Download presentation
Presentation is loading. Please wait.
Published byElijah Long Modified over 9 years ago
1
Performing a Penetration Test
2
Penetration Tester Attempts to reveal potential consequences of a real attack Security Audit / Vulnerability Assessment Scan IP networks / hosts for weaknesses Do not try to gain access Penetration (Pen) test Try to gain access
3
Two types External Uses publicly available information Conduct network scanning and enumeration Run exploits from outside the perimeter network Internal Performed from within the organization Categories of knowledge Black-box / zero-knowledge Gray-box / partial-knowledge White-box / complete-knowledge
4
Phase 1: Preattack Phase Reconnaissance / data gathering Phase 2: Attack Phase Penetrating the Perimeter Acquiring the Target Escalating Privileges Executing, Implanting, and Retracing Phase 3: Postattack Phase Restore the system / clear logs / leave no trace
5
Phase 3: Postattack Phase Remove all files uploaded onto the system Cleaning all registry entries Remove vulnerabilities created Reversing all file and setting manipulations Reversing all changes in privileges and user settings Removing all tools & exploits from the tested systems Restoring the network to the pretest stage Documenting & capturing all logs Analyzing results and making presentations
6
Signed documents include Scope of work Nondisclosure agreement Liability release
7
Nessus LFI LANguard SARA MBSA Metasploit Framework
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.