om

l.c
CODENAME: Samurai Skills

ai
Course

gm
1@
Module 1: Solid Introduction to
89
Penetration Testing
y6

Ninja-Sec.com
br
 What is a Penetration Test?

om
A method of evaluating the security of a computer system or

l.c
network by simulating an attack from a malicious source that may

ai
involve active exploitation of security vulnerabilities. The process
involves an active analysis of the system for any potential

gm
vulnerabilities that may result from poor or improper system
configuration, known and/or unknown hardware or software flaws,
1@
or operational weaknesses in process or technical
countermeasures.
89

Wow This Is a Nice Big Statement, but how do we define a service

y6

out of it?
br
 Penetration Testing Services

om
Finding vulnerabilities in applications and protocols through custom
exploit development

l.c
A service where exploits and tools may need to be written on the fly
during the assessment.

ai
Identifying and exploiting code and business logic insecurities in web

gm
applications
Tricking someone into divulging sensitive information
1@
Testing the physical security protections of an organization
Cracking a network perimeter, exfiltration data and demonstrating
impact of successful penetrations.
89
Attempting to gain access to a system while evading security
monitoring capabilities
y6

Finding as many weaknesses in technical controls as quickly as possible

br

Simply validating findings identified during a vulnerability assessment

 One Current Approach to Definitions

om
We sometimes define a penetration tests by

l.c
the level of knowledge the tester will have of

ai
the infrastructure to be tested:

gm
White Box: Full prior knowledge
1@
Black Box: No knowledge
Grey Box or Crystal Box: Some variation in
89

between
y6
br
 Another Current Approach to Definitions

om
A somewhat better approach is to define a penetration tests
by the technology and/or activity:

l.c
ai
Network Services penetration test

gm
Wireless Security penetration test
Web Application penetration test
1@
Social Engineering penetration test
Physical penetration test
89
Client Side penetration test
y6

Mobile Application Penetration test

etc.
br
Community Wide Efforts for Improving Competency

om
National Board of Information Security

l.c
Examiners (NBISE)

ai
gm
Council for Registered Ethical Security Testers
(CREST) 1@
89
y6

Penetration Testing Execution Standard (PTES)

br
Penetration Testing Overall Process

om
Reconnaissance

l.c
Scanning

ai
Exploitation

gm
Reporting
1@
89
y6
br
 What Are Penetration Testing Goals ?

om
Independently assess a system from the viewpoint of a
malicious attacker, whether a malicious insider or an

l.c
uninformed outsider.

ai
gm
determining business impact from a successful attack.
Test information security detection and response
1@
capabilities in ways only an actual cyber-attack can.
Test a system with active exploitation tools and
89
techniques, validating both technical and non-technical
y6

vulnerabilities.
br
 What are Goals of this course?

om
we made our course to provide you with the
ability to conduct an effective hands on penetration

l.c
test

ai
we are focusing on medium level penetration test

gm
(NS|PT)
1@
we have another course that focusing on
Advanced level penetration test (NS|APT)
89

we have a dedicated online penetration testing

y6

labs that mimic REAL WORLD Penetration Testing

br

Scenarios
Vulnerability Assessment Vs. Penetration Testing

om
Both Are Different dont Mix!

l.c
Vulnerability Assessment : just find and report

ai
Vulnerabilities in a system network with out

gm
trying to exploit these vulnerabilities
1@
Penetration Testing : Finding and Exploiting these
89
vulnerabilities and take advantage of them to
going deeper on system or network and gain
y6

more power on system

br
 Vulnerability Vs. Exploit

om
Vulnerability is a flaw or weakness in a system

l.c
that an attacker can exploit it to gain more

ai
power on the system

gm
1@
Exploit is a piece of code or a technique that
can be used by an attacker to take advantage
89

of a vulnerability
y6
br
 Types of Vulnerabilities and Exploits

om
Vulnerabilities types :
Network Service Vulnerabilities

l.c
Web Application Vulnerabilities

ai
Mobile Application Vulnerabilities
Local Service Vulnerabilities

gm
System Vulnerabilities
Human Vulnerabilities
Physical Vulnerabilities1@
89
Exploits Types :
Remote Exploit
y6

Local Exploit
br

Dos Exploit
 Exploits and tools sources for Penetration Testers

om
http://www.exploit-db.com

l.c
http://www.securityfocus.com

ai
http://packetstormsecurity.org

gm
1@
89
y6
br
 Vulnerability Research Sources for Penetration Testers

om
us-cert.gov

l.c
cve.mitre.org

ai
secunia.com

gm
vupen.com
1@
89
y6
br
 Commercial Tools for Penetration Testers

om
Metasploit pro
NeXpose

l.c
SAINT

ai
IBM Rational Appscan

gm
Immunity canvas
Core impact 1@
Nessus professional feed

89
HP Web Inspect
Acunetix WVS
y6

And many others .

br
 Penetration Testing Methodologies

om
NIST 800-115 (Technical Guide for Information Security
Testing)

l.c
OSSTMM (Open Source Security Testing Methodology

ai
Manual)

gm
OWASP Testing Guide
1@
ISSAF (Information Systems Security Assessment
Framework)
89
Penetration Testing Framework
PTES (Penetration Testing Execution Standard)
y6
br
 Penetration Test Report

om
This is The most important thing in penetration
testing process

l.c
ai
We show managers and technical guys at

gm
company what vulnerabilities they have in either
their Network ,systems ,web apps , mobile apps ,
1@
wireless and how they can secure them with
detailed and clear explanation
89
y6

You can download and view a very good

br

penetration testing reports :

 Introduction : References -1

om
Vulnerability Types

l.c
http://nvd.nist.gov/cwe.cfm

ai
gm
Top Vulnerabilities

http://secunia.com/resources/reports/
1@
Exploit Availability Repositories
89

http://www.exploit-db.com/
y6

http://packetstormsecurity.org/
br

http://securityreason.com/
 Introduction : References -2

om
NIST 800-115: http://csrc.nist.gov/publications/nistpubs/800-
115/SP800-115.pdf

l.c
OSSTM: http://www.isecom.org/osstmm/
OWASP Testing Project:

ai
https://www.owasp.org/index.php/OWASP_Testing_Project

gm
ISSAF: http://www.oissg.org/issaf
Penetration Testing Framework:
1@
http://www.vulnerabilityassessment.co.uk/Penetration%20Tes
t.html
89
PTES: http://www.pentest-standard.org/index.php/Main_Page
Interesting discussion on the use of standards:
y6

http://resources.infosecinstitute.com/standards-for-
br

penetration-testing/
 Introduction : References -3

om
http://www.vulnerabilityassessment.co.uk/rep

l.c
ort%20template.html

ai
gm
Penetration test reports
1@
89
http://www.mediafire.com/?wl969qbtptzfp13
y6
br