NA
Uploaded byNezar Alazzabi
PPTX, PDF11,027 views

Introduction to penetration testing

This document provides an overview of penetration testing, describing its purpose, types (black-box and white-box testing), and essential steps involved in the process. It covers common types of cyber attacks and vulnerabilities, as well as tools and techniques used by penetration testers. Additionally, the document outlines the roles, responsibilities, and certifications relevant to the field of penetration testing.

Embed presentation

Downloaded 143 times
Penetration Testing These Slides to those who want to enter and learn about the world of Penetration Testing. Nezar Alazzabi 2019-09-25
What is penetration Testing Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit, Penetration testing can be automated with software applications or performed manually Either way. The process of pen testing involves gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. The main objective of penetration testing is to identify security weaknesses. Penetration testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.
Types of Penetration Testing BLACKBOX TESTING In a black-box testing assignment, the penetration tester is placed in the role of the average hacker, with no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network This means that black-box penetration testing relies on dynamic analysis of currently running programs and systems within the target network. A black-box penetration tester must be familiar with automated scanning tools and methodologies for manual penetration testing. Black-box penetration testers also need to be capable of creating their own map of a target network based on their observations since no such diagram is provided to them. WHITEBOX TESTING White-box testing goes by several different names, including clear-box, open-box, auxiliary and logic-driven testing. It falls on the opposite end of the spectrum from black-box testing and penetration testers are given full access to source code, architecture documentation and so forth. The main challenge with white-box testing is sifting through the massive amount of data available to identify potential points of weakness, making it the most time-consuming type of penetration testing.
Penetration Testing Steps Reconnaissance – It is the process of collecting information before deploying any real attacks. Enumeration – It is the process of identifying the likely entry points into the target system. Vulnerability Analysis – is the process which defines, locates, and classifies the security leaks in a computer, network, or application. Exploitation – It is the process of enabling pen testers to compromise a system and expose to further attacks. Reporting – It is the process of documenting all the steps that led to a successful attack during the test.
Phases of a Penetration Test
What do you need to start a pentest journey? At the beginning you should start by reading about the subject. Using articles, books and guides, and videos on the subject , not just on pentesting but on general cybersecurity issues across the board. In summary, you will be expected to understand: ● Cybersecurity: Techniques, tricks, vectors, threat profiles and the anatomy of cyberattacks. ● Hardware and networks ● Operating systems, databases ● Applications, including web apps and APIs ● Data analysis: At least in terms of analyzing security issues and presenting solutions ● Programming languages including Python , Ruby , php & JS. ● Scripting languages including Shell scripting , Powershell , batch files.
Penetration Test Terms ● CVE The common vulnerabilities and exposures , (CVE) program has been cataloging software and firmware vulnerabilities for 18 years. ● A vulnerability is a weak point or a bug in a piece of software , hardware or operating system that leaves a system open and vulnerable to attacks and unauthorized access, The weakness could be simple as a weak password or complex as SQL Injection , Buffer Overflow (BOF). ● An exploit is a code that takes advantage of a software vulnerability or security flaw. It is written either by security researchers as a proof-of-concept (POC) or by malicious actors and attackers for use in their operations, Exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network or computer systems. ● A payload is a piece of code that executed through exploit. Have a look at the Metasploit Framework. It is simply a collection of exploits and payloads. Each exploit can be attached with various payloads like reverse or bind shells, the meterpreter shell etc. [Argument: The answer should be "What you do to the target after it is exploited".
Most Common Types of Cyber Attacks ● Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. ● Social Engineering. ● Man in The Middle Attack (MITM). ● Phishing and spear Attacks. ● Drive-by Attack. ● SQL Injection Attack. ● Cross-Site Scripting (XSS) Attack. ● Eavesdropping Attack. ● Malware Attacks.
