Pentesting – what is it actually?

serverinfrastructurePenetration testing are several acts on various computers and systems.

 

First in “recon”  one checks the public profile of the company.

Use scan tools, nmap, hping, scapy, burp suite,  and others to check the target computers out.  (this is the Alpha scan)

 

Then one can use a few pre-built tools to review vulnerabilities like Nessus, maltegoo, Metasploit or Armitage(a good GUI to Metasploit), OWASP and Tshark/Wireshark are also good tools to review what is going on in the network.  (Sigma scan)

 

Each tool can be used to further your knowledge of the network, or to find out more about how to investigate/exploit the systems.

 

Little by little a dossier is created with more and more information compiled.

 

Then at some point the pentester may also use some Social engineering.  (custom scan – Omega scan)

 

Here is where the custom portion of a pentest occurs.

Incidentally the process of pentest “almost” mirrors the hackers methods.

Sample report

we have placed a sample evaluation on our fixvirus.com site (the alpha-A scan)

Here we have scanned a server and found it had a few services turned on that should not have been. (Telnet and ftp should be replaced with a secure version, such as ssh and scp)

The web services need to be tested further for potential application vulnerabilities (with the Sigma-∑ scan)

Port 20000, and 2222 are not typical ports used by legitimate applications, in fact 2222 has been known to be a BackDoor trojan: Speedguide.net has some information.  This machine has to be investigated for malicious software.

This is the reason for the Alpha scan – so that unknown ports running on your machines will be uncovered.

Keep an eye on CERT – New website look

CERT – Community  Emergency Response Center  for computers was created in 1988 in response to the Morris worm.

The CERT organization I am talking about is based out of Carnegie Mellon(Software Engineering Institute), and has helped the computer industry with their insight and tools

The CERT tools link.  There are some good tools to use in combating various issues, including finding insecure application instances,

forensic tools, virtual machine reboot recovery, and more.