In this video, you will learn to; describe a penetration testing process, Mile-2 CPTE training, and what is meant by ethical hacking. Part of this session is the penetration testing process. The penetration testing phases that in the audit we just understand, for example, that we don't have the web system. We don't have any assessment yet to understand or to review if the system is prone to cross-site scripting. Well, on that pentesting site, we will go and we will test the cross-site scripting into the system. We will act like an attacker, like in a hacker, and try to explore the system, try to perform the cross-site scripting and understand what happens. Understand if the system is prone to cross-site scripting. Well, let's simulate, let's attack the system, let's generate the cross-site scripting attack into the system, and let's see what happened. Let's see if the system, let me send a message to a user, and let me, through the user, to go to an external website and try to hack the user's computer, try to hack the system. So basically, the penetration testing or the ethical hacking process this is just methodology used by Mile-2, is a vendor that has a lot of cybersecurity certification, but this is just a basic and the standard process. So you will need to footprinting your target on the same target that we have the web application program. We will need to understand first of all, what kind of system we are dealing with, if this is a web system or dealing with the WordPress platform, we're dealing with a customized platform, we're dealing with HTML5 platform. The scanning planning process will let us know or in the Pentester view, we'll give the Pentester the knowledge to understand if there is any port open. What is the operative system of the web server application? What is the language? What is the database that the web application is reporting to? On the enumeration, we will understand any kind of techniques, any kind of processes that we are going to generate, that we're going to use for the access system. Obviously, we have the exploitation or penetration part, and these means that we're going to perform the attacks. We're going to generate get the attacks. If we understand that we are dealing with a WordPress platform, and the WordPress platform is in a server in the internal network and the same WordPress platform prompts to a SQL injection attack, and we could get the information for the database. Well, let's generate the attack, let's create the attack and see what happen. If the attack was successful, we will have to perform a set of steps. For example, we could elevate the privilege, we could manipulated the data. We need to cover our tracks. For example, we don't want for that CSEC to detect our steps in the system. So probably, we will need to cover our tracks. We will have to leave a backdoor. For example, we will want to come back later to the system, and we don't want to perform any of the previous steps. We just want to go and double-click on the LinkIn in our Desktop and get access to the system, then we will need to leave a backdoor. Those processes, those steps, we'll understand or will give us an understanding that the system is prone to attacks, and not just prone to attack but the system will have or will deal with attacks in a way that will give the attacker the full control of the system, or will block the attack and will drop all the connections from the attacker computer. So that process, the pentest process is normally known as an offensive security scan, is something that you will need to act like an attacker, you will need to act as a hacker and perform attacks into systems. Obviously, you will need to have permission from your client in order to proceed with these kind of test. But on the audit, the important part here is understand that if you will perform an audit, this is not necessarily a pentest or a pentest is not necessarily an audit. So there is a lot of differences, there is a lot of things that you will keep in mind in order to perform each of both or each of the processes, each of the techniques that we show you in the session.
