SG
Uploaded bySupriya G
PPTX, PDF1,160 views

Penetration testing overview

The document provides an overview of penetration testing, detailing its definition, types (black box, grey box, white box), and phases including information gathering, scanning, gaining access, maintaining access, and reporting. It emphasizes that penetration testing simulates attacks to assess the security of systems with permission from owners and utilizes various tools throughout the process. Key techniques highlighted include active and passive information gathering, scanning for vulnerabilities, and methods to maintain access and report findings.

Embed presentation

Downloaded 32 times
Supriya Golla Security Penetration tester Penetration Testing Overview
What Will be Covered? What is Penetration Testing? Penetration testing Types Penetration Testing Phases Demo on tools APT kill chain References
What is Penetration Testing? Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. A penetration test can help to determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses were defeated in the penetration test. Penetration testers use same skills and tactics as a hacker, but with permission from the system owner. Simply Penetration Testing is hacking with the permission from the system owner.
Penetration Testing Types Black Box Penetration Testing: • A type of testing in which the pen tester has little or no knowledge of the target. Grey Box Penetration Testing: • A form of testing where the knowledge given to the testing party is limited. White Box Penetration Testing: • A form of testing in which the information given to the tester is complete. This means that the pen tester is given all information about the target system.
Pre-Engagement Scope Testing Window Contact Information NDA agreement
Phases of Penetration Testing Information Gathering/Foot printing/ Reconnaissance Scanning/Enumeration Gaining Access Maintaining Access Reporting/Clearing logs
Information Gathering  Information Gathering/Foot printing/ Reconnaissance : Information Gathering is the act of gathering preliminary data or intelligence on your target. The data is gathered in order to better plan for your attack. Reconnaissance can be performed actively (meaning that you are directly touching the target) or passively (meaning that your recon is being performed through an intermediary). 1. Active Information Gathering 2. Passive Information Gathering Phases of Penetration Testing
Information Gathering  Active Information Gathering: Active information gathering involves contact between the pen tester and the actual target. Tools/Techniques: Ping Traceroute  Passive Information Gathering: Passive information gathering refers to gathering as much information as possible without establishing contact between the pen tester and the target about which you are collecting information. Tools/Techniques : Google hacking Third-party tools Phases of Penetration Testing
 Scanning/ Enumeration: Scanning is the process of finding system is alive, ports and vulnerability of the target. Penetration tester use tools to determine open ports and services presence of known weaknesses on the target system.  A good example would be the use of a vulnerability scanner on a target network. Tools/Techniques: Automated scanners(Nessus, Qualys, BurpSuite, IBM Appscan e.t.c) Lightweight tools(Netcat, Nmap e.t.c) Phases of Penetration Testing
Gaining Access  Gaining Access: Gaining access requires taking control of one or more network devices in order to either extract data from the target, or to use that device to then launch attacks on other targets. Tools/Techniques: Metasploit Brute forcing Phases of Penetration Testing
Maintaining access  Maintaining access: Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible. The attacker must remain stealthy in this phase, so as to not get caught while using the host environment. Tools/Techniques: Keyloggers Phases of Penetration Testing
Reporting/Clearin g logs:  Reporting/Clearing logs: Report the identified vulnerabilities to system owners. Propose the solutions to them to improve their security measures to protect against future attacks. The final phase of the attacker is covering their tracks. It is important that the attacker either manipulate or delete logs in order to avoid detection and more importantly prosecution. Phases of Penetration Testing
APT Kill chain:
Thank You!!!

More Related Content

PDF
Penetration Testing Guide
byBadawy Abd El-Aziz
 
PPTX
Network Penetration Testing
byMohammed Adam
 
PDF
penetration testing
byShitesh Sachan
 
PDF
Penetration Testing Execution Phases
byNasir Bhutta
 
PPTX
Pen Testing Explained
byRand W. Hirt
 
PPTX
What is Penetration Testing?
bybtpsec
 
PPTX
Penetration Testing for Cybersecurity Professionals
by211 Check
 
PPTX
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
Penetration Testing Guide
byBadawy Abd El-Aziz
 
