Saturday, 7 January 2017

Ethical Hacking and Penetration Testing Methodology Overview

Reference: Ethical Hacking and Penetration with Kali Linux


There are number of steps that need to be followed to plan and implement a penetration project. We will explain each one in detail later in this book, however; summary of steps can be found below.

Formal Methodology

A good methodology provides structured framework to testing and procedure. Below are some notes which can be useful to implement your methodology.

  • Ensures you do not overlook venues of attack and possible vulnerabilities
  • Provides a comprehensive testing plan. You can use the below standards:
  • OSSTMM - Open Source Security Testing Methodology Manual
    • A widely used, peer-reviewed, methodology for performing security tests
  • NIST SP 800-42
    • Technical Guide to Information Security Testing and Assessment
  • TRAWG
    • TRAWG stands for Threat and Risk Assessment Working Guide
  • OCTAVE
    • Operationally Critical Threat, Asset, and Vulnerability Evaluation

Reconnaissance

This is the first step in penetration testing. The point is to gather as much as information about the Target Company, network, infrastructure or personnel as possible.

There are two different types of gathering information; active (calling, talking, visiting, etc.) and passive (finding information on websites, jobs advertisement, etc.)



Scanning

On this step networks are scanned to determine which hosts are live on network and what they do. There are multiple types of scans and tools available. Most popular ones are Nmap and Supercan.

The scans can easily be picked up by Intrusion Detection Systems, although; there are ways to avoid this with specific scans.



Service Enumeration (Fingerprinting)

This step follows the scanning step after determining which hosts are live. Tools will be used to discover what services hosts are running to determine vulnerabilities. Fingerprinting tools are often combined with scanners and we can get both reports at once.



Vulnerability Assessment

This step will be used to determine what vulnerabilities exist with an app or a service on a host. Tools in this step use known vulnerability databases and compare the responses from the target device with the database to find a match. The Targets are all popular Operating Systems and applications.

Nessus is the most popular assessment tool in this category which is an open source with a freeware edition.



Vulnerability Exploitation


At this stage vulnerabilities discovered in previous steps are exploited with known exploits or by developing new ones. Vulnerabilities are exploited to penetrate and gain access to systems.



Penetration and Access

This is the stage where hacking actually occurs. All previous stages are planning only and we will try to take control of the target at this step. Systems are penetrated based upon exploited vulnerabilities identified in previous steps.

Access to systems at various levels is attempted and tested. Metasploit framework is a popular tool in this category which will be explained later in this book.



Privilege Escalation and Owning the Box

The Goal at this stage is administrative access or access privilege information. Hacker may start as guest level of access or normal user and uses exploits to increase the privilege levels.

Remember Owning the box = Full Control



Evading Defences and Erasing Tracks


Hackers must evade defences like IDS, FW, IPS to penetrate and access the systems. They must avoid detection or penetration will be short-lived. Remember, most of the medium and large size organizations have detection mechanisms in place.

Erasing tracks, deleting log files, resetting permissions, hiding hacker tools on system with rootkits are some of the common steps in this category.



Maintaining and Expanding Access

Once penetration is complete, access must be maintained and expanded. Rootkits often used to keep access, hide the running processes and tools, along with backdoor accounts.


Access can be expanded to increase target and further penetration into network.

No comments:

Post a Comment