Cyber Security

Uploaded by

Jepri Yanta Surbakti

0% found this document useful (0 votes)

49 views16 pages

Cyber Security

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Cyber Security

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

49 views16 pages

Cyber Security

Uploaded by

Jepri Yanta Surbakti

Cyber Security

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 16

Search inside document

Penetration Testing

Ravi Dharmawan
12/8/2020
Importance of Cyber Security in Industry
1. Cyber attack can happen anytime and anywhere
2. A lot of data breach happened.
3. When a company suﬀers data breach, it will takes time to recover company
reputation.
Cyber Security Role in Industry
1. Oﬀensive Security (Red Team)
○ Infosec team who focuses to do penetration testing in company and report potential vulnerabilities
to stakeholder.
2. Defensive Security (Blue Team)
○ Infosec team who focuses to build good defensive infrastructure, incident response, digital forensic.
3. Security Architect
○ Infosec team who focuses to build good security architecture.
Penetration Testing
Penetration testing is a step to stimulate attack in company. The goals of penetration
testing is to discover potential vulnerability in company’s system. Steps of penetration
testing are

1. Information Gathering
2. Vulnerability Assesment
3. Exploitation
4. Privilege Escalation
5. Maintaining Access
6. Reporting
Information Gathering
Information Gathering is a step of penetration testing which purposes to ﬁnd out as
much information as possible about target which will be attacked. There are 2 type of
information gathering

1. Passive Information Gathering (GHDB, SocialSearcher etc)

2. Active Information Gathering (port scanning, fuzzing etc)
Information Gathering : Nmap
Vulnerability Assesment
Vulnerability Assesment is a step of penetration testing which purposes to discover
vulnerability in target. This is crucial step for penetration testing. There are 2 type of
Vulnerability Assesment

1. Automatic Vulnerability Assesment (Nessus, nmap)

2. Manual Vulnerability Assesment (By send request and analyze packet response)
Vulnerability Assesment : Nessus
Vulnerability Assesment : Nmap
Exploitation
Exploitation is a step of penetration testing to exploit the discovered vulnerability. The
step of exploitation is based on the discovered vulnerability. If the system is vulnerable
against SQL Injection, the exploitation step is do SQL Injection.

1. Automatic Exploitation (sqlmap, metasploit etc)

2. Manual Exploitation
Exploitation : sqlmap
Exploitation : MS17-010
Privilege Escalation
Once attacker got initial access on target, he will try to escalate his privilege to root
user if the target is Linux or NT AUTHORITY\SYSTEM if the target is Windows.
Example of privilege escalation exploit is DirtyCow (CVE-2016-5195
https://dirtycow.ninja/ ) which will escalate attacker to root user if the kernel is
vulnerable.
Privilege Escalation : Dirty Cow Exploit (CVE-2016-5195)
Maintaining Access
Maintaining Access is a step to put backdoor in target system which purposes to
maintain access although the system administrator has ﬁx the vulnerability.
Reporting
Reporting is important step to explain vulnerability in details and risk of vulnerability.
The report of penetration testing will be send to stakeholder in order to notice the
vulnerability and convince the responsible team to ﬁx the vulnerability.