Network Penetration Testing
byMohammed Adam
 
penetration testing
byShitesh Sachan
 
Penetration Testing Execution Phases
byNasir Bhutta
 
Pen Testing Explained
byRand W. Hirt
 
What is Penetration Testing?
bybtpsec
 
Penetration Testing for Cybersecurity Professionals
by211 Check
 
NETWORK PENETRATION TESTING
byEr Vivek Rana
 

What's hot

PPTX
Penetration testing reporting and methodology
byRashad Aliyev
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
PPTX
Introduction to penetration testing
byNezar Alazzabi
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
PDF
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
PPT
Application Security
byReggie Niccolo Santos
 
PPTX
Information security
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PPTX
Cyber Kill Chain.pptx
byVivek Chauhan
 
PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
PPTX
Network security
bySimranpreet Singh
 
PDF
Vulnerability Assessment and Penetration Testing Report
byRishabh Upadhyay
 
PPTX
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
PPTX
Reconnaissance
byn|u - The Open Security Community
 
PPTX
Penetration Testing
byRomSoft SRL
 
ODP
Ethical hacking ppt
byhimanshujoshi238
 
PPTX
Metasploit framwork
byDeepanshu Gajbhiye
 
PDF
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
PDF
Metaploit
byAjinkya Pathak
 
PDF
Penetration testing
byAmmar WK
 
PPTX
Security vulnerability
byA. Shamel
 
Penetration testing reporting and methodology
byRashad Aliyev
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
Introduction to penetration testing
byNezar Alazzabi
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
Application Security
byReggie Niccolo Santos
 
Information security
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Cyber Kill Chain.pptx
byVivek Chauhan
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
byReZa AdineH
 
Network security
bySimranpreet Singh
 
Vulnerability Assessment and Penetration Testing Report
byRishabh Upadhyay
 
Introduction To Exploitation & Metasploit
byRaghav Bisht
 
Reconnaissance
byn|u - The Open Security Community
 
Penetration Testing
byRomSoft SRL
 
Ethical hacking ppt
byhimanshujoshi238
 
Metasploit framwork
byDeepanshu Gajbhiye
 
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
Metaploit
byAjinkya Pathak
 
Penetration testing
byAmmar WK
 
Security vulnerability
byA. Shamel
 

Similar to Penetration testing overview

PDF
Information gath
byM.Syarifudin, ST, OSCP, OSWP
 
PDF
Itis pentest slides hyd
byRama krishna
 
PDF
An overview of network penetration testing
byeSAT Publishing House
 
PDF
The Art of Penetration Testing in Cybersecurity.
byExpeed Software
 
PPTX
Penentration testing
bytahreemsaleem
 
PDF
Vulnerability Assessment and Penetration Testing using Webkill
byijtsrd
 
PDF
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
byObika Gellineau
 
PDF
How to Conduct Penetration Testing for Websites.pptx.pdf
byRosy G
 
PDF
DTS Solution - Penetration Testing Services v1.0
byShah Sheikh
 
PPTX
Penetration testing in wireless network
byHadi Fadlallah
 
PPTX
Physical-Penetration-Presentation-Tina-Ellis.pptx
bydata68
 
PPTX
Web application Testing
byOWASP Foundation
 
PPT
Pentesting hygt frde education of engi.ppt
byasranausheenasra
 
PPTX
Phases of penetration testing
byAbdul Rahman
 
PDF
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
bySoftware Guru
 
PDF
Penetration testing using metasploit framework
byPawanKesharwani
 
PDF
IRJET- A Study on Penetration Testing using Metasploit Framework
byIRJET Journal
 
PDF
What is Penetration & Penetration test ?
byBhavin Shah
 
DOCX
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
bySyed Ubaid Ali Jafri
 
PDF
Security and Penetration Testing Overview
byQA InfoTech
 
Information gath
byM.Syarifudin, ST, OSCP, OSWP
 
Itis pentest slides hyd
byRama krishna
 
An overview of network penetration testing
byeSAT Publishing House
 
The Art of Penetration Testing in Cybersecurity.
byExpeed Software
 
Penentration testing
bytahreemsaleem
 
Vulnerability Assessment and Penetration Testing using Webkill
byijtsrd
 
Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation
byObika Gellineau
 
How to Conduct Penetration Testing for Websites.pptx.pdf
byRosy G
 
DTS Solution - Penetration Testing Services v1.0
byShah Sheikh
 
Penetration testing in wireless network
byHadi Fadlallah
 
Physical-Penetration-Presentation-Tina-Ellis.pptx
bydata68
 
Web application Testing
byOWASP Foundation
 
Pentesting hygt frde education of engi.ppt
byasranausheenasra
 
Phases of penetration testing
byAbdul Rahman
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
bySoftware Guru
 