Common Web Vulnerabilities ● SQL INJECTION: SQL Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the users data ,Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands and gives access to unauthorized data, The SQL command which when executed by web application can also expose the back-end database. ● Cross Site Scripting (XSS): XSS vulnerabilities target scripts embedded in a page that are executed on the client side i.e. user browser rather then at the server side. These flaws can occur when the application takes untrusted data and send it to the web browser without proper validation, the attackers can use XSS to execute malicious scripts on the users in this case victim browsers. Since the browser cannot know if the script is trusty or not, the script will be executed, and the attacker can hijack session cookies, deface websites, or redirect the user to an unwanted and malicious websites. ● Insecure Direct Object Reference: It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. The attacker can use this information to access other objects and can create a future attack to access the unauthorized data. ● Cross Site Request Forgery (CSRF): CSRF attack is an attack that occurs when a malicious website, email, or program causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated,a CSRF attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any other automatically included authentication information, to a vulnerable web application.
Common Network Attacks CDP Manipulation: CDP packets are enabled by default on Cisco switches and transmitted in a clear text which allows the attacker to analyze the packets and gain information about the network device, so the attacker can search for a known vulnerability and execute against this device. Telnet Enabled VTY: Telnet also transmits packets in clear text which can reveal to an attacker who’s sniffing the network , as well as SSH v1 which is also vulnerable and compromised. Mac Flooding: The attacker floods the Mac table with Mac Address more than the switch can store or handle , which makes the switch operating as a hub giving the attacker the opportunity to sniff all traffic on the segment. DHCP Spoofing: the attacker listens for DHCP requests and answers them , giving it’s IP address the default gateway for the clients , the attacker becomes a (MITM). ARP Spoofing: similar to dhcp spoofing but related to ARP Messages. VLAN Hopping: is when a station is able to access VLAN other than it’s own , this can be done trough one of the following: A- Switch Spoofing. B- 802.1q Double Tagging.
Common Pentest Tools ● Nmap: it’s not necessarily a pen-testing tool, it is a must-have tool for ethical hackers , sysadmin’s , network admin’s. This is a very popular tool that predominantly aids in understanding the characteristics of any target network, the characteristics include host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced. ● Nessus: is a scanner and it needs to be watched out for, It’s one of the most robust vulnerability identifier tools available. It specializes in compliance checks, Sensitive data searches, IPs scan, website scanning etc. and aids in finding the ‘weak-spots’. ● Acunetix: is a fully automated web vulnerability scanner that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS. ● Metasploit: This is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating a perfect framework for penetration testing. ● Wireshark: This is basically a network protocol analyzer ,popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems ● Burp-Suite: Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost effective.
Pentest roles and responsibilities ● Network and application tests to check the general security vulnerabilities across a network, the pentester will be involved in designing these tests or keeping existing ones up to date. You will be expected to know how to implement and apply pentesting tools ● Physical security tests such as checking for disaster hardening of servers to non-cyber threats (vandalism, climate impacts and so on) ● Security audits: This is a fundamental and ongoing aspect of the penetration tester’s role. You will be expected to assess the security of a given process, protocol or system. You will also need to write up reports of audits ● General security report writing and the use of metrics from tests to help develop security strategies ● Involvement in security team and security policy review: You will need to be able to communicate with your wider team and help with security policy review
Penetration Testing certificates Here is a list of the most common certificates in penetration Testing: ● EC-Council Licensed Penetration Tester (LPT) Master. ● EC-Council Certified Ethical Hacker (CEH). ● IACRB Certified Penetration Tester (CPT). ● Certified Expert Penetration Tester (CEPT). ● Offensive Security Certified Professional (OSCP). ● Certified Penetration Testing Engineer (CPTE). ● Certified Penetration Testing Consultant ( CPTC) ● GIAC Exploit Researcher and Advanced Penetration Tester (GXPN). ● Certified Powershell Hacker (CPSH). ● GIAC Web Application Penetration Tester (GWAPT). ● GIAC Penetration Tester (GPEN). ● Certified Information Systems Security Professional (CISSP). ● GIAC Certified Forensic Analyst. ● Certified Reverse Engineering Analyst.
References ● SANS: https://www.sans.org/ ● Trend Micro: https://www.trendmicro.com ● Infosec Institute: http://infosecinstitute.com/ ● Offensive Security: https://www.offensive-security.com/ ● Security Bloggers Network: https://securityboulevard.com/

