Pen testing
I was not sure where to put this topic as I cannot think precisely were it would go. For years I have been very interested in the 'defensive' side of information security and have been a staff member on a few of the Alliance of Security Analyst Professionals boards. However recently I have begun to become interested in offensive security and how people actually gain access to a system.
Throughout my research I have noticed a few vulnerability scanners such as Nessus and GFI's LANguard. I was wondering as pen testers do you guys use this method then select a payload to exploit the vulnerability with or what would be your first step in pentesting a system? Please explain to me how you personally would go about testing, because everyone must have a testing regime.
Even though everyone might have his own personal preferences, there is most likely always the same going on.
Since you mentioned that you took part in the "defensive" part of information security you should know quite a bit about it.
As a good start into penetration testing I'd recommend you this book.
Tiocfaidh ár lá
First step is: get a permission - a written permisssion with the exact scope of the pentest. After that comes the biggest and most important part of pentesting: reconnaissance! Exploiting comes nearly at last and is not the central point in pentesting.Originally Posted by OuTLaW
Don't eat yellow snow :rolleyes:
Here are several pen-testing methodologies that outline how one could go about the process.
Keep in mind that a good pen-tester will pick and choose based on the scope of work to be done In other words no one is really better than the other.
There are just preferences.
http://www.isecom.org/osstmm/
http://csrc.nist.gov/publications/PubsSPs.html
http://www.cert.org/octave/
Also for more info on the above see
http://it.toolbox.com/blogs/security...dologies-17206
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Actually thanks for that link. I saw it before and wanted to read it, but forgot where it was at.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Yes, its an interesting page. Perhaps a little too prescriptive for my tastes, but it at least gives a good structure for a test, plus lists of tools, example command lines, etc. Its good to know about even if you don't intend to strictly follow it.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Thank you everyone for your input, those are some very interesting links that I will be studying over the next few days.
Well from the defensive side of it stuff like stealthing ports, disabling NetBIOS, using the ISS lockdown tool, stopping unnecessary services, etc. I guess that would all be used in the reconnaissance part of pen testing. I just do not quite know how they could be exploited I guess.Since you mentioned that you took part in the "defensive" part of information security you should know quite a bit about it.
I plan to just test on my own test machines at the moment. I physically have another few old boxes and I might run some VMware machines.First step is: get a permission - a written permisssion with the exact scope of the pentest. After that comes the biggest and most important part of pentesting: reconnaissance! Exploiting comes nearly at last and is not the central point in pentesting.
I know a few of you guys do this kind of thing in the industry. Is there any particular qualifications or skill sets people would look for, as I am guessing most of this work is contract?
Thank you all for your time by the way, just I have a large number of questions
Myself, I would base a decision more upon professional references from work already completed.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
From that I assume you would have to be taken on by a company to get into the industry then.Myself, I would base a decision more upon professional references from work already completed.
Posting Permissions
