Glen E. Clarke

CompTIA Pentest+ Certification For Dummies


Скачать книгу

      Planning and scoping

      The first phase of the penetration testing process is planning and scoping. This phase is important as it is when you identify the goals of the penetration test, the timeframe, and the rules of engagement (the types of attacks you are allowed and not allowed to perform during the pentest).

      An important part of the planning and scoping phase is to create a statement of work that specifies exactly what is to be tested and to get written authorization from a person of authority for the business that gives you permission to perform the penetration test. Remember that attacking and exploiting systems without prior authorization is illegal.

      Fortheexam For the PenTest+ certification exam, remember to get written authorization from an authorized party such as the company owner or an upper-level manager before moving on to phase two of the penetration testing process.

      Chapter 2 covers planning and scoping.

      Information gathering and vulnerability identification

      The second phase of the penetration testing process is the information gathering and vulnerability identification phase, which is also known in other pentest models as the “reconnaissance phase.” This phase can be broken into two subphases: information gathering as the first subphase, and vulnerability identification as the second subphase.

      Information gathering

      The information gathering part of the penetration test is a time-consuming part of the penetration test. It involves both passive and active information gathering.

      With passive information gathering, you use public Internet resources to collect information about the target such as public IP addresses used, names and email addresses of persons that could be targets to a social engineer attack, DNS records, and information about products being used. This is called passive information gathering because you are not actually communicating with the company’s live systems (unless you surf its website); instead, you are collecting public information that anyone can access and it will not look suspicious. Note that passive information gathering is also known as passive reconnaissance.

      Vulnerability identification

      Once the information gathering subphase is complete, you should now have a listing of the ports open on the system and potentially a list of the software being used to open those ports. In the vulnerability identification subphase, you research the vulnerabilities that exist with each piece of software being used by the target. Vulnerability identification also involves using a vulnerability scanner to automate the discovery of vulnerabilities that exist on the target networks and systems.

      Chapters 3 and 4 cover information gathering and vulnerability identification.

      Attacks and exploits

      The third phase of the penetration testing process is to perform the attacks and exploit systems. In this phase, with knowledge of the vulnerabilities that exist on the targets, you can then break out the penetration tools to attack and exploit the systems. This involves social engineering attacks, network attacks, software attacks such as SQL injection, and wireless attacks against wireless networks.

      Once a system is compromised, you can then perform post-exploitation tasks, which involve collecting more information about the system or planting a backdoor to ensure you can gain access at a later time.

      Chapters 5 through 10 cover attacks and exploits.

      Reporting and communication

      The fourth and final phase of the penetration testing process is reporting and communication. These tasks are the reason the penetration test was performed in the first place: to report on the findings and specify remediation steps the customer can take to reduce or eliminate the threats discovered.

      Chapter 11 covers reporting and communication.

Schematic illustration of the CompTIA penetration testing process.

      Graphic designed and created by Brendon Clarke.

      FIGURE 1-2: The CompTIA penetration testing process.

      Over the years a number of security assessment and penetration testing methodologies have been developed. In this section, you learn about some of the common security assessment methodologies. Keep in mind that you should be familiar with these for the exam, but you do not need to know the detailed steps performed by each methodology.

      MITRE ATT&CK

      MITRE ATT&CK is a recognized knowledge base of tactics and techniques used by attackers to compromise systems. The goal of MITRE ATT&CK is to use the information collected and presented in the standard as a basis for threat modeling and analysis. At the MITRE ATT&CK website you can choose a threat and read the details about the threat, including how the threat can be detected and mitigated.

      To learn more about MITRE ATT&CK, visit https://attack.mitre.org.

      Open Web Application Security Project (OWASP)

      The OWASP Foundation is a nonprofit foundation focused on improving the security of software. OWASP released the very popular OWASP Top 10 document that lists the ten most common security flaws