More Related Content

PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PDF
Web Application Penetration Testing
byPriyanka Aash
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
PPTX
Introduction To Vulnerability Assessment & Penetration Testing
byRaghav Bisht
 
PDF
Penetration testing & Ethical Hacking
byS.E. CTS CERT-GOV-MD
 
PPT
Penetration Testing Basics
byRick Wanner
 
PPTX
What is Penetration Testing?
bybtpsec
 
PPTX
Pen Testing Explained
byRand W. Hirt
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Web Application Penetration Testing
byPriyanka Aash
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
Introduction To Vulnerability Assessment & Penetration Testing
byRaghav Bisht
 
Penetration testing & Ethical Hacking
byS.E. CTS CERT-GOV-MD
 
Penetration Testing Basics
byRick Wanner
 
What is Penetration Testing?
bybtpsec
 
Pen Testing Explained
byRand W. Hirt
 

What's hot

PDF
Introduction to Web Application Penetration Testing
byNetsparker
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PPTX
Vulnerability and Assessment Penetration Testing
byYvonne Marambanyika
 
PPTX
Penetration Testing
byRomSoft SRL
 
PPTX
OWASP Top 10 2021 What's New
byMichael Furman
 
PPT
Introduction To OWASP
byMarco Morana
 
PPT
Introduction to Web Application Penetration Testing
byAnurag Srivastava
 
PPTX
Penetration testing reporting and methodology
byRashad Aliyev
 
PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PDF
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
PPTX
Logging, monitoring and auditing
byPiyush Jain
 
PPTX
Penetration Testing for Cybersecurity Professionals
by211 Check
 
PPTX
Owasp top 10 vulnerabilities
byOWASP Delhi
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
PPTX
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
PPTX
Intrusion detection
byCAS
 
PPTX
Introduction to Snort
byHossein Yavari
 
PDF
SIEM Architecture
byNishanth Kumar Pathi
 
PPTX
Burpsuite 101
byn|u - The Open Security Community
 
PPTX
OWASP Top 10 2021 Presentation (Jul 2022)
byTzahiArabov
 
Introduction to Web Application Penetration Testing
byNetsparker
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
Vulnerability and Assessment Penetration Testing
byYvonne Marambanyika
 
Penetration Testing
byRomSoft SRL
 
OWASP Top 10 2021 What's New
byMichael Furman
 
Introduction To OWASP
byMarco Morana
 
Introduction to Web Application Penetration Testing
byAnurag Srivastava
 
Penetration testing reporting and methodology
byRashad Aliyev
 
Threat Intelligence
byDeepak Kumar (D3)
 
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
Logging, monitoring and auditing
byPiyush Jain
 
Penetration Testing for Cybersecurity Professionals
by211 Check
 
Owasp top 10 vulnerabilities
byOWASP Delhi
 
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
Intrusion detection
byCAS
 
Introduction to Snort
byHossein Yavari
 
SIEM Architecture
byNishanth Kumar Pathi
 
Burpsuite 101
byn|u - The Open Security Community
 
OWASP Top 10 2021 Presentation (Jul 2022)
byTzahiArabov
 

Similar to Introduction to penetration testing

PPTX
Introduction To Ethical Hacking
byRaghav Bisht
 
PDF
01_Metasploit - The Elixir of Network Security
byHarish Chaudhary
 
PDF
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
bySoftware Guru
 
PPTX
WTF is Penetration Testing v.2
byScott Sutherland
 
PPTX
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
PPTX
Penentration testing
bytahreemsaleem
 
PDF
Penetration Testing Services_ Comprehensive Guide 2024.pdf
byqualysectechnology98
 
PDF
IRJET- A Study on Penetration Testing using Metasploit Framework
byIRJET Journal
 
PDF
Penetration testing using metasploit framework
byPawanKesharwani
 
PPTX
Advice for CyberSecurity Penetration testing
bydp40991
 
PDF
DEF CON 23 - Wesley McGrew - i hunt penetration testers
byFelipe Prado
 
DOCX
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
bySyed Ubaid Ali Jafri
 
PPTX
Web application vulnerability assessment
byRavikumar Paghdal
 
PDF
PENETRATION TESTING LECTURE SLIDES start
byDorcask3
 
PPTX
Session Slide
byMuralidharan Radhakrishnan
 
PPTX
Phases of penetration testing
byAbdul Rahman
 
PDF
The Art of Penetration Testing in Cybersecurity.
byExpeed Software
 
PDF
Penetration Testing Services - Redfox Cyber Security
byKaran Patel
 
PDF
Pentest trends 2017
byJorge González
 
PDF
Web app penetration testing best methods tools used
byZoe Gilbert
 
Introduction To Ethical Hacking
byRaghav Bisht
 
01_Metasploit - The Elixir of Network Security
byHarish Chaudhary
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
bySoftware Guru
 
WTF is Penetration Testing v.2
byScott Sutherland
 
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
Penentration testing
bytahreemsaleem
 
Penetration Testing Services_ Comprehensive Guide 2024.pdf
byqualysectechnology98
 
IRJET- A Study on Penetration Testing using Metasploit Framework
byIRJET Journal
 
Penetration testing using metasploit framework
byPawanKesharwani
 
Advice for CyberSecurity Penetration testing
bydp40991
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
byFelipe Prado
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
bySyed Ubaid Ali Jafri
 
