0% found this document useful (0 votes)

87 views14 pages

Penetration Testing: Edmund Whitehead Rayce West

Penetration testing involves evaluating an organization's security by attempting to exploit vulnerabilities from an attacker's perspective. It is comprised of reconnaissance, network scanning, vulnerability testing, and reporting. Reconnaissance gathers publicly available information. Scanning identifies live hosts and open ports. Vulnerability testing checks for known issues and attempts exploitation. Reporting documents the findings to provide recommendations. Regular penetration testing is recommended or required by certifications and compliance standards to audit security.

Uploaded by

Aditya ghadge

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

87 views14 pages

Penetration Testing: Edmund Whitehead Rayce West

Uploaded by

Aditya ghadge

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

You are on page 1/ 14

Penetration Testing

Edmund Whitehead
Rayce West
Introduction

- Definition of Penetration Testing

- Who needs Penetration Testing?
- Penetration Testing Viewpoints
- Phases of Penetration Testing
- Reconnaissance and Information Gathering
- Network Enumeration and Scanning
- Vulnerability Testing and Exploitation
- Reporting
- How to become a Penetration Tester
Penetration Testing

Definition of Penetration Testing:

- A penetration test or pentest is a test evaluating the strengths of all

security controls on the computer system. Penetration tests evaluate
procedural and operational controls as well as technological controls.
Who needs Penetration Testing

- Banks/Financial Institutions, Government Organizations, Online

Vendors, or any organization processing and storing private
information

- Most certifications require or recommend that penetration tests be

performed on a regular basis to ensure the security of the system.

- PCI Data Security Standard's Section 11.3 requires organizations to

perform application and penetration tests at least once a year.

- HIPAA Security Rule's section 8 of the Administrative Safeguards

requires security process audits, periodic vulnerability analysis and
penetration testing.
Penetration Testing Viewpoints

-External vs. Internal

Penetration Testing can be performed from the viewpoint of an

external attacker or a malicious employee.

- Overt vs. Covert

Penetration Testing can be performed with or without the

knowledge of the IT department of the company being tested.
Phases of Penetration Testing

- Reconnaissance and Information Gathering

- Network Enumeration and Scanning

- Vulnerability Testing and Exploitation

- Reporting
Reconnaissance and Information Gathering

Purpose: To discover as much information about a target (individual

or organization) as possible without actually making network contact
with said target.

Methods:
• Organization info discovery via WHOIS
• Google search
• Website browsing
WHOIS Results for www.clemson.edu

Domain Name: CLEMSON.EDU

Registrant:
Clemson University
340 Computer Ct
Anderson, SC 29625
UNITED STATES
Administrative Contact:
Network Operations Center
Clemson University
340 Computer Court
Anderson, SC 29625
UNITED STATES
(864) 656-4634
noc@clemson.edu
Technical Contact:
Mike S. Marshall
DNS Admin
Clemson University
Clemson University
340 Computer Court
Anderson, SC 29625
UNITED STATES
(864) 247-5381
hubcap@clemson.edu
Name Servers:
EXTNS1.CLEMSON.EDU 130.127.255.252
EXTNS2.CLEMSON.EDU 130.127.255.253
EXTNS3.CLEMSON.EDU 192.42.3.5
Network Enumeration and Scanning

Purpose: To discover existing networks owned by a target as well as

live hosts and services running on those hosts.

Methods:
• Scanning programs that identify live hosts, open ports, services,
and other info (Nmap, autoscan)
• DNS Querying
• Route analysis (traceroute)
NMap Results
nmap -sS 127.0.0.1
1
2
3 Starting Nmap 4.01 at 2006-07-06 17:23 BST
4 Interesting ports on chaos (127.0.0.1):
5 (The 1668 ports scanned but not shown below are in state: closed)
6 PORT STATE SERVICE
7 21/tcp open ftp
8 22/tcp open ssh
9 631/tcp open ipp
10 6000/tcp open X11
11
12 Nmap finished: 1 IP address (1 host up) scanned in 0.207
13 seconds
Vulnerability Testing and Exploitation

Purpose: To check hosts for known vulnerabilities and to see if they

are exploitable, as well as to assess the potential severity of said
vulnerabilities.

Methods:
• Remote vulnerability scanning (Nessus, OpenVAS)
• Active exploitation testing
o Login checking and bruteforcing
o Vulnerability exploitation (Metasploit, Core Impact)
o 0day and exploit discovery (Fuzzing, program analysis)
o Post exploitation techniques to assess severity (permission
levels, backdoors, rootkits, etc)
Reporting

Purpose: To organize and document information found during the

reconnaissance, network scanning, and vulnerability testing phases of
a pentest.

