What is Penetration Testing?

Penetration Testing or pentesting is the act of simulating an attack on infrastructure to determine the extent of damage or access to protected resources an attacker would have if they were to successfully find and exploit those vulnerabilites.

It is important to remember that pentesting goes beyond the scope of a vulnerability assessment of identifying where vulnerabilities exist in a system, but the actual exploitation of those vulnerabilities as well.

WHY DO We Need PenTesting?

Most successful attacks carried out on people and organizations are not zero day exploits or recently discovered vulnerabilities.

As our systems, applications and connectivity get more complex it becomes challenging to ensure that all factors have been considered.

Translation: Many of these attacks could have been avoided.

Pentesting allows organizations to find and fix those vulnerabilities before an attacker does.

"A pen tester is thorough in their work for the customer. Hackers just discover what is necessary to accomplish their goal."

Types of Pentests

Internal Pen Testing

External Pen Testing

Phases of Pentesting

1. Pre-Engagement

2. Information Gathering

3. Threat Modeling

4. Vulnerability Analysis

5. Exploitation

6. Post-Exploitation

7. Reporting

PRE-ENGAGEMENT

INFORMATION GATHERING

OSINT(Open Source Intelligence)

INTELLIGENCE GATHERING

Threat modeling

Threat modeling

VULNERABILITY ANALYSIS

EXPLOITATION

POST EXPLOITATION

reporting

5 PHASES OF A HACK

1. Reconnaissance

2. Scanning and Enumeration

3. Getting Access

4. Maintaining Access

5. Covering Tracks

RECONNAISSANCE

Scanning & Enumeration

Gaining acces

MAINTAINING ACCESS

COVERING TRACKS