Web application vulnerability assessment
byRavikumar Paghdal
 
PENETRATION TESTING LECTURE SLIDES start
byDorcask3
 
Session Slide
byMuralidharan Radhakrishnan
 
Phases of penetration testing
byAbdul Rahman
 
The Art of Penetration Testing in Cybersecurity.
byExpeed Software
 
Penetration Testing Services - Redfox Cyber Security
byKaran Patel
 
Pentest trends 2017
byJorge González
 
Web app penetration testing best methods tools used
byZoe Gilbert
 

Recently uploaded

PDF
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PDF
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PDF
Fortinet Certified Fundamentals in Cybersecurity
byVICTOR MAESTRE RAMIREZ
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PDF
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PDF
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
Adapt.com Seed Fundraising Deck | The AI Computer for Business
byashley459565
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
Fortinet Certified Fundamentals in Cybersecurity
byVICTOR MAESTRE RAMIREZ
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 

Introduction to penetration testing

  • 1.
    Penetration Testing These Slidesto those who want to enter and learn about the world of Penetration Testing. Nezar Alazzabi 2019-09-25
  • 2.
    What is penetrationTesting Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit, Penetration testing can be automated with software applications or performed manually Either way. The process of pen testing involves gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. The main objective of penetration testing is to identify security weaknesses. Penetration testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.
  • 3.
    Types of PenetrationTesting BLACKBOX TESTING In a black-box testing assignment, the penetration tester is placed in the role of the average hacker, with no internal knowledge of the target system. Testers are not provided with any architecture diagrams or source code that is not publicly available. A black-box penetration test determines the vulnerabilities in a system that are exploitable from outside the network This means that black-box penetration testing relies on dynamic analysis of currently running programs and systems within the target network. A black-box penetration tester must be familiar with automated scanning tools and methodologies for manual penetration testing. Black-box penetration testers also need to be capable of creating their own map of a target network based on their observations since no such diagram is provided to them. WHITEBOX TESTING White-box testing goes by several different names, including clear-box, open-box, auxiliary and logic-driven testing. It falls on the opposite end of the spectrum from black-box testing and penetration testers are given full access to source code, architecture documentation and so forth. The main challenge with white-box testing is sifting through the massive amount of data available to identify potential points of weakness, making it the most time-consuming type of penetration testing.
  • 4.
    Penetration Testing Steps Reconnaissance –It is the process of collecting information before deploying any real attacks. Enumeration – It is the process of identifying the likely entry points into the target system. Vulnerability Analysis – is the process which defines, locates, and classifies the security leaks in a computer, network, or application. Exploitation – It is the process of enabling pen testers to compromise a system and expose to further attacks. Reporting – It is the process of documenting all the steps that led to a successful attack during the test.
  • 5.
  • 6.
    What do youneed to start a pentest journey? At the beginning you should start by reading about the subject. Using articles, books and guides, and videos on the subject , not just on pentesting but on general cybersecurity issues across the board. In summary, you will be expected to understand: ● Cybersecurity: Techniques, tricks, vectors, threat profiles and the anatomy of cyberattacks. ● Hardware and networks ● Operating systems, databases ● Applications, including web apps and APIs ● Data analysis: At least in terms of analyzing security issues and presenting solutions ● Programming languages including Python , Ruby , php & JS. ● Scripting languages including Shell scripting , Powershell , batch files.
  • 7.
    Penetration Test Terms ●CVE The common vulnerabilities and exposures , (CVE) program has been cataloging software and firmware vulnerabilities for 18 years. ● A vulnerability is a weak point or a bug in a piece of software , hardware or operating system that leaves a system open and vulnerable to attacks and unauthorized access, The weakness could be simple as a weak password or complex as SQL Injection , Buffer Overflow (BOF). ● An exploit is a code that takes advantage of a software vulnerability or security flaw. It is written either by security researchers as a proof-of-concept (POC) or by malicious actors and attackers for use in their operations, Exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network or computer systems. ● A payload is a piece of code that executed through exploit. Have a look at the Metasploit Framework. It is simply a collection of exploits and payloads. Each exploit can be attached with various payloads like reverse or bind shells, the meterpreter shell etc. [Argument: The answer should be "What you do to the target after it is exploited".
  • 8.
    Most Common Typesof Cyber Attacks ● Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. ● Social Engineering. ● Man in The Middle Attack (MITM). ● Phishing and spear Attacks. ● Drive-by Attack. ● SQL Injection Attack. ● Cross-Site Scripting (XSS) Attack. ● Eavesdropping Attack. ● Malware Attacks.