Vulnerability Assessment and Penetration Testing
Document6 pages
Vulnerability Assessment and Penetration Testing
seventhsensegroup
100% (1)
Vulnerability Assessment and Penetration Testing PDF
Document6 pages
Vulnerability Assessment and Penetration Testing PDF
proftechitspecialist
No ratings yet
EasyChair Preprint 11719
Document16 pages
EasyChair Preprint 11719
phbck.up.kb
No ratings yet
It20153540 - Aia 2
Document15 pages
It20153540 - Aia 2
wedamew444
No ratings yet
Interview Preparation Part-3
Document17 pages
Interview Preparation Part-3
Abdul Mateen Ukkund
100% (1)
Bibek Chaudhary
Document3 pages
Bibek Chaudhary
BIBEK CHAUDHARY BSc (Hons) in Networking and IT Security
No ratings yet
Penetration Testing
Document28 pages
Penetration Testing
Nour Bush
No ratings yet
Penetration Testing
Document4 pages
Penetration Testing
sipra
No ratings yet
Vulnerability Assessment Report: Assignment-2
Document14 pages
Vulnerability Assessment Report: Assignment-2
venkatesh reddy
No ratings yet
Metasploit Framework by Achilli3st
Document81 pages
Metasploit Framework by Achilli3st
Savan Patel
100% (1)
Penetration Testing: Analyzing The Security of The Network by Hacker's Mind
Document5 pages
Penetration Testing: Analyzing The Security of The Network by Hacker's Mind
Ofrates Siringan
No ratings yet
Metasploit - Framework-A Quick Reference PDF
Document81 pages
Metasploit - Framework-A Quick Reference PDF
savanpatel16
No ratings yet
Penetration Testing: A Roadmap To Network Security
Document4 pages
Penetration Testing: A Roadmap To Network Security
Yoni sudarman
No ratings yet
Red Teaming Document
Document8 pages
Red Teaming Document
Senthil Nathan
No ratings yet
Zero-Day Attacks and Defence Tools: Saththiyan Satchithanantham
Document8 pages
Zero-Day Attacks and Defence Tools: Saththiyan Satchithanantham
sathi
No ratings yet
9 Module 5 07 07 2023
Document90 pages
9 Module 5 07 07 2023
Shreya Rajpal
No ratings yet
Irjet V6i893
Document5 pages
Irjet V6i893
Ofrates Siringan
No ratings yet
Final Print
Document117 pages
Final Print
Chandan Srivastava
No ratings yet
108 Gbram
Document11 pages
108 Gbram
Rohit Ghanekar
No ratings yet
Ethical Hacking
Document109 pages
Ethical Hacking
Rameswar Reddy
No ratings yet
Web Penetration Testing Using Nessus and Metasploit Tool - T01634126129
Document5 pages
Web Penetration Testing Using Nessus and Metasploit Tool - T01634126129
Yusuf Kılıç
No ratings yet
VAPT Interview Questions and Answers
Document110 pages
VAPT Interview Questions and Answers
tanmay
75% (4)
Report
Document12 pages
Report
pkpsc
No ratings yet
Penetration Test Process and Types Facts
Document5 pages
Penetration Test Process and Types Facts
Kimberly Pineda
No ratings yet
Advanced Penetration Testing Glossary 2
Document4 pages
Advanced Penetration Testing Glossary 2
Hosny ipsec
No ratings yet
Advanced Penetration Testing Glossary 2
Document4 pages
Advanced Penetration Testing Glossary 2
Jhon Na
No ratings yet
Intrusion Detection Systems: 2.2 Description
Document10 pages
Intrusion Detection Systems: 2.2 Description
neehajoseph
No ratings yet
Pentester and Network Security For A Secure Modern Society
Document8 pages
Pentester and Network Security For A Secure Modern Society
Ofrates Siringan
No ratings yet
Web Security Audit Basics
Document20 pages
Web Security Audit Basics
rzpjck6xrm
No ratings yet
Intrusion Detection Using Neural Networks and Support Vector Machines
Document6 pages
Intrusion Detection Using Neural Networks and Support Vector Machines
SalmaanCadeXaaji
No ratings yet
Security Testing FAQ
Document25 pages
Security Testing FAQ
joseph
No ratings yet
Cyber Security1
Document6 pages
Cyber Security1
mnkanyi24
No ratings yet
Lab 5: How To Identify Risks, Threats & Vulnerabilities in An It Infrastructure Using Zenmap Gui (Nmap) & Nessus® Reports
