This document provides an introduction to penetration testing. It defines penetration testing as security testing that mimics real-world attacks to identify vulnerabilities. It outlines the importance of penetration testing to understand threats, reduce attack surfaces, and improve security. The document describes the main types of penetration testing as black box, white box, and grey box. It then explains the typical penetration testing methodology of reconnaissance, scanning, gaining access, maintaining access, privilege escalation, and reporting. Finally, it provides an overview of common penetration testing tools used at each stage of the methodology.

1. Introduction to
Penetration Testing
Obika Gellineau
KPMG
Trinidad and Tobago

2. Agenda
● What is a Penetration Test?
● Importance of Pentesting
● Types of Pentesting
● Pentesting Methodology
● Pentesting Tools
● Demo

3. What is a
Penetration Test?

4. What is a Penetration Test (or Pentest)?
“Security testing in which evaluators mimic real-world
attacks in an attempt to identify ways to circumvent the
security features of an application, system, or network.”
- NIST SP 800-115

5. What is a Penetration Test?
A penetration test:
● Identifies vulnerabilities in systems and networks
● Is a good security practice
● Should be done prior to an system / application going “live”
● Builds confidence and trust in the security measures utilized

6. Importance of
Pentesting

7. Importance of Pentesting - Overview
Penetration
Testing
Security
Vulnerabilities
★ Understanding
threats to IT
systems and networks
★ Reducing attack
surfaces
★ Improves security
monitoring
★ Secures software
development and
architecture
practices
★ Broken Access
Control
★ Data Leakage
★ Misconfigurations
★ Unpatched systems
and applications
★ Injection
★ Software and Data
Integrity Failures
★ Security Logging
Failures
★ Forgery requests

8. Types of Pentesting

9. Types of Pentesting
1) Black Box
2) White Box
3) Grey Box

10. Types of Pentesting - Black Box
● No information is given to
the ethical hacker.
● Only publicly available
information about the
company is utilized.
● Testing is external to the
company’s network.
Advantages:
● Low-cost
● Real-world scenario
● Disclosure of information
found on the dark web
Disadvantages:
● Testing is not “in-depth”
● Internal testing not done

11. Types of Pentesting - White Box
● Information on the
company’s network and/or
systems are provided.
● Testing is usually internal
to the company’s network.
Advantages:
● Minimal effort on hacking
approach and execution
● Minimal research required
on company and its systems
Disadvantages:
● High-cost
● Very labour intensive
depending on the number of
systems and scale of
network

12. Types of Pentesting - Grey Box
● Mixture of black box and
white box testing.
● Information is provided on
some or all of the
company’s systems and
networks.
● Testing is external and
internal to the company’s
network.
Advantages:
● Minimal research required
for company and its systems
● Attack approaches come from
both sides of the network
Disadvantages:
● Relatively high cost
● Effort can be high

13. Pentesting
Methodology

14. Pentesting Methodology - Overview
Reconnaissance
Obtaining information about
the target
Privilege Escalation
Attacking the system to gain
administrator access
Scanning and Fingerprinting
Identifying systems,
services and vulnerabilities
Maintaining Access
Leveraging a vulnerability to
maintain access on the
target’s system
Gaining Access
Attacking the target’s
system through an identified
vulnerability to gain access
Penetration
Testing
Methodology

15. Pentesting Methodology - Project Approach
Start
Determine Scope
(Rules of engagement)
Conduct
Penetration Test
Clear Tracks Report
End

16. Pentesting Tools

17. Pentesting Tools
Privilege Escalation
05
● Credential Cracking - Mimikatz, Hydra, etc.
● Kernel Exploits - CVE Database, NVD, etc.
● Automated Exploits - Metasploit, Cobalt Strike, etc.
Maintaining Access
04 ● Reverse Shells - ncat, socat, MSFVenom, etc.
● Local Enumeration Tools - LinEnum, LinPEAS, etc.
Gaining Access
03
● Public Exploits - ExploitDB, Seachsploit, etc.
● Brute forcing - Hashcat, Hydra, etc.
● Automated Exploits - Metasploit, sqlmap, etc.
Scanning and Fingerprinting
02
● Port Scanners - nmap, zenmap, hping3, etc.
● Vulnerability Scanners - Nessus, OpenVAS, etc.
● Web Proxies - OpenZAP, Burp Suite
Reconnaissance
01
● Port Scanners - nmap, zenmap, hping3, etc.
● OSINT Tools - spiderfoot, recon-ng, etc.
● Search Engines - Google, Bing, Yahoo, etc.

18. Demo

19. Demo
● Penetration Test of a Capture The
Flag (CTF) challenge named “All
in One”.
● Cyber Security Training Platform
- Try Hack Me
(https://tryhackme.com)

20. THANK YOU
linkedin.com/in/obikag