Penetration testing is the process of performing authorized exploitation of target systems (that fall in the engagement scope) to discover vulnerabilities in network and machine configuration within the length of the engagement.
Types
- Blackbox: pentesters are not given any information besides basic information such as domain or CIDR blocks
- Graybox: pentesters are given limited internal information
- Whitebox: pentesters are given complete access to all internal information (e.g., code) during the engagement
Basic Outline
Stages of a penetration test are detailed below:
- OSINT: look for publicly available information on the target
- enumeration: determine a set of hosts and available services for attack; has the utmost importance in ensuring the success of the next stage
- penetration: discover and take advantage of vulnerabilities to obtain access to a target machine; repeat to discover more attack vectors
- persistence: implant programs to maintain access to an attacked host
- host privilege escalation: discover and exploit local vulnerabilities to obtain high-privileged shell access; repeat to discover more attack vectors
- pivoting: use a compromised host as a base for attacking other hosts on the same network
- housekeeping / clean-up: clean up tracks, including programs, exploit scripts, log files, etc
Resources
- OWASP Top 10
- For an extensive documentation of pentesting methodology, see PTES.
- For web app testing, see OWASP ASVS & WSTG.
- For more methodologies, check out the old OWASP wiki.
- ISO/IEC 27001
- Advanced Penetration Testing (Georgia Weidman)
- Priv Esc Wiki for different platforms
- Hack The Box (YouTube: IppSec, John Hammond)
- Vuln Hub
- HackerOne Educational Resources