Document3 pages
Lab 5: How To Identify Risks, Threats & Vulnerabilities in An It Infrastructure Using Zenmap Gui (Nmap) & Nessus® Reports
Bí Rẩy
No ratings yet
Research Plan
Document6 pages
Research Plan
Prince Opoku
No ratings yet
03 - CO1-ethical Hacking Terminologies
Document53 pages
03 - CO1-ethical Hacking Terminologies
Woy
No ratings yet
Chapter 3: Tools and Methods Used in Cybercrime
Document34 pages
Chapter 3: Tools and Methods Used in Cybercrime
Narasimha Murthy
No ratings yet
Android Hacking in Kali Linux Using Metasploit Fra
Document8 pages
Android Hacking in Kali Linux Using Metasploit Fra
malikale
No ratings yet
Pen Testing Basics
Document153 pages
Pen Testing Basics
Christopher C. Cheng
100% (2)
Penetration Testing Explained
Document23 pages
Penetration Testing Explained
Tarun Sahu
No ratings yet
Lab #5
Document3 pages
Lab #5
Trần Mỹ Linh
No ratings yet
IIDS
Document22 pages
IIDS
sammedkurde
No ratings yet
Analysis and Evaluation Snort, Bro, and Suricata As Intrusion Detection System Based On Linux Server
Document9 pages
Analysis and Evaluation Snort, Bro, and Suricata As Intrusion Detection System Based On Linux Server
Ayoub Mosbah
No ratings yet
Penetration Testing On Metasploitable 2: WWW - Ijecs.in
Document9 pages
Penetration Testing On Metasploitable 2: WWW - Ijecs.in
meylizasrg
No ratings yet
Penetration Testing
Document3 pages
Penetration Testing
neelima_sriram
No ratings yet
An Enhanced Framework For Identification and Risks Assessment of Zero-Day Vulnerabilities
Document10 pages
An Enhanced Framework For Identification and Risks Assessment of Zero-Day Vulnerabilities
Sharda Shelke
No ratings yet
(OLD) WP - Protecting Against Scanners and Crackers
Document10 pages
(OLD) WP - Protecting Against Scanners and Crackers
ichilov
No ratings yet
1 Penetration Testing in IoT Network
Document7 pages
1 Penetration Testing in IoT Network
Jaroos Rian
No ratings yet
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
From Everand
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
alasdair gilchrist
Rating: 3 out of 5 stars
3/5 (9)
Introductiontoexploitationmetasploit 190312092949
Document21 pages
Introductiontoexploitationmetasploit 190312092949
muna cliff
No ratings yet
CITS1003 6 Vulnerabilities
Document34 pages
CITS1003 6 Vulnerabilities
Phyo Min
No ratings yet
Anja Both Intrusion Detection 1 Running Head: Intrusion Detection
Document5 pages
Anja Both Intrusion Detection 1 Running Head: Intrusion Detection
Anja Both
No ratings yet
MCA Cyber Security Concepts and Practices 15
Document10 pages
MCA Cyber Security Concepts and Practices 15
gs menon
No ratings yet
Summary Web Security
Document5 pages
Summary Web Security
zupeerapdilahi
No ratings yet
Ccna Security Ch1 Networking Security Concepts
Document10 pages
Ccna Security Ch1 Networking Security Concepts
florinn81
No ratings yet
Penetration Testing
Document2 pages
Penetration Testing
Sakshi Patel
No ratings yet
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
From Everand
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
Devi Prasad
No ratings yet
Course of Cybersecurity Phase 1 - 11
Document55 pages
Course of Cybersecurity Phase 1 - 11
cindytiarudianto
No ratings yet
Network Threat Characterization in Multiple Intrusion Perspectives Using Data Mining Technique
Document12 pages
Network Threat Characterization in Multiple Intrusion Perspectives Using Data Mining Technique
AIRCC - IJNSA
No ratings yet
APT Detection System Using Honeypots
Document5 pages
APT Detection System Using Honeypots
whay3
No ratings yet
VMWCB Report Detecting and Responding To Zero Day Attacks
Document14 pages
VMWCB Report Detecting and Responding To Zero Day Attacks
hamza Mcl
No ratings yet
Class 1
