The document discusses ethical hacking and penetration testing. It begins by defining hacking and clarifying that hacking is not always illegal, harmful, or unethical. It then differentiates between vulnerability assessments, penetration tests, and security tests. Various types of hackers (white hat, black hat, gray hat) and penetration tests (white box, black box, gray box) are defined. The stages of a penetration test are outlined as pre-engagement, information gathering, threat modeling, vulnerability analysis, exploitation/post-exploitation, and reporting. Different penetration testing methodologies and activities like network penetration tests and mobile application tests are also mentioned.

1. Ethical Hacking and Defence
Introduction to Hacking/
Penetration Testing (Pen Test)
Remember: You are as secure as your weakest link
Er. Jay Nagar (Cyber Security Researcher)
Intern At CyberCell

2. What is Hacking
•Making use of a system in a way which was not intended
•Examples:
•Accessing a system without a required password
•Opening a lock without the key
•Gaining control of software through the use of an exploit
•Leveraging a flaw in a system to make it do something unexpected

3. Clarifications
•Hacking isn’t always illegal
•Hacking isn’t always harmful
•Hacking isn’t always wrong (unethical)
•We are learning to use hacking in a legal and ethical way
•Legitimate purposes of hacking – pen-testing, security auditing

4. Some Terminologies – Understand the Difference
•Vulnerability Assessment – enumerates all the vulnerabilities found
in an application or on a system and document them
•Penetration Test - an activity in which an ethical hacker attempts to
break into a company’s network or applications to find weak links and
exploits them
•Security Test – more than an attempt to break in; analyses a
company’s security policy, procedures, and report any vulnerabilities
to management

5. Some Terminologies – Understand the Difference
•A security test takes penetration testing to a higher level
•If we have to sequence all these terms, what would be the correct
order?

6. Some Terminologies – Understand the Difference
•A security tester does not has the ability to make a network
impenetrable
•The only way – unplug the network cable 
•Security tester suggest possible remediations to the weaknesses
found (such as updating an Operating System or installing the latest
security patch of an application/firmware)

7. Some Terminologies – Understand the Difference
•As a penetration tester:
• You simple report your findings to the company
• It is then upto the company to make the final decision on how to use the
information you have supplied
•Security tester may be required to offer solutions for securing or
protecting the network
•In reality, the two activities often crossover

8. Some Terminologies – Understand the Difference
•The term ‘hacker’ and ‘cracker’ diluted
• In olden days, hacker was considered as a good guy and cracker to be the
bad guy (criminal hacker)
• Another understanding:
• Hacker accesses a computer system or network without the authorization of
the system’s owner – breaking the law and can be prosecuted
• Cracker – breaks into the system and steal/destroy the information or
system

9. Some Terminologies – Understand the Difference
•The US Department of Justice labelled all illegal access to computer
or network systems a hacking
•Hacker (or hacking) is an abused term often confused with cyber
criminal
•Ended up using the terms ‘hacker’ (bad guy) and an ‘ethical hacker’
(good guy)
•A cyber criminal (hacker) - an individual who maliciously breaks into a
computer system

10. Some Terminologies – Understand the Difference
•An ethical hacker:
• Performs most of the same activities a hacker does but with the
company’s permission and help them in securing the infrastructure
• Having a permission decides whether the entity conducting the test can
be charged or otherwise
• Contracted to perform to perform penetration tests or security tests
• Help identify flaws in the network design

11. Some Terminologies – Understand the Difference
•An ethical hacker:
• Identify issues in software/applications
• Advise on potential fixes to the security issues – fixing is not the job
•The aim is to deny intruders access to a network or computer systems
by finding the weak points that can be leveraged

12. Some Terminologies – Understand the Difference
•Generally, an ethical hacker should be able to:
• Perform vulnerability, attack, and penetration assessments in Internet,
Intranet, and wireless environments
• Discover and scan for open ports and services
• Apply appropriate exploits to gain access and expand access
• Produce reports documenting discoveries during the engagement
• Have good understanding of current country, state cyber laws

13. Types of Hackers
•White Hat Hackers
•Black Hat Hackers
•Gray Hat Hackers
https://cryptomode.com/white-hat-black-hat-gray-hat-hackers-whats-the-difference-between-them/
DIGITECH JAY

14. Types of Hackers
•White Hat Hackers
• Are the ethical hackers
• Secure companies and organisations IT systems
• Examine the network in the same manner as a criminal hacker to better
understand its vulnerabilities to help improve its defence posture
• Contracted by the company or internal employees
• Have legal permissions

15. Types of Hackers
•Black Hat Hackers
• Perform illegal activities
• Are crackers/cyber-criminals
• Cause harm to the infrastructure
• Backed by organized crime or nation states

