Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Pen testing

  1. #1
    Just burned his ISO
    Join Date
    May 2009
    Posts
    7

    Default Pen testing

    I was not sure where to put this topic as I cannot think precisely were it would go. For years I have been very interested in the 'defensive' side of information security and have been a staff member on a few of the Alliance of Security Analyst Professionals boards. However recently I have begun to become interested in offensive security and how people actually gain access to a system.

    Throughout my research I have noticed a few vulnerability scanners such as Nessus and GFI's LANguard. I was wondering as pen testers do you guys use this method then select a payload to exploit the vulnerability with or what would be your first step in pentesting a system? Please explain to me how you personally would go about testing, because everyone must have a testing regime.

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Even though everyone might have his own personal preferences, there is most likely always the same going on.

    Since you mentioned that you took part in the "defensive" part of information security you should know quite a bit about it.

    As a good start into penetration testing I'd recommend you this book.
    Tiocfaidh ár lá

  3. #3
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Quote Originally Posted by OuTLaW View Post
    what would be your first step in pentesting a system? Please explain to me how you personally would go about testing, because everyone must have a testing regime.
    First step is: get a permission - a written permisssion with the exact scope of the pentest. After that comes the biggest and most important part of pentesting: reconnaissance! Exploiting comes nearly at last and is not the central point in pentesting.
    Don't eat yellow snow :rolleyes:

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by OuTLaW View Post
    what would be your first step in pentesting a system? Please explain to me how you personally would go about testing, because everyone must have a testing regime.

    Here are several pen-testing methodologies that outline how one could go about the process.
    Keep in mind that a good pen-tester will pick and choose based on the scope of work to be done In other words no one is really better than the other.
    There are just preferences.
    http://www.isecom.org/osstmm/
    http://csrc.nist.gov/publications/PubsSPs.html
    http://www.cert.org/octave/
    Also for more info on the above see
    http://it.toolbox.com/blogs/security...dologies-17206
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by lupin View Post
    Actually thanks for that link. I saw it before and wanted to read it, but forgot where it was at.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by archangel.amael View Post
    Actually thanks for that link. I saw it before and wanted to read it, but forgot where it was at.
    Yes, its an interesting page. Perhaps a little too prescriptive for my tastes, but it at least gives a good structure for a test, plus lists of tools, example command lines, etc. Its good to know about even if you don't intend to strictly follow it.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Just burned his ISO
    Join Date
    May 2009
    Posts
    7

    Default

    Thank you everyone for your input, those are some very interesting links that I will be studying over the next few days.

    Since you mentioned that you took part in the "defensive" part of information security you should know quite a bit about it.
    Well from the defensive side of it stuff like stealthing ports, disabling NetBIOS, using the ISS lockdown tool, stopping unnecessary services, etc. I guess that would all be used in the reconnaissance part of pen testing. I just do not quite know how they could be exploited I guess.

    First step is: get a permission - a written permisssion with the exact scope of the pentest. After that comes the biggest and most important part of pentesting: reconnaissance! Exploiting comes nearly at last and is not the central point in pentesting.
    I plan to just test on my own test machines at the moment. I physically have another few old boxes and I might run some VMware machines.

    I know a few of you guys do this kind of thing in the industry. Is there any particular qualifications or skill sets people would look for, as I am guessing most of this work is contract?

    Thank you all for your time by the way, just I have a large number of questions

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by OuTLaW View Post

    I know a few of you guys do this kind of thing in the industry. Is there any particular qualifications or skill sets people would look for, as I am guessing most of this work is contract?
    Myself, I would base a decision more upon professional references from work already completed.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    Just burned his ISO
    Join Date
    May 2009
    Posts
    7

    Default

    Myself, I would base a decision more upon professional references from work already completed.
    From that I assume you would have to be taken on by a company to get into the industry then.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •