Knowledge Base for Penetration Testing
Hardware and software should be hardened as much as possible before it is added to a network. Organizations should make the assumption that the device or application is not safe when they receive it. The client should research and identify any issues that the manufacturer or publisher are already aware of. All known vulnerabilities should […]
Password Hashing and Encryption The following list includes mitigation strategies you will want to present to your clients concerning secure password storage and transmission: Multi-Factor Authentication Just a few years ago, the cost of implementing multi-factor authentication could be quite high. More recently, it has become very affordable, costing as little as $10 USD per […]
Regarding People A pen test team needs to recommend mitigation solutions for people, processes, and technology to deal with any discovered vulnerabilities. These all need to be considered together so that your recommendations don’t result in gaps. All three of these factors often overlap, so hardening one without hardening the others will still result in […]
Collection As you conduct your penetration testing, you will be gathering a great deal of highly sensitive information. You need to ensure that the data is properly handled so that this sensitive information does not fall into the wrong hands. The addresses, network maps, security details, and the vulnerabilities of these and other factors would […]
Forensics is the branch of computer science that seeks to discover evidence of activity in computers, digital storage media, and networks. Most hacking activities and tools leave direct or indirect evidence that can be discovered by a forensic investigator. The following table summarizes some popular cyber forensics tools. Forensics Tool Description EnCase Multi-forensic platform that […]
Persistence is the quality by which a threat continues to exploit a target while remaining undetected for a significant period of time. Rather than hitting a target and leaving right after, attackers will look for ways to maintain their foothold in the organization long after the main attack phase has concluded. Some of the goals […]
Lateral movement is the process of moving from one part of a computing environment to another. After you gain access to the initial part of the environment, you can spread your attack out to compromise additional resources. This ensures that your test encompasses more than just a narrow selection of resources. Likewise, you may be […]
Insecure Coding Practices Most of the previous exploits are made possible due to poor coding practices during development. You should attempt to leverage these mistakes whenever you can. The following are examples of insecure coding practices. Note that these apply to most types of software, not just web apps: Reverse Engineering Reverse engineering, as applied […]
Commonalities Among Web Application Vulnerabilities Web applications interact with many different users at the same time over a network, and as such, must be easily accessible to a large number of people. This accessibility leads to attackers manipulating various components of web apps in order to steal sensitive data, compromise other users’ sessions, disrupt the […]
There are some attacks that you can use to test the physical security of the target’s hosts, rather than testing them from a purely virtual space. Note that these tests are technical in nature, and usually involve vulnerabilities in how the host’s hardware is configured. Also, these attacks are not OS-specific—because they are hardware-based, they […]
by