Penetration Testing: Sachin Phapale (Ciseh & Cissp)

The document discusses penetration testing methodology. It outlines a 5 step process: reconnaissance, scanning and enumeration, gaining access, maintaining access, and covering tracks. It describes the tasks involved in each step such as passive information gathering, vulnerability mapping, exploiting vulnerabilities to gain access, privilege escalation, and removing tools to cover tracks. The document also mentions frameworks, customizing tools, engagement preparation, and writing quality reports for clients. The overall message is that penetration testing requires thorough research, organization, and attention to detail while avoiding illegal activities.

Uploaded by

fsdfds

Available Formats

Download as PPSX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

52 views

Penetration Testing: Sachin Phapale (Ciseh & Cissp)

Uploaded by

fsdfds

Available Formats

Download as PPSX, PDF, TXT or read online on Scribd

You are on page 1/ 13

Penetration Testing

Sachin Phapale
(CISEH & CISSP)
Agenda
● Introduction about me
● Penetration testing Methodology
● Pen testing Frameworks
● Customizing your tool set
● Engagement Prep
● Post Engagement
● Wrapping it all up
The about me stuff
Hello Friends,
• I am an Individual Certified Information
Security Researcher and Ethical
Hacker!(CISEH)
• Now a days working to share knowledge on
Web Security and spreading awareness
about common securities.
Ethical Pentesting Methodology?
● No such thing if you want to be successful
● You need to think like a hacker
● Pentesting methodologies cover all grounds
and help win assessments
● Attention to details and organization skills
● Push the envelope but do not cross the line
Penetration Methodology
5 step process
● Reconnaissance/Footprinting
● Scanning & Enumeration
● Gaining Access
● Maintaining Access
● Covering Tracks
Penetration Methodology Cont.
● Reconnaissance
– Gathering information passively
– Not actively scanning or exploiting anything
– Harvesting information
● Bing, google, yahoo, yandex

● Way back machine (archive)

● shodan

● Social media etc

Penetration Methodology Cont.
● Scanning & Enumeration
– Target discovery
– Enumerating
– Vulnerability mapping
Penetration Methodology Cont.
● Gaining Access
– Mapped vulns
– Important to penetrate gaining user and
escalating privs
– Try multiple vectors. This is actually a
decently easy part
– Web application, wifi, social engineer.
– Use your research
Penetration Methodology Cont.
● Maintaining Access
– Keeping account access
– Privilege escalation
– Pivoting to own all
– ET phone home
Penetration Methodology Cont.
● Covering Tracks
– Removing tools
– Backdoors, ET phone homes
– Clearing logs
– Windows security, application and system
logs
– Linux /var/log/*
– Remove audit logs carefully!!!!!
Refferences
● https://vulnerabilityassesment.co.uk
● https://pentest-standard.org
● Open Source Security Testing Methodology Manual (OSSTMM)
● Information Systems Security Assessment Framework (ISSAF)
● Open Web Application Security Project (OWASP) Top Ten
● Web Application Security Consortium Threat Classification (WASC-TC)
● https://ieeexplore.ieee.org
● https://www.ijecs.in
● www.ijirset.com
● www.academia.edu
● https://www.researchgate.net
● Book referred “The Tribe of Hacker”
Report Writing
● It is the last thing the customer sees. Make it the
best thing they see
● Customers are paying for quality
● Different reports for various teams
● Executive Summary
● Detailed Summary
Wrapping it all up
● Pentesting has numerous components
● Its not always about hacking its about research
and business
● Making sure you are NICHE at what you do.
Know your target and field
● Always improve your methods while helping
your client improve their infrastructure
● “Don't learn to hack, Hack to learn”

