In this video, you will learn to describe the methodologies used in penetration testing, including the following. Open Source Security Testing Methodology, National Institute of Standards and Technology Guidelines on network security testing. Federal Financial Institutions Examination Council, Information Technology Examination. Information System Security Assessment Framework. >> Let' talk about, now, pen testing methodologies. So when we talk about pentest methodologies, we're talking about a process for offensive cyber security consultant, to a perform a series of actions in order to try to exploit a system. But the exploitation process actually is one of the key parts of the methodology. It's something that will give you a clear understanding of how the company, how you're victim, or your client, is dealing with the cyber security war. You're still in with the cyber security defenses and monitory processes. So let's understand first a couple of methodologies that are on the public knowledge, or are in the environment for you to understand and follow. So we have the OSSTMM methodology, the Open Source Security Testing Methodology Manual. Then we have the NIST, a methodology for a network security testing. There is another one called the Federal Financial Institution Examination Council for Information Technology Examination. And then we have the ISSAF, Information System Security Assessment Framework. There is another pentest methodology called a PTES. Actually if we go here on Google to PTES Technical Guidelines, the actual URL is www.pentest-standard.org. If you go here, you will see a lot of things, you will see a lot of information from the pen testing methodology perspective. But in order for you to be able to read this methodology, actually is one of the simplest methodology out there, it's simple. Just understand that here you will have the phases. So each of these is a phase that you will need to explore, you will need to perform on your pen test project. So, for example, when you are in the Intelligence Gathering process, you can click here. And you will have a lot of things to perform, in order to you get enough knowledge from your target. So, in the real world, if you work as a pen tester, as an ethical hacker, the first step and the most important step that you could do is the information gathering process, the enumeration process. Understand all the attack surface from your client, understand all the possible exploits, all the older possible systems that you could exploit on your target. So, normally, there is a misconception because, in some occasions, the people things that a pen tester will just go and open something called metasploit and start are working with comments and exploits and that's all. I mean, that's not the real world, on the real world, you will need to get a lot of information from your target. A lot of enumeration, a lot of information gathering from your target in order to proceed with the other phases. Then when you have enough information, you could go and start your Threat Modeling process. So you have all the information for your target, now what? Now you need to understand what will be your roadmap, sorry, in order for you to exploit or attack your target. Here is just some examples, or checklists, or things that you could start doing on your end. In order to understand which part of the organization, which part of the network that you already understand. Because you already performed the information gathering process, but you'll start exploring more deeply in the next step. The next step, actually, is the Vulnerability Analysis. In some occasions, as a pen testers, we use vulnerability scanners, the Vulnerability Assessment Tools. For understanding a little bit better, which vulnerabilities are more likely to be exploitable in the system. So, for example, if we have something on port 80, and we already know that that thing on port 80 is a web page running on Apache Server Version 2.6, for example. One of the things that we could do is try to perform an exploration regarding vulnerabilities that will affect that version of Apache Server. So we could use a Vulnerability Assessment Tool, we could use something called, for example, OpenVAS. We can use Qualys, we can use Nessus, there is a lot of Vulnerability Assessment Tools over there. But one of the things that also it's important for you to understand, you could also explore the vulnerabilities using a manual process. So one of the things that you could do is just go to Google. And if you have the version of the system, just go and type exploit apache 2.4, for example. And you will have a lot of information about vulnerabilities that will affect that specific version of Apache Server. And you could start trying to exploit those vulnerabilities in the next step. The next step, actually, is the Exploitation step. So when you are in the Exploitation, you will need, first of all, to understand that you as a pen tester, or as an ethical hacker. You cannot, you cannot, again, you cannot exploit any system if you don't have the permission to do that. You need to coordinate with your client, you need to coordinate with your victim [LAUGH] the time frame, time windows, in order to perform the exploit of the systems, why? Because what happen if you exploit something, if you exploit the Apache web server that we were talking about minutes ago. In a time where your victim, your client is performing some important actions on the Web page. For example, in a high season of sales for that client that will take over the Internet. So, if you exploit the system and you, not just get access into the system, but you also broke the system because you perform a denial of service attack. You probably will have problems because the normal operation of the client it's affected for you. So that's an important part for any pen tester to understand. Coordination, talk with your client, operation, try to coordinate all the operations from the Exploitation phase is a key part. But, again, on this PTES or Pen Test Standard methodology that we're seeing here, there is a lot of things that you need to have in mind. So, for example, if you want to send a payload with a reverse connection to your system. Probably you'll need to deal with something called evasion or obfuscation, to try to avoid antivirus detection, for example. Or if you want to encrypt your payload or your attack, you could start doing something that will encrypt your connection. For example, using NetGuard with encryption. Or using other tools that are not necessarily encrypted, but will use encryption portal or use ports that are open on the system. And, lastly, we have the Post Exploitation and Reporting. Again, the Post Exploitation is what happened when you already have access to the system. How could you maintain the access, how could you start doing some pivoting? In other words, how could you start jumping from computer to computer? Or how could you start doing something that we call privilege escalation? And the most important part here, Reporting. How could you show your client, how do you perform each of the steps of the project, and gain access to the system.