  • 9.
    Common Web Vulnerabilities ●SQL INJECTION: SQL Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the users data ,Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands and gives access to unauthorized data, The SQL command which when executed by web application can also expose the back-end database. ● Cross Site Scripting (XSS): XSS vulnerabilities target scripts embedded in a page that are executed on the client side i.e. user browser rather then at the server side. These flaws can occur when the application takes untrusted data and send it to the web browser without proper validation, the attackers can use XSS to execute malicious scripts on the users in this case victim browsers. Since the browser cannot know if the script is trusty or not, the script will be executed, and the attacker can hijack session cookies, deface websites, or redirect the user to an unwanted and malicious websites. ● Insecure Direct Object Reference: It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. The attacker can use this information to access other objects and can create a future attack to access the unauthorized data. ● Cross Site Request Forgery (CSRF): CSRF attack is an attack that occurs when a malicious website, email, or program causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated,a CSRF attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any other automatically included authentication information, to a vulnerable web application.
  • 10.
    Common Network Attacks CDPManipulation: CDP packets are enabled by default on Cisco switches and transmitted in a clear text which allows the attacker to analyze the packets and gain information about the network device, so the attacker can search for a known vulnerability and execute against this device. Telnet Enabled VTY: Telnet also transmits packets in clear text which can reveal to an attacker who’s sniffing the network , as well as SSH v1 which is also vulnerable and compromised. Mac Flooding: The attacker floods the Mac table with Mac Address more than the switch can store or handle , which makes the switch operating as a hub giving the attacker the opportunity to sniff all traffic on the segment. DHCP Spoofing: the attacker listens for DHCP requests and answers them , giving it’s IP address the default gateway for the clients , the attacker becomes a (MITM). ARP Spoofing: similar to dhcp spoofing but related to ARP Messages. VLAN Hopping: is when a station is able to access VLAN other than it’s own , this can be done trough one of the following: A- Switch Spoofing. B- 802.1q Double Tagging.
  • 11.
    Common Pentest Tools ●Nmap: it’s not necessarily a pen-testing tool, it is a must-have tool for ethical hackers , sysadmin’s , network admin’s. This is a very popular tool that predominantly aids in understanding the characteristics of any target network, the characteristics include host, services, OS, packet filters/firewalls etc. It works on most of the environments and is open sourced. ● Nessus: is a scanner and it needs to be watched out for, It’s one of the most robust vulnerability identifier tools available. It specializes in compliance checks, Sensitive data searches, IPs scan, website scanning etc. and aids in finding the ‘weak-spots’. ● Acunetix: is a fully automated web vulnerability scanner that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS. ● Metasploit: This is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating a perfect framework for penetration testing. ● Wireshark: This is basically a network protocol analyzer ,popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems ● Burp-Suite: Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost effective.
  • 12.
    Pentest roles andresponsibilities ● Network and application tests to check the general security vulnerabilities across a network, the pentester will be involved in designing these tests or keeping existing ones up to date. You will be expected to know how to implement and apply pentesting tools ● Physical security tests such as checking for disaster hardening of servers to non-cyber threats (vandalism, climate impacts and so on) ● Security audits: This is a fundamental and ongoing aspect of the penetration tester’s role. You will be expected to assess the security of a given process, protocol or system. You will also need to write up reports of audits ● General security report writing and the use of metrics from tests to help develop security strategies ● Involvement in security team and security policy review: You will need to be able to communicate with your wider team and help with security policy review
  • 13.
    Penetration Testing certificates Hereis a list of the most common certificates in penetration Testing: ● EC-Council Licensed Penetration Tester (LPT) Master. ● EC-Council Certified Ethical Hacker (CEH). ● IACRB Certified Penetration Tester (CPT). ● Certified Expert Penetration Tester (CEPT). ● Offensive Security Certified Professional (OSCP). ● Certified Penetration Testing Engineer (CPTE). ● Certified Penetration Testing Consultant ( CPTC) ● GIAC Exploit Researcher and Advanced Penetration Tester (GXPN). ● Certified Powershell Hacker (CPSH). ● GIAC Web Application Penetration Tester (GWAPT). ● GIAC Penetration Tester (GPEN). ● Certified Information Systems Security Professional (CISSP). ● GIAC Certified Forensic Analyst. ● Certified Reverse Engineering Analyst.
  • 14.
    References ● SANS: https://www.sans.org/ ●Trend Micro: https://www.trendmicro.com ● Infosec Institute: http://infosecinstitute.com/ ● Offensive Security: https://www.offensive-security.com/ ● Security Bloggers Network: https://securityboulevard.com/