Penetration testing are several acts on various computers and systems.
First in “recon” one checks the public profile of the company.
Use scan tools, nmap, hping, scapy, burp suite, and others to check the target computers out. (this is the Alpha scan)
Then one can use a few pre-built tools to review vulnerabilities like Nessus, maltegoo, Metasploit or Armitage(a good GUI to Metasploit), OWASP and Tshark/Wireshark are also good tools to review what is going on in the network. (Sigma scan)
Each tool can be used to further your knowledge of the network, or to find out more about how to investigate/exploit the systems.
Little by little a dossier is created with more and more information compiled.
Then at some point the pentester may also use some Social engineering. (custom scan – Omega scan)
Here is where the custom portion of a pentest occurs.
Incidentally the process of pentest “almost” mirrors the hackers methods.
There are some good tools on the Internet (free)
Like this one: http://www.yougetsignal.com/tools/open-ports/
This is just a basic port scan (likely tcp open check)
unfortunately a hacker will use multiple scans and some of the different flags a packet can have. There are 2^8 ports and 6 different flags for packets (SYN/ACK/RST/FIN/URG/PSH)
A good place for the information is rfc 793.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
| Source Port | Destination Port |
| Sequence Number |
| Acknowledgment Number |
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
| Checksum | Urgent Pointer |
| Options | Padding |
| data |
TCP Header Format
There are also udp scans for the udp programs (like DNS and others)
while you are working and living your life, hackers are trying to get through your devices nonstop and the reason is:
while you are sleeping, China and others in Asia are probing.
Also in early morning east European hackers are attacking.
And of course in the US we have many hackers here as well.
Attacks are coming – nonstop.
Scan your systems and we will create reports
Internet Storm Center
says Heartbleed around the net is slowly being patched.
How do they know that? Well, in case you are not a programmatic person…
One can easily scan the Internet to find out what is going on, and that is exactly what the bad guys are doing all the time.
They know when a system is not patched. Because they are scanning systems.
We recommend that you also scan your systems to find out what is going on (A – Σ – Ω)
We have 3 scanning solutions on our Solutions page.
Use LastPass check which allows the user to test a website to know whether it has updated the openssl technology.
Some site do not have this type, and may not matter, and others may have openssl and have patched.
But yet others may not be aware of this vulnerability… and if that is the case you can assume a hacker may be able to capture your password even though your lock is on the browser.
this vulnerability means the gold lock is not working for some websites out there.
Many vendors have put out statements for OpenSSL vulnerability (CVE-2014-0160):
This is a vulnerability in the encryption technology (OpenSSL) on websites and other systems. If you cannot safely access websites with encryption technologies it is a bad day on the Internet
isc has a full list – list is increasing:
But most interesting (to me) is Cisco, Redhat and Checkpoint, as they are the lifeblood of Internet
Cisco – http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
CheckPoint – https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173
Redhat – https://access.redhat.com/security/cve/CVE-2014-0160
Do your systems have this vulnerability? we can scan and find out for you. There are specific tools being developed by the hackers and good guys so as to attack/patch effectively.
We test and audit your environment to make you safer (A – Σ – Ω)