Knowledge Base for Penetration Testing
Another form of session hijacking is to steal the session credential from a user’s browser and then use it to impersonate the user on a website. HTTP has no mechanism at the protocol level for tracking the state of a particular browser request. From the server’s perspective, every request it receives from the client is […]
Sniffing vs Eavesdropping Sniffing is a straightforward way to passively obtain a lot of information about the network. You can use it to identify hosts, services, device types, protocols, subnets, IP addresses, and much more. Sniffing particularly takes advantage of cleartext protocols such as TCP, UDP, IP, ARP, ICMP, IGMP, LDAP, SNMP, SMB, FTP, DNS, […]
The specific attacks a pen test team chooses will depend on the target environment. However, there are common attacks that every chief information security officer (CISO) should worry about. These include: Social engineering, including phishing and malware distribution Injection attacks, including SQL injection, cross-site scripting (XSS), cross-site request forgery (XSRF), and directory traversal Denial of […]
Adjudication In vulnerability analysis, adjudication is the process of evaluating and ranking vulnerabilities in terms of the potential threat they may pose to the organization. It also implies that some action can and will be taken to minimize this threat. Adjudication is useful because it is one of the most important factors that will influence […]
Asset categorization, also known as asset classification, is the process of placing business assets with similar characteristics into the same group. This helps a business shape how it works with each asset, such as how it prioritizes what assets receive the strongest security protections. From the perspective of a pen tester, categorizing assets is a […]
Vulnerabilities are weaknesses that may or may not be exploitable. Known vulnerabilities are categorized and referred to by their Common Vulnerabilities and Exposures (CVE) number. Once you have discovered hosts and open ports, you can conduct a vulnerability scan to see if the services listening on those ports have known vulnerabilities. A vulnerability scan involves […]
Website enumeration involves discovering resources that the web server is using, as well as the underlying technology that the web server is running on. This information can help you choose more effective vectors to use in an attack, as well as exploit vulnerabilities in specific versions of web server software. You can use several tools […]
Most organizations make files available on the internal network for users to access. This is typically done through the use of network shares, which are directories that can be accessed by using a network sharing protocol. These network shares might hold sensitive files or information that is otherwise useful to the pen test. On most […]
Enumeration Enumeration is the process of using various techniques that query a device or service for information about its configuration and resources. It is a common step in active reconnaissance and crucial to penetration testing. Once you have connected to a host, you can interrogate it for details that will reveal additional attack vectors. The […]
Metasploit is a multi-purpose computer security and penetration testing framework. Intentionally modular, it allows the attacker to mix and match scanners, exploits, and payloads into a single attack. Originally created by H.D. Moore for security analysis, it was later acquired by Rapid7, which added more intuitive, GUI-based commercial versions. Metasploit is considered to be the […]
by