How To Think Like A Manager For The Cissp Exam
100% (5)
How To Think Like A Manager For The Cissp Exam
134 pages
Hack Android Using Kali
100% (3)
Hack Android Using Kali
64 pages
COS30015 Practical Assignment
No ratings yet
COS30015 Practical Assignment
15 pages
Chapter 3. Ethics in Information Technology
100% (1)
Chapter 3. Ethics in Information Technology
36 pages
CompTIA Pentest Study Guide PDF
100% (1)
CompTIA Pentest Study Guide PDF
71 pages
Penetration Testing Methodology: (Company Name)
No ratings yet
Penetration Testing Methodology: (Company Name)
6 pages
Penetration Testing Tutorial PDF
100% (2)
Penetration Testing Tutorial PDF
38 pages
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
From Everand
The Certified Ethical Hacker Exam - version 8 (The concise study guide)
alasdair gilchrist
3/5 (9)
Ethical Hacking
100% (14)
Ethical Hacking
253 pages
2-Ethical Hacking Methodology
No ratings yet
2-Ethical Hacking Methodology
21 pages
Ethical Hacking and Penetration Testing Lecture 1
No ratings yet
Ethical Hacking and Penetration Testing Lecture 1
19 pages
Pentest Methodologies
No ratings yet
Pentest Methodologies
19 pages
CHapter - 4netwrok
No ratings yet
CHapter - 4netwrok
16 pages
ethical hacking notes
No ratings yet
ethical hacking notes
49 pages
7cyberssyll
No ratings yet
7cyberssyll
14 pages
Penetration Testing Hyd Chapter
No ratings yet
Penetration Testing Hyd Chapter
23 pages
Chapter 1 Introduction To Vulnerability Assessment and Penetration Testing
No ratings yet
Chapter 1 Introduction To Vulnerability Assessment and Penetration Testing
29 pages
Ethical_Hacking_and_Penetration_Testing
No ratings yet
Ethical_Hacking_and_Penetration_Testing
29 pages
WM4
100% (1)
WM4
47 pages
Effective Penetration Testing
No ratings yet
Effective Penetration Testing
8 pages
Ethical Hacking Presentation Complete
No ratings yet
Ethical Hacking Presentation Complete
16 pages
UAD Plug-Ins Manual
No ratings yet
UAD Plug-Ins Manual
19 pages
Penetration Testing
No ratings yet
Penetration Testing
28 pages
EHPT Module 09
No ratings yet
EHPT Module 09
39 pages
Hack Yourself First Final
100% (1)
Hack Yourself First Final
62 pages
Hack Your Self First
No ratings yet
Hack Your Self First
62 pages
Unit 5
No ratings yet
Unit 5
4 pages
Penetration Testingdc
No ratings yet
Penetration Testingdc
4 pages
XXX Report: Client Logo Placeholder
No ratings yet
XXX Report: Client Logo Placeholder
37 pages
Ethical Hacking and Penetration Testing process
No ratings yet
Ethical Hacking and Penetration Testing process
5 pages
Effective Penetration Testing With Metasploit Framework and Methodologies
No ratings yet
Effective Penetration Testing With Metasploit Framework and Methodologies
6 pages
Ethical Hacking Firefox Plugin by Srikanta Sen
No ratings yet
Ethical Hacking Firefox Plugin by Srikanta Sen
131 pages
Ethical Hacking Reviewer
No ratings yet
Ethical Hacking Reviewer
8 pages
Penetration Testing
No ratings yet
Penetration Testing
12 pages
Vulnerability Assessment and Penetration Testing IJERTV10IS050111
No ratings yet
Vulnerability Assessment and Penetration Testing IJERTV10IS050111
6 pages
7COM1068: Penetration Testing Assignment 1: Pentesting Planning
No ratings yet
7COM1068: Penetration Testing Assignment 1: Pentesting Planning
6 pages
Sanchez-Adrian-B. Final Reviewer 06-01-23
No ratings yet
Sanchez-Adrian-B. Final Reviewer 06-01-23
6 pages
WEB PT_final_2
No ratings yet
WEB PT_final_2
15 pages
Chapter Three - Computer and Information Security
No ratings yet
Chapter Three - Computer and Information Security
46 pages
Prnetration Testing Report
No ratings yet
Prnetration Testing Report
15 pages
Penetration Testing Methodology - Oissg - Archive - Org
No ratings yet
Penetration Testing Methodology - Oissg - Archive - Org
9 pages
His 06 2013
No ratings yet
His 06 2013
15 pages
Itec413 15
100% (1)
Itec413 15
33 pages
130 To 148
No ratings yet
130 To 148
114 pages
EHPT Module 03
No ratings yet
EHPT Module 03
57 pages
CPT Project Report Adithya
No ratings yet
CPT Project Report Adithya
20 pages
IJCRT2311307
No ratings yet
IJCRT2311307
7 pages
Introduction to Penetration Testing
No ratings yet
Introduction to Penetration Testing
61 pages
penetration testing
No ratings yet
penetration testing
10 pages
Types of Penetration Testing
No ratings yet
Types of Penetration Testing
4 pages
Security Testing
No ratings yet
Security Testing
7 pages
