Embedded Files
Pre-Engagement Interaction: Understand the scope of the test and permitted attacks, establish communication protocols, and ensure the necessary permissions are in place.
Reconnaissance: Gather as much pertinent information as possible by probing the following:
External Pentest: (everything must be in scope)-
Domain and subdomains
External IP address ranges
Systems - websites, emails, ticketing, ERPs, etc
Exposed data breaches
Internal Pentest: (everything must be in scope)-
IP address ranges, systems, devices, etc.
Exposed data breaches
Understand the network structure - gateways, DHCP servers, DNS servers, Gateways, VLANs, etc.
Identify the code operating systems and their respective versions
Identify open ports and the services running on them.
Cloud Pentests: (everything must be in scope)-
Domains and subdomains
IP address ranges
Exposed data bridges
Attempt to 'map' the flow of information between systems.
Scanning & Enumeration: Use tools and techniques to find potential entry points and weaknesses (e.g., open ports, services). Scanning involves sending requests to the identified systems, domains, and IPs to gather more detailed information, e.g. network topology, open ports, and running services (and will leave traces on the target's system), while Enumeration uses the information gathered during scanning to identify specific details about the system, e.g., operating system, applications, and user accounts. Several types of scans & enumerations can be performed:
Port Scans - which network services and ports are open/closed/filtered and available on a target system.
Version Scans - aim at identifying the version of software running on a target system; it can help identify known, exploitable vulnerabilities in the software.
OS Detection Scans - determines the type/version of Operating System as well as associated vulnerabilities.
Vulnerability Scans -Â identify known vulnerabilities in software and operating systems that are running on a target system; useful for identifying the potential impact of a vulnerability and the priority for remediation efforts.
Banner Grabbing - gather information about a target system by connecting to it and examining the banner that is returned; used to identify the OS, server (web, database, file, mail, etc), and application running on a target system.
Network Mapping - this technique is used to create a map of the target system's network, including systems & services running on the network.
User Enumeration - focuses on identifying valid usernames (and passwords) on a target system to target specific users, user accounts, or perform social engineering attacks.
Gaining Access (Exploitation): Focus on gaining unauthorised access to the target system or network and exploiting vulnerabilities discovered during the scanning stage. Tools such as password cracking and exploiting software vulnerabilities may be employed to access the target system.
Post-Compromise Scanning & Exploitation: Rescan the compromised systems for the following:
System information
Network configurations - additional networks, internal services and ports, WiFi passwords, etc.
Terminal history.
Shared folders.
Privilege Escalation: If the initial compromise did not grant system administrator or root access, focus on gaining high-level access within the system.
Maintaining Access (Red Teaming)*: After compromising the system (bypassing security measures), set up back doors or remote access tools and establish persistent access. The objective is to mimic the actions of an actual attacker and assess the potential impact of a successful compromise.
Covering Tracks (Red Teaming)*: Remove any traces of the compromise from the target system or network. The goal is to ensure that the ethical hacking activity remains undetected, leaving no evidence of the penetration testing activity behind.
Reporting: Generate a report for the above phases - IP addresses, open ports, and services, weak passwords, exposed data breaches, application and network vulnerabilities, privilege escalation, system configurations, etc.
Page updated
Google Sites
Report abuse