Penetration testing is the process of performing authorized exploitation of target systems (that fall in the engagement scope) to discover vulnerabilities in network and machine configuration within the length of the engagement.

Types

  • Blackbox: pentesters are not given any information besides basic information such as domain or CIDR blocks
  • Graybox: pentesters are given limited internal information
  • Whitebox: pentesters are given complete access to all internal information (e.g., code) during the engagement

Outline

  • OSINT: look for publicly available information on the target
  • enumeration: determine a set of hosts and available services for attack; has the utmost importance in ensuring the success of the next stage
  • penetration: discover and take advantage of vulnerabilities to obtain access to a target machine; repeat to discover more successful attack vectors
  • persistence: implant programs or forge credentials to maintain access to a compromised host
  • host privilege escalation: discover and exploit local vulnerabilities to obtain high-privileged access to the host; repeat to discover more attack vectors
  • pivoting: use a compromised host as a base for attacking other hosts on the same network (where you repeat all the steps above)
  • Housekeeping/Clean-up: clean up tracks, including programs, exploit scripts, log files, fake accounts, etc

Resources