Penetration Test Process and Types Facts
No ratings yet
Penetration Test Process and Types Facts
5 pages
1 - MSF-I - Introduction To MSF
No ratings yet
1 - MSF-I - Introduction To MSF
28 pages
Iman Awed Final
No ratings yet
Iman Awed Final
43 pages
Pentesting Model
No ratings yet
Pentesting Model
8 pages
unit 3 hs pdf
No ratings yet
unit 3 hs pdf
11 pages
Thor Teaches Study Guide CISSP Domain 6
No ratings yet
Thor Teaches Study Guide CISSP Domain 6
11 pages
Penetration Testing
100% (1)
Penetration Testing
14 pages
Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1
From Everand
Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1
Karina Astudillo B.
5/5 (5)
data science course training in india hyderabad: innomatics research labs
From Everand
data science course training in india hyderabad: innomatics research labs
innomatics research labs
No ratings yet
Hacker’s Guide to Machine Learning Concepts
From Everand
Hacker’s Guide to Machine Learning Concepts
Trilokesh Khatri
No ratings yet
BackTrack 4: Assuring Security by Penetration Testing
From Everand
BackTrack 4: Assuring Security by Penetration Testing
Shakeel Ali
5/5 (1)
Ian Talks CompTIA PenTest+ PT0-002 A-Z: SecurityCertificationsAtoZ, #1
From Everand
Ian Talks CompTIA PenTest+ PT0-002 A-Z: SecurityCertificationsAtoZ, #1
Ian Eress
No ratings yet
AI Ethics and Governance: A Practical Guide
From Everand
AI Ethics and Governance: A Practical Guide
Naila Hina
No ratings yet
Report On Ethical Hacking and Social Engineering
No ratings yet
Report On Ethical Hacking and Social Engineering
7 pages
Certified Ethical Hacker Certified Ethical Hacker: 10 (Practical)
No ratings yet
Certified Ethical Hacker Certified Ethical Hacker: 10 (Practical)
12 pages
What Is A Hacker, Really?: Types of Hacking/Hackers
No ratings yet
What Is A Hacker, Really?: Types of Hacking/Hackers
3 pages
OceanofPDF.com Web Application PenTesting - Yassine Maleh
No ratings yet
OceanofPDF.com Web Application PenTesting - Yassine Maleh
340 pages
A-Report-on-Ethical-Hacking-1
No ratings yet
A-Report-on-Ethical-Hacking-1
42 pages
Ethical Hacking V2-Update
No ratings yet
Ethical Hacking V2-Update
2 pages
A Case Study of Software Security Red Teams at Microsoft
No ratings yet
A Case Study of Software Security Red Teams at Microsoft
10 pages
Literature Review On Ethical Hacking
100% (1)
Literature Review On Ethical Hacking
4 pages
EC0-350 Certified Ethical Hacker EC-COUNCIL Ethical Hacking and Countermeasures
No ratings yet
EC0-350 Certified Ethical Hacker EC-COUNCIL Ethical Hacking and Countermeasures
7 pages
1737616367120
No ratings yet
1737616367120
37 pages
Pafgct 2022 Reviewer
No ratings yet
Pafgct 2022 Reviewer
4 pages
Fundamantal of Software Security Material Haile
No ratings yet
Fundamantal of Software Security Material Haile
32 pages
Ethics in Information and Technology Professionals
No ratings yet
Ethics in Information and Technology Professionals
36 pages
Chapter 3. Lesson 5 Hacking
No ratings yet
Chapter 3. Lesson 5 Hacking
51 pages
Cyber Security All Units Notes 2021-2022(b.tech 2-2)Cse-cs (1) (1)
No ratings yet
Cyber Security All Units Notes 2021-2022(b.tech 2-2)Cse-cs (1) (1)
58 pages
Ethical Hacking PPT
No ratings yet
Ethical Hacking PPT
2 pages
03 Ict 136 Unit 2 Lesson 1
No ratings yet
03 Ict 136 Unit 2 Lesson 1
39 pages
IJCRT2102559
No ratings yet
IJCRT2102559
5 pages
Introduction
No ratings yet
Introduction
11 pages
Phases of Hacking
No ratings yet
Phases of Hacking
14 pages
Password Cracking: Wire Sniffing: Ethical Hacking Associate Information Security Threats Attacks
No ratings yet
Password Cracking: Wire Sniffing: Ethical Hacking Associate Information Security Threats Attacks
20 pages
CHAPTER 1 - Introduction To Ethical Hacking
100% (2)
CHAPTER 1 - Introduction To Ethical Hacking
11 pages
Class XII IP Notes Societal Impacts
No ratings yet
Class XII IP Notes Societal Impacts
12 pages
Ultimate Ethical Hacking From Zero To Hero
No ratings yet
Ultimate Ethical Hacking From Zero To Hero
2 pages
3rd Sem IT Previous Year Papers
No ratings yet
3rd Sem IT Previous Year Papers
12 pages
CEH v5 Module 00 Student Introduction
No ratings yet
CEH v5 Module 00 Student Introduction
19 pages

Penetration Testing: Sachin Phapale (Ciseh & Cissp)

Uploaded by

Penetration Testing: Sachin Phapale (Ciseh & Cissp)

Uploaded by

Penetration Testing

● Way back machine (archive)

● Social media etc

You might also like