Sec+ 008:penetration testing Techniques

When I ask cybersecurity newbies about their preferred domain, most responses tend to lean significantly toward the role of a Pentester or red teamer. Following that, I delve deeper by inquiring why they are interested in red teaming, and I've received lots of beautiful responses. This objective is one of the most interesting in the CompTIA Security+ certification curriculum. I am confident that you, my esteemed readers, will not only find it interesting but will also anticipate its significance as you progress on your cybersecurity path. Allow me to conclude this motivational piece with the statement: "Just as red teamers conduct proactive attacks to identify weaknesses, the blue teamers create better defensive mechanisms, and the GRC team intervenes to ensure that the remediation mechanism aligns with relevant compliance requirements." The orchestrated dance between these specialist teams ensures that our digital landscapes stay protected and resilient.

We learned about automated vulnerability scanning in our last post, but it does not assess what a highly proficient threat actor would be capable of. Penetration testing is an assessment that uses strategies and procedures to simulate intruders. Understanding the underlying notion of pentesting is critical regardless of the team you belong.

In this post, you will learn about different penetration testing concepts, the passive and active ways of performing reconnaissance and exercise types

STAY TUNED!!!

Penetration Testing Concepts

A penetration test simulates an attack on a system in order to evaluate security. A pentest includes procedures such as threat verification, security control bypass, active control testing, and vulnerability exploitation. It is frequently referred to as ethical hacking. Pentesters acquire initial access, then try to expand it. There are other test variations, including blind tests (where the attacker is unaware of the system) and double-blind testing (where the staff is unaware of the test). The following are different penetration testing concepts:

Known Environment: An assessment where the pentester has a full disclosure and total access to the target. It is also known as a White box.

Unknown Environment: An assessment where the pentester has no information regarding the target. it is also called black box. Pentest is performed from an external viewpoint without having any knowledge of the internal operations.

Partially Known Environment: An assessment that replicates an insider attacker who is only partially familiar with the target. it is also called Gray box

Rules of Engagement: These are rules and guidelines set for the penetration test's scope and purpose. They specify the pentester's rights and obligations, making it easier to make sure the test is carried out securely and within the legal limits.

Lateral movement: This means moving from system to system after acquiring initial access in order to investigate and exploit other systems. It helps to determine how far an attacker might go in a compromised environment.

Privilege escalation: It is the process of getting additional account privileges. Pentesters put the system's defenses to the test by attempting to elevate privileges above what an initial intrusion would allow.

Persistence: This is the ability to continue to exist after a system restart or a network disconnect. This indicates that the attacker can and will return to the network, using good techniques and several accounts so that their reentry will not be noticeable.

Cleanup: For a threat actor, this entails getting rid of any trace of the attack, or any evidence that might link them to it. For the pentester, this stage calls for the removal of any backdoors or tools and verification that the system is not any less secure than it was before the engagement.

Bug bounty: Several organizations have bug bounty programs where they compensate/reward people who responsibly report security flaws. This could be a tactic used during pentesting to entice ethical hackers to discover and report vulnerabilities.

Pivot: It entails using a hacked system as a launching pad to attack other systems on a network.

Passive and Active Reconnaissance

Reconnaissance is gathering information about the target, it can be passive or active.
Passive reconnaissance entails gathering data without directly interacting with the target system, so avoiding discovery or trigging an alert. Active entails directly interacting with the target system or network to acquire information and find vulnerabilities. such as performing a port check to identify any open ports or gaining physical access to premises. The following are different ways of gathering information:

Drones: A flying machine without a human pilot inside.

War flying: Drones can be used by pen testers for "war flying," which is a technique for approaching and capturing wireless network signals, allowing them to record network traffic.

War driving: This entails driving around with devices capable of detecting and recording wireless networks.

Footprinting: This is the first step in gathering live information about a network. This method is used by pen testers to gather information about computer systems, the relationships between them, and occasionally user data. Specifically, network sniffing and scanning technologies are used to achieve this.

OSINT: it is the use of publicly available information sources to obtain knowledge about a system.

Exercise Types

Red-team: They are the attacking/offensive team that attempts to enter the target by playing the attacking role.

Blue-team: They are the defensive team that operates by monitoring and alerting controls to detect and stop the infiltration.

White-team: They are the panel of judges that does not belong to any team. They determine scores and rules in an exercise.

Purple-team: it is the combination of the red team and blue team player. Red team member assist your blue team in understanding the moves from the attacker's point of view.