make India Better in cyber field

About Post Author

Indian Cyber Troops

Indian Cyber Work For Nation's Wellness And Nation's Security We Share new and unique things with you Jai Hind Jai Shri Ram