Methods:
• Documentation tools (Dradis)
o Organizes information by hosts, services, identified hazards
and risks, recommendations to fix problems
How to Become a Penetration Tester

- Stay up to date on recent developments in computer security,

reading newsletters and security reports are a good way to do this.

- Becoming proficient with C/C++ and a scripting language such as

PEARL

- Microsoft, Cisco, and Novell certifications

- Penetration Testing Certifications

- Certified Ethical Hacker (CEH)

-GIAC Certified Penetration Tester (GPEN)

Conclusion

Questions?

Penetration Testing Lab: Deliverables
No ratings yet
Penetration Testing Lab: Deliverables
54 pages
Penetration Testing
100% (1)
Penetration Testing
14 pages
Citrix Application Delivery Management Service
No ratings yet
Citrix Application Delivery Management Service
710 pages
Penetration Testing Print Version
No ratings yet
Penetration Testing Print Version
33 pages
SDN Control of Packet Over Optical Networks
100% (1)
SDN Control of Packet Over Optical Networks
26 pages
Screenshot 2024-03-17 at 8.06.23 AM
No ratings yet
Screenshot 2024-03-17 at 8.06.23 AM
93 pages
Ethical Hacking and Penetration Testing process
No ratings yet
Ethical Hacking and Penetration Testing process
5 pages
WM4
100% (1)
WM4
47 pages
Penetration Testing Book
No ratings yet
Penetration Testing Book
119 pages
3.2 Penetration Testing 1
No ratings yet
3.2 Penetration Testing 1
61 pages
OpenStack Victoria Lesson 3
No ratings yet
OpenStack Victoria Lesson 3
10 pages
Step by Step Guide To Q Replication
No ratings yet
Step by Step Guide To Q Replication
12 pages
Pannell Oam 1 1102
No ratings yet
Pannell Oam 1 1102
44 pages
Hardware Installation PDF
No ratings yet
Hardware Installation PDF
480 pages
PenTest Advanced Recon
No ratings yet
PenTest Advanced Recon
13 pages
Penetration Testing Lab PDF
No ratings yet
Penetration Testing Lab PDF
47 pages
penetration testing
No ratings yet
penetration testing
10 pages
Installing A Cisco IOS Software Image
No ratings yet
Installing A Cisco IOS Software Image
8 pages
Mcafee Endpoint Security Suites Comparison Chart: Quick Reference Card
No ratings yet
Mcafee Endpoint Security Suites Comparison Chart: Quick Reference Card
2 pages
Penetration Testing_Week 4 (1)
No ratings yet
Penetration Testing_Week 4 (1)
20 pages
Penetration Testing_Week 4
No ratings yet
Penetration Testing_Week 4
20 pages
Hacking Steps
No ratings yet
Hacking Steps
29 pages
AD Making A Security Difference With Group Managed Service Accounts
No ratings yet
AD Making A Security Difference With Group Managed Service Accounts
37 pages
Presnted by Ashwani (09IT16) Navneet (09IT48)
No ratings yet
Presnted by Ashwani (09IT16) Navneet (09IT48)
21 pages
S8VK-X Switch-Mode Power Supplies Communications Manual
No ratings yet
S8VK-X Switch-Mode Power Supplies Communications Manual
58 pages
Vuln+Assessment+and+Pen test
No ratings yet
Vuln+Assessment+and+Pen test
34 pages
Omprakash Gutte: Profile
No ratings yet
Omprakash Gutte: Profile
3 pages
Cyber Security
No ratings yet
Cyber Security
74 pages
PenTest 04 2014 Teaser
No ratings yet
PenTest 04 2014 Teaser
29 pages
Digital Forensic
No ratings yet
Digital Forensic
23 pages
Masterclass 3 - Ethical hacking
No ratings yet
Masterclass 3 - Ethical hacking
64 pages
Penetration Testing
No ratings yet
Penetration Testing
12 pages
pt0-002-05
No ratings yet
pt0-002-05
33 pages
FMCV KVM QSG
No ratings yet
FMCV KVM QSG
10 pages
Introduction To Penetration Testing
No ratings yet
Introduction To Penetration Testing
41 pages
Penetration Testing
No ratings yet
Penetration Testing
14 pages
Network Penetration Testing Course Online 1667723384
No ratings yet
Network Penetration Testing Course Online 1667723384
10 pages
Seminar Report Format
No ratings yet
Seminar Report Format
15 pages
Phishing Seminar
No ratings yet
Phishing Seminar
19 pages
Section A Ethical Hacking
No ratings yet
Section A Ethical Hacking
16 pages
IT20147228 AIAAssignment 02
No ratings yet
IT20147228 AIAAssignment 02
12 pages
Penetration Testing
No ratings yet
Penetration Testing
15 pages
Ethernet Interface Board Model: If1-Et01 User's Manual: Citizen Systems Japan Co., LTD
No ratings yet
Ethernet Interface Board Model: If1-Et01 User's Manual: Citizen Systems Japan Co., LTD
24 pages
Phishing Seminar
No ratings yet
Phishing Seminar
19 pages
6-DeepPacket(1)
No ratings yet
6-DeepPacket(1)
14 pages
GPEN GIAC Certified Penetration Tester All-in-One Exam Guide Raymond Nutting - Own the ebook now and start reading instantly
100% (1)
GPEN GIAC Certified Penetration Tester All-in-One Exam Guide Raymond Nutting - Own the ebook now and start reading instantly
57 pages
Java Socket Programming
100% (1)
Java Socket Programming
6 pages
Network Penetration
No ratings yet
Network Penetration
12 pages
2-Ethical Hacking Methodology
No ratings yet
2-Ethical Hacking Methodology
21 pages
StateoftheArtContent basedandHybridPhishingDetection
No ratings yet
StateoftheArtContent basedandHybridPhishingDetection
9 pages
BlueLink-CiscoVPN-Instructions-LevaSleep 1 (2) (1) (1) (1) (1)
No ratings yet
BlueLink-CiscoVPN-Instructions-LevaSleep 1 (2) (1) (1) (1) (1)