Document19 pages
Class 1
Rahul Bharadwaj
No ratings yet
Safety Data Sheet: Armohib Ci-28
Document21 pages
Safety Data Sheet: Armohib Ci-28
SJHEIK Abdullah
No ratings yet
Technical Report Documentation Page
Document176 pages
Technical Report Documentation Page
pacotao123
No ratings yet
Guide Book - Investing and Doing Business in HCMC Vietnam
Document66 pages
Guide Book - Investing and Doing Business in HCMC Vietnam
emvapho
No ratings yet
Ips M PM 330
Document25 pages
Ips M PM 330
Deborah Malanum
No ratings yet
Evolution of Human Resource Management
Document13 pages
Evolution of Human Resource Management
msk_1407
No ratings yet
LGC Cases
Document97 pages
LGC Cases
Jeshe Balsomo
No ratings yet
Citigroup - A Case Study in Managerial and Regulatory Failures
Document70 pages
Citigroup - A Case Study in Managerial and Regulatory Failures
Julius Natividad
No ratings yet
American Bar Association American Bar Association Journal
Document6 pages
American Bar Association American Bar Association Journal
Karishma Rajput
No ratings yet
PDFs/Sprinker NFPA 13/plan Review Sprinkler Checklist 13
Document5 pages
PDFs/Sprinker NFPA 13/plan Review Sprinkler Checklist 13
isbtanwir
100% (1)
CF34-10E LM June 09 Print PDF
Document301 pages
CF34-10E LM June 09 Print PDF
Piipe7
80% (5)
Afirstlook PPT 11 22
Document20 pages
Afirstlook PPT 11 22
nickpho21
No ratings yet
Project On Spices
Document96 pages
Project On Spices
amitmanisha
50% (6)
(Your Business Name Here) - Safe Work Procedure Metal Lathe
Document1 page
(Your Business Name Here) - Safe Work Procedure Metal Lathe
Safety Dept
No ratings yet
Bc-6800plus Series Auto Hematology Analyzer Operator's Manual
Document322 pages
Bc-6800plus Series Auto Hematology Analyzer Operator's Manual
Henock Melesse
No ratings yet
Corp
Document14 pages
Corp
IELTS
No ratings yet
Project On Teaining Development
Document88 pages
Project On Teaining Development
surya annamdevula
No ratings yet
Intelligent Traffic Signal Control System Using Embedded System
Document11 pages
Intelligent Traffic Signal Control System Using Embedded System
Alexander Decker
No ratings yet
Service Manual: Super Audio CD/DVD Receiver
Document88 pages
Service Manual: Super Audio CD/DVD Receiver
alvhann_1
No ratings yet
File System Implementation
Document35 pages
File System Implementation
Sát Thủ Vô Tình
No ratings yet
Illustrated Microsoft Office 365 and Office 2016 Projects Loose Leaf Version 1st Edition Cram Solutions Manual Download
Document10 pages
Illustrated Microsoft Office 365 and Office 2016 Projects Loose Leaf Version 1st Edition Cram Solutions Manual Download
Jan Neeley
100% (22)
The Edge of Disaster - Stephen Flynn
Document6 pages
The Edge of Disaster - Stephen Flynn
Francisco Jose Torres Medina
No ratings yet
Human Behavior in Organization
Document85 pages
Human Behavior in Organization
Neric Ico Magleo
100% (1)
RRB Alp Tech. CBT 2 Master Question Paper Electrician Trade Date 22 1 2019 Shift 1
Document58 pages
RRB Alp Tech. CBT 2 Master Question Paper Electrician Trade Date 22 1 2019 Shift 1
arpitrock
No ratings yet
Easa Ad 2022-0026 1
Document12 pages
Easa Ad 2022-0026 1
Syed Bellary
No ratings yet
LFT - Development Status and Perspectives: Prof. DR Michael Schemme
Document7 pages
LFT - Development Status and Perspectives: Prof. DR Michael Schemme
abiliovieira
No ratings yet
CPS Fitting Stations by County - 22 - 0817
Document33 pages
CPS Fitting Stations by County - 22 - 0817
Melissa R.
No ratings yet
Studienplan Medical Engineering and Ehealth PDF
Document1 page
Studienplan Medical Engineering and Ehealth PDF
luismendoza1
No ratings yet
LT32567 PDF
Document4 pages
LT32567 PDF
Nikolay
No ratings yet
Enidine Wire Rope Isolators
Document52 pages
Enidine Wire Rope Isolators
Joca
No ratings yet