Before you go to a hacker world you should know a couple of term that is used in computer security in order to have a decent based knowledge about ethical hacking. In my ethical hacking class at the first day i was introduce with many common terms such as what is penetration testing, vulnerability assessment, black box testing, white box testing and many more.
so today i'm going to give a basic methodology that is in penetration testing. Penetration Testing, sometimes abbreviated as PenTest, is a process that is followed to conduct a hardcore security assessment or audit.
A methodology defines a set of rules, practices, procedures, and methods that are pursued and implemented during the course of any information security audit program
there are 2 types of testing:
Black-box testing
The black-box approach is also known as external testing. While applying this
approach, the security auditor will be assessing the network infrastructure from
a remote location and will not be aware of any internal technologies deployed
by the concerning organization
White-box testing
The white-box approach is also referred to as internal testing. An auditor involved in this kind of penetration testing process should be aware of all the internal and underlying technologies used by the target environment.
There have been various open source methodologies introduced to address security assessment needs. Using these assessment methodologies, one can easily pass the time-critical and challenging task of assessing the system security depending on its
size and complexity. Some of these methodologies focus on the technical aspect of security testing, while others focus on managerial criteria, and very few address both sides. The basic idea behind formalizing these methodologies with your assessment is to execute different types of tests step-by-step in order to judge the security of a system accurately. Therefore, we have introduced four such well-known security assessment methodologies to provide an extended view of assessing the network and application security by highlighting their key features and benefits. These include:
• Open Source Security Testing Methodology Manual (OSSTMM)
• Information Systems Security Assessment Framework (ISSAF)
• Open Web Application Security Project (OWASP) Top Ten
• Web Application Security Consortium Threat Classification (WASC-TC)
i encourage you to read these methodologies in order to dig deep understanding or security methodology and you can find all of these on the internet
in pentesting there are several steps you have to follow before doing an attacking to a target network.
these include:
Target scoping
Before starting the technical security assessment, it is important to observe and
understand the given scope of the target network environment.
Information gathering
Once the scope has been finalized, it is time to move into the reconnaissance phase.During this phase, a pentester uses a number of publicly available resources to learn more about his target.
Target discovery
This phase mainly deals with identifying the target's network status, operating
system, and its relative network architecture.
Enumerating target
This phase takes all the previous efforts forward and finds the open ports on the
target systems.
Vulnerability mapping
Until the previous phase, we have gathered sufficient information about the target network.It is now time to identify and analyze the vulnerabilities based on the disclosed ports and services.
Social engineering
Practicing the art of deception is considerably important when there is no open gate available for an auditor to enter the target network. Thus, using a human attack vector. actually in this phase it was not necessary to do social engineering
Target exploitation
After carefully examining the discovered vulnerabilities, it is possible to penetrate the target system based on the types of exploits available. Sometimes it may require additional research or modifications to the existing exploit in order to make it work properly
Privilege escalation
Once the target is acquired, the penetration is successful. An auditor can now move freely into the system depending on his access privileges.
Maintaining access
Sometimes an auditor may be asked to retain access to the system for a specified time period. Such activity can be used to demonstrate illegitimate access to the system without hindering the penetration testing process again.
Documentation and reporting
Documenting, reporting, and presenting the vulnerabilities found, verified, and
exploited will conclude our penetration testing methodology.
So this all i can give the information about penetration testing. i reference this information from a book called BackTrack-4-Assuring-Security-by-Penetration-Testing.
Have a lovely day ^_^
Thank you so much for your wonderful information…great work keep going…Looking for the best network penetration testing services in Hyderabad in your budget contact Cyanous software solutions now.
BalasHapusBest network penetration testing services in Hyderabad
Best software & web development company in Hyderabad
**Contact 24/7**
BalasHapusTelegram > @killhacks
ICQ > 752822040
Skype > Peeterhacks
Wicker me > peeterhacks
**HIGH CREDIT SCORES SSN FULLZ AVAILABLE**
>For tax filling/return
>SSN DOB Dl all info included
>For SBA & PUA
>Fresh spammed & Fresh database
**TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING
CARDING CASHOUT CLONING SCRIPTING**
Fullz info included
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
High credit fullz with DL 700+
(bulk order preferable)
**Payment in all crypto currencies will be accepted**
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers contact me for long term business & excellent profit
->Genuine & Verified stuff
TOOLS & TUTORIALS AVAILABLE:
"SPAMMING" "HACKING" "CARDING" "CASH OUT"
"KALI LINUX" "BLOCKCHAIN BLUE PRINTS" "SCRIPTING"
**TOOLS & TUTORIALS LIST**
=>US CC Fullz
=>Ethical Hacking Tools & Tutorials
=>Bitcoin Hacking
=>Kali Linux
=>Keylogger & Keystroke Logger
=>Bulk SMS Sender
=>Facebook & Google Hacking
=>Bitcoin Flasher
=>SQL Injector
=>Logins Premium (PayPal/Amazon/Coinbase/Netflix/FedEx/Banks)
=>Bitcoin Cracker
=>SMTP Linux Root
=>Shell Scripting
=>DUMPS with pins track 1 and 2 with & without pin
=>SMTP's, Safe Socks, Rdp's brute
=>PHP mailer
=>SMS Sender & Email Blaster
=>Cpanel
=>Server I.P's & Proxies
=>Viruses & VPN's
=>HQ Email Combo (Gmail, Yahoo, Hotmail, MSN, AOL, etc)
==>Contact 24/7<==
Telegram> @killhacks
ICQ> 752822040
Skype> Peeterhacks
Wicker me > peeterhacks
*Serious buyers are always welcome
*Big Discount in bulk order
*Offer gives monthly, quarterly, half yearly & yearly
*Hope we do a great business together
**You should try at least once**
Excellence blog!I read this article and I got far more about Advanced penetration testing certification course
BalasHapus