21 pages
Analyzing and Implementing of Network Penetration Testing
No ratings yet
Analyzing and Implementing of Network Penetration Testing
48 pages
1 - MSF-I - Introduction To MSF
No ratings yet
1 - MSF-I - Introduction To MSF
28 pages
Baicells Neutrino-224 Indoor LTE FDD Base Station Specification-V1.1
No ratings yet
Baicells Neutrino-224 Indoor LTE FDD Base Station Specification-V1.1
8 pages
Cybersecurity Threat Actors
No ratings yet
Cybersecurity Threat Actors
14 pages
Wireless - Merits & Demerits
No ratings yet
Wireless - Merits & Demerits
10 pages
Pt. Asia Networks Product Guide: Telco
No ratings yet
Pt. Asia Networks Product Guide: Telco
6 pages
Pentretion Testing
No ratings yet
Pentretion Testing
15 pages
Ethical Overview
No ratings yet
Ethical Overview
17 pages
Dayananda Sagar University: Special Topic-1 Report
No ratings yet
Dayananda Sagar University: Special Topic-1 Report
20 pages
DCP Monitoring Report With Header
No ratings yet
DCP Monitoring Report With Header
3 pages
CHapter - 4netwrok
No ratings yet
CHapter - 4netwrok
16 pages
UAD Plug-Ins Manual
No ratings yet
UAD Plug-Ins Manual
19 pages
Vpen Testing
No ratings yet
Vpen Testing
16 pages
Network Security and Penetration Testing
No ratings yet
Network Security and Penetration Testing
11 pages
Packet Tracer - Network Representation: Topology
No ratings yet
Packet Tracer - Network Representation: Topology
5 pages
Modicon Switch - TCSESM163F23F0
No ratings yet
Modicon Switch - TCSESM163F23F0
4 pages
MCC Final Exam Questions
No ratings yet
MCC Final Exam Questions
3 pages
Iintroduction To Penetration Testing
No ratings yet
Iintroduction To Penetration Testing
56 pages
PenetrationTesting Notes
No ratings yet
PenetrationTesting Notes
4 pages
CEH IT Security Penetration Testing Step
67% (3)
CEH IT Security Penetration Testing Step
42 pages
02 Reconnaissance Techniques
No ratings yet
02 Reconnaissance Techniques
34 pages
EX - No 8. Simulation of Distance Vector/Link State Routing
No ratings yet
EX - No 8. Simulation of Distance Vector/Link State Routing
2 pages
R03 I24b01 Cce XX XX SDW Ic 10323
No ratings yet
R03 I24b01 Cce XX XX SDW Ic 10323
1 page
Demystifying Penetration Testing
No ratings yet
Demystifying Penetration Testing
35 pages
Commercial - Leaflet - Wirnet - Istation (4pages) PDF
No ratings yet
Commercial - Leaflet - Wirnet - Istation (4pages) PDF
4 pages
Nokia AirScale BTS Data Sheet
No ratings yet
Nokia AirScale BTS Data Sheet
5 pages
Evolution of Carrier Aggregation (CA) For 5G: What's New in Mobile CA
No ratings yet
Evolution of Carrier Aggregation (CA) For 5G: What's New in Mobile CA
4 pages
Penetration Testing Presentation
50% (2)
Penetration Testing Presentation
15 pages
Basic Pentest Training
No ratings yet
Basic Pentest Training
67 pages
Ceh V6
No ratings yet
Ceh V6
19 pages
Vulnerability Assessment and Penetration Testing IJERTV10IS050111
No ratings yet
Vulnerability Assessment and Penetration Testing IJERTV10IS050111
6 pages
Vulnerability Exploitation and Defense: Penetration Testing (Lec # 4)
No ratings yet
Vulnerability Exploitation and Defense: Penetration Testing (Lec # 4)
4 pages
Certified Penetration Testing Professional CPTP
No ratings yet
Certified Penetration Testing Professional CPTP
12 pages
Study Guide - 300-215 CBRFIR: Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberSecurity Exam
From Everand
Study Guide - 300-215 CBRFIR: Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberSecurity Exam
Anand Vemula
No ratings yet
Cybersecurity Fundamentals Explained
From Everand
Cybersecurity Fundamentals Explained
Brian Mackay
No ratings yet
NIST Cybersecurity Framework (CSF) For Information Systems Security: NIST Cybersecurity Framework (CSF), #1
From Everand
NIST Cybersecurity Framework (CSF) For Information Systems Security: NIST Cybersecurity Framework (CSF), #1
Bruce Brown, CISSP
No ratings yet
Practical Pentesting Guide: Preparation for Certification and Ethical Hacking
From Everand
Practical Pentesting Guide: Preparation for Certification and Ethical Hacking
Evan Blake
No ratings yet
Mastering Kali Linux for Advanced Penetration Testing
From Everand
Mastering Kali Linux for Advanced Penetration Testing
Robert W. Beggs
4/5 (1)
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
From Everand
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
Devi Prasad
No ratings yet
Penetration Testing Fundamentals -1: Penetration Testing Study Guide To Breaking Into Systems
From Everand
Penetration Testing Fundamentals -1: Penetration Testing Study Guide To Breaking Into Systems
Devi Prasad
No ratings yet
Pentest+ Exam Pass: Penetration Testing And Vulnerability Management For Cybersecurity Professionals
From Everand
Pentest+ Exam Pass: Penetration Testing And Vulnerability Management For Cybersecurity Professionals
Rob Botwright
No ratings yet
Certified Ethical Hacker (CEH v12) Exam Preparation
From Everand
Certified Ethical Hacker (CEH v12) Exam Preparation
Georgio Daccache
No ratings yet
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
From Everand
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
alasdair gilchrist
3/5 (9)

