TryHackMe: Pentesting Fundamentals
Key Takeaways :
Distinction of hackers by Hat:
The “good people/hacker”, who remain within the law and use their skills to benefit others. For example, a penetration tester performing an authorized engagement on a company.
These people use their skills to benefit others often; however, they do not respect/follow the law or ethical standards at all times. For example, someone taking down a scamming site.
Criminals and often seek to damage organizations or gain some form of financial benefit at the cost of others.
Rules of engagement: It is a doc created at the initial stages of penetration testing engagement. It has 3 main sections:
Permission: This section of the document gives explicit permission for the engagement to be carried out. This permission is essential to legally protect individuals and organisations for the activities they carry out.
Test Scope: This section of the document will annotate specific targets to which the engagement should apply. For example, the penetration test may only apply to certain servers or applications but not the entire network.
Rules: The rules section will define exactly the techniques that are permitted during the engagement. For example, the rules may specifically state that techniques such as phishing attacks are prohibited, but MITM (Man-in-the-Middle) attacks are okay.
You are given permission to perform a security audit on an organisation; what type of hacker would you be?
White Hat You attack an organisation and steal their data, what type of hacker would you be?
Black HatWhat document defines how a penetration testing engagement should be carried out?
Rules of engagement
Pentesting Methodology :
The steps a penetration tester takes during an engagement is known as Methodology.
- Information gathering — collecting as much information as possible about the target (OSINT, Research).
- Enumeration/ Scanning — Discovering applications and services running on the system.
- Exploitation — Leveraging vulnerabilities discovered on a system or application(exploit).
- Privilege Escalation — Once you have successfully exploited a system or application (known as a foothold), this stage is the attempt to expand your access to a system. You can escalate horizontally and vertically, where horizontally is accessing another account of the same permission group (i.e. another user), whereas vertically is that of another permission group (i.e. an administrator).
- Post Exploitation -
This stage involves a few sub-stages:
- What other hosts can be targeted (pivoting)
- What additional information can we gather from the host now that we are a privileged user
- Covering your tracks
- OSSTMM: The open source security testing methodology manual. It focuses on Telecommunications, Wired networks, wireless communication
- OWASP: Open Web Application Security Project — test security of web application and services
- NIST Cybersecurity Framework ( National Institute of Standards and Technology)- The framework provides guidelines on security controls & benchmarks for success for organisations from critical infrastructure (power plants, etc.) all through to commercial.
- NCSC CAF (National Cyber Security Centre Cyber Assessment Framework) — it has 14 principles. It focuses on
Data security System security Identity and access control Resiliency Monitoring Response and recovery planning
What stage of penetration testing involves using publicly available information?
Information GatheringIf you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name.
OSSTMMWhat framework focuses on the testing of web applications?
Black Box, White Box, Grey Box Penetration Testing
BBT — No knowledge. tester — regular user, no knowledge of programming is necessary.
GBT — Partial Knowledge — Most poplular for penetration testing — (BBT + WBT) — tester has limited knowledge of the internal components.
WBT — Full knowledge — usually done at software developer level who knows programming and application logic.
Black Hat These people are criminals and often seek to damage organisations or gain some form of financial benefit at the cost of others. For example, ransomware authors infect devices with malicious code and hold data for ransom.
You are asked to test an application but are not given access to its source code — what testing process is this?
Black BoxYou are asked to test a website, and you are given access to the source code — what testing process is this?