The Backbone of IT Infrastructure Security
A penetration test commonly know as ethical hacking or a pen test, is an authorized simulated cyber attack on a particular computer system to evaluate the security of the system.
Penetration testing involves 6 basic phases.
Reconnaissance
The act of gathering important information on a target system. This information can be used to better attack the target. For example, open source search engines can be used to find data that can be used in a social engineering attack
Scanning
Uses technical tools to further the attacker’s knowledge of the system. For example, Nmap can be used to scan for open ports
Gaining Access
Using the data gathered in the reconnaissance and scanning phases, the attacker can use a payload to exploit the targeted system. For example, Metasploit can be used to automate attacks on known vulnerabilities
Maintaining Access
Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible
Covering Tracks
The attacker must clear any trace of compromising the victim system, any type of data gathered, log events, in order to remain anonymous
Reporting
Compilation of test results in a meaningful reports and recommendations to secure IT infra
Work Flow of Penetration Test
Pen test is carried out in proper flow to find out maximum loopholes and reconfirm same result through different test tools
Common Tools useful for Penetration Testing
Testing tools are the basis of any such tests, hacker or technology professional use various tools to check systems on various fronts
Metagoofil
Script Discovery
Recon
The Harvester
Burp Suit
DMITRI