Penetration testing using metasploit framework
byPawanKesharwani
 
IRJET- A Study on Penetration Testing using Metasploit Framework
byIRJET Journal
 
What is Penetration & Penetration test ?
byBhavin Shah
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
bySyed Ubaid Ali Jafri
 
Security and Penetration Testing Overview
byQA InfoTech
 

Recently uploaded

PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
final.pdf
byomarbishtawi04
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
apidays New York 2025 | AI in Application Security
byapidays
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
final.pdf
byomarbishtawi04
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 

Penetration testing overview

  • 1.
    Supriya Golla Security Penetrationtester Penetration Testing Overview
  • 2.
    What Will be Covered? Whatis Penetration Testing? Penetration testing Types Penetration Testing Phases Demo on tools APT kill chain References
  • 3.
    What is PenetrationTesting? Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. A penetration test can help to determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses were defeated in the penetration test. Penetration testers use same skills and tactics as a hacker, but with permission from the system owner. Simply Penetration Testing is hacking with the permission from the system owner.
  • 4.
    Penetration Testing Types BlackBox Penetration Testing: • A type of testing in which the pen tester has little or no knowledge of the target. Grey Box Penetration Testing: • A form of testing where the knowledge given to the testing party is limited. White Box Penetration Testing: • A form of testing in which the information given to the tester is complete. This means that the pen tester is given all information about the target system.
  • 5.
  • 6.
    Phases of Penetration Testing Information Gathering/Footprinting/ Reconnaissance Scanning/Enumeration Gaining Access Maintaining Access Reporting/Clearing logs
  • 7.
    Information Gathering  Information Gathering/Footprinting/ Reconnaissance : Information Gathering is the act of gathering preliminary data or intelligence on your target. The data is gathered in order to better plan for your attack. Reconnaissance can be performed actively (meaning that you are directly touching the target) or passively (meaning that your recon is being performed through an intermediary). 1. Active Information Gathering 2. Passive Information Gathering Phases of Penetration Testing
  • 8.
    Information Gathering  ActiveInformation Gathering: Active information gathering involves contact between the pen tester and the actual target. Tools/Techniques: Ping Traceroute  Passive Information Gathering: Passive information gathering refers to gathering as much information as possible without establishing contact between the pen tester and the target about which you are collecting information. Tools/Techniques : Google hacking Third-party tools Phases of Penetration Testing
  • 9.
     Scanning/ Enumeration: Scanningis the process of finding system is alive, ports and vulnerability of the target. Penetration tester use tools to determine open ports and services presence of known weaknesses on the target system.  A good example would be the use of a vulnerability scanner on a target network. Tools/Techniques: Automated scanners(Nessus, Qualys, BurpSuite, IBM Appscan e.t.c) Lightweight tools(Netcat, Nmap e.t.c) Phases of Penetration Testing
  • 10.
    Gaining Access  GainingAccess: Gaining access requires taking control of one or more network devices in order to either extract data from the target, or to use that device to then launch attacks on other targets. Tools/Techniques: Metasploit Brute forcing Phases of Penetration Testing
  • 11.
    Maintaining access  Maintainingaccess: Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible. The attacker must remain stealthy in this phase, so as to not get caught while using the host environment. Tools/Techniques: Keyloggers Phases of Penetration Testing
  • 12.
    Reporting/Clearin g logs:  Reporting/Clearinglogs: Report the identified vulnerabilities to system owners. Propose the solutions to them to improve their security measures to protect against future attacks. The final phase of the attacker is covering their tracks. It is important that the attacker either manipulate or delete logs in order to avoid detection and more importantly prosecution. Phases of Penetration Testing
  • 13.
  • 14.