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Penetration Testing: Edmund Whitehead Rayce West

Uploaded by

Penetration Testing: Edmund Whitehead Rayce West

Uploaded by

Penetration Testing

- Definition of Penetration Testing

Definition of Penetration Testing:

- A penetration test or pentest is a test evaluating the strengths of all

- Banks/Financial Institutions, Government Organizations, Online

- Most certifications require or recommend that penetration tests be

- PCI Data Security Standard's Section 11.3 requires organizations to

- HIPAA Security Rule's section 8 of the Administrative Safeguards

-External vs. Internal

Penetration Testing can be performed from the viewpoint of an

- Overt vs. Covert

Penetration Testing can be performed with or without the

- Reconnaissance and Information Gathering

- Network Enumeration and Scanning

- Vulnerability Testing and Exploitation

Purpose: To discover as much information about a target (individual

Domain Name: CLEMSON.EDU

Purpose: To discover existing networks owned by a target as well as

Purpose: To check hosts for known vulnerabilities and to see if they

Purpose: To organize and document information found during the

- Stay up to date on recent developments in computer security,

- Becoming proficient with C/C++ and a scripting language such as

- Microsoft, Cisco, and Novell certifications

- Penetration Testing Certifications

- Certified Ethical Hacker (CEH)

-GIAC Certified Penetration Tester (GPEN)

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.