16. Types of Hackers
•Gray Hat Hackers
• Sits between the good guys and the bad guys
• Follow the law but sometimes go beyond their mandate and gain
access to a system without permission (out of their curiosity)
• E.g. installing backdoor for later use or selling confidential
information

17. Types of Penetration Tests (Security Tests)
•White Box (Full-Knowledge Tests)
•Black Box (No-Knowledge Tests)
•Gray Box (Partial-Knowledge Tests)
**Decided at the time of defining the scope of pen-test
**Depends on the organization’s needs
DIGITECH JAY

18. Types of Penetration Tests (Security Tests)
•White Box (Full-Knowledge Tests)
• All information about the target is provided (system, network, etc.)
• Common in internal/onsite penetration tests
• Allows the tester to follow more structured approach
• Spend less time in information gathering
• More time to probe for the vulnerabilities

19. Types of Penetration Tests (Security Tests)

20. Types of Penetration Tests (Security Tests)
•Black Box (No-Knowledge Tests)
• Tester has no knowledge of the target network or its systems
• Simulates an outside attack or as if an external attacker has launched the
attack
• Spend more time in information gathering (profile its strengths and
weaknesses)
• Unbiased (can only see public IPs, firewall’s external interface, systems in
DMZ)

21. Types of Penetration Tests (Security Tests)
•Black Box (No-Knowledge Tests) (cont..)
• Takes more time to perform security tests
• More expensive
• Focus is on external attackers (does not take into consideration attacks
launched by internal attackers)

22. Types of Penetration Tests (Security Tests)
DIGITECH JAY

23. Types of Penetration Tests (Security Tests)
•Gray Box (Partial-Knowledge Tests)
• Internal test
• Some information is provided and some hidden
• Goal is to determine what insiders can access
• E.g. names of applications running are provided but their exact version
isn’t provided

24. Types of Penetration Tests (Security Tests)
DIGITECH JAY

25. Penetration Tests
•Network Penetration Test
•Web Application Penetration Test
•Mobile Application Penetration Test
•Social Engineering Penetration Test
•Physical Penetration Test

26. Stages of Penetration Test
•Pre-engagement phase
•Information gathering phase
•Threat Modelling
•Vulnerability Analysis
•Exploitation/Post-Exploitation
•Reporting

27. Stages of Penetration Test
•Pre-engagement phase
• Map out the scope to ensure everyone is on the same page
• Always clarify to your client the difference between a vulnerability and pen-
test
• Understand client’s business goals for the activity
• Understand about the fragile devices you need to be careful with when
testing

28. Stages of Penetration Test
•Pre-engagement phase
• Essential to understand client’s business
• Scope
• IP addresses (which one to scan)
• Actions that you as a pen tester can take (use of exploit to bring down a
service
• Social engineering attack are allowed or not
• Type of test
• What systems to probe

29. Stages of Penetration Test
•Pre-engagement phase
• When can you perform the test (hours/days), start and stop dates
• How to communicate critical findings (use of encrypted email, etc.)
• A “get out of jail” card
• Everything in writing – nothing verbal
• If the target is not owned by the company, do they have the approval
• Understand the person you are communicating with has right knowledge

30. Stages of Penetration Test
•Pre-engagement phase
• Discuss about confidentiality/non-disclosure agreement – keeping the
findings confidential
• Include it in the written contract
• Know the relevant local, state, and federal laws

31. Stages of Penetration Test
•Information Gathering
• Begins after pre-engagement phase
• No direct interaction with the network/system being examined
• Use freely available sources to gather information about the target
(OSINT)
• Also known as passive scanning (company’s website, source code, social
networking sites, dumpster diving, etc.)

32. Stages of Penetration Test
•Threat Modelling
• Based on the OSINT methods, a pen-tester undertakes threat modelling
• Think like attackers and develop plans based on the information gathered

33. Stages of Penetration Test
•Vulnerability Analysis
• Discover vulnerabilities in the system (active scanning)
• Run vulnerability scanners
•Exploitation/Post-Exploitation
• Take advantage of the vulnerabilities using exploits
• How a successful exploit might lead to a post-exploitation (further
leveraging the weakness, escalate privileges)

34. Stages of Penetration Test
•Reporting
• Present the findings for executives and technical team
• Debrief/Deliver presentation and highlight key findings

35. Stages of Penetration Test
•There exist different ways to represent pen-testing stages. Another way
of defining the stages are:
• Gain Permission
• Enumerate and Discover
• Gain Access
• Move Laterally
• Elevate Privileges
• Control Network
• Report and Debrief

36. Stages of Penetration Test
DIGITECH JAY

37. Tutorial Activity
•Building a Penetration Testing Lab
•You would not be able to proceed, if you don’t set-up your lab now

38. Ethical Hacking and Defense
Thank You
&
Questions
Er. Jay Nagar (Cyber Security Researcher)
Intern At CyberCell
+91-9601957620