Penetration testing – detecting and exploiting vulnerabilities Training Course

How to Test Network and Service Security

• Penetration Testing – what is it?
• Penetration testing vs. audit – similarities, differences, and what is appropriate?
• Practical challenges – what can go wrong?
• Scope of tests – what do we want to check?
• Sources of best practices and recommendations.

Penetration Testing – Reconnaissance

• OSINT – obtaining information from public sources.
• Passive and active methods of network traffic analysis.
• Identification of services and network topology.
• Security systems (firewalls, IPS/IDS systems, WAF, etc.) and their impact on testing.

Penetration Testing – Vulnerability Hunting

• Identifying systems and their versions.
• Finding vulnerabilities in systems, infrastructure, and applications.
• Vulnerability assessment – i.e., "what will it hurt?"
• Sources of exploits and their customization possibilities.

Penetration Testing – Attack and Control Acquisition

• Types of attacks – how are they conducted and what are the outcomes?
• Attacks using remote and local exploits.
• Attacks on network infrastructure.
• Reverse shell – how to manage a compromised system.
• Privilege escalation – i.e., how to become an administrator.
• Ready-made "hacking tools".
• Analyzing the compromised system – interesting files, stored passwords, private data.
• Special cases: web applications, WiFi networks.
• Social engineering – i.e., how to "break" a person if the system cannot be compromised?

Penetration Testing – Covering Tracks and Maintaining Access

• Logging systems and activity monitoring.
• Log clearing and covering tracks.
• Backdoor – i.e., how to leave yourself an open entry point.

Penetration Testing – Summary

• Report preparation and its structure.
• Delivering and consulting the report.
• Verification of recommendation implementation.