Pen Testing has been around for decade. However, in my opinion, it has changed over the years and there seems to be a lot of confusion out there about what Pen Testing actually is.
In this article, I will unpack what I believe Pen Testing is, why people need a Pen Test and what should happen after a Pen Test is complete.
Off the bat
Firstly, there are many different variances for the phrase Pen Test, these include:
- Penetration Test;
- Pentesting;
- Vulnerability Assessment;
- IT Security Audit;
- Security Testing;
- Ethical Hacking; and
- Red Teaming.
While the above may all have their different nuances; in my opinion, they all mean the same thing, test a network for security flaws that can be exploited to gain access.
Why people need a Pen Test
We all know that faith doesn’t protect our computer systems, only dedicated meticulous system administrators and IT managers and directors can do that.
Pen tests are essential to benchmark the company’s security risk. No company should think that security is not a priority if you use email and a computer daily, know that an attacker could at any point take those out if your security is poor, and will do it at a cost.
What is a Pen Test?
Most Pen Tests involve tools that scan an environment and highlight known vulnerabilities, mis-configurations and weaknesses. This is a great way to get a good baseline of your current infrastructure, and I recommend everyone complete them on a regular basis.
NMAP is a great free tool that can get you started. Use this command on your network to uncover known vulnerabilities and weaknesses:
Nmap -Pn –script vuln {subnet}
Use this command to really do some deep dive on a single machine. Note that this one will take a while :
nmap -p- -sF -A -Pn -T polite –script vuln {Target IP}
The results will show open/filtered/closed ports and any information the machine has to offer as well as if it is vulnerable to known exploits.
Very supplicated
The main issues with these tools are while they are in most cases very supplicated, the output is not always accurate and may provide several false positives.
The other glaring issue is that they are only searching one service, and only items they know on that service. They are not looking at BYOD not connected to the network, or external systems and most importantly your uses.
Only the beginning
While these vulnerability scanners can give you a lot of great and crucially important information, they are a start to securing your network and only the start of a Pen Test.
The next basic steps are to use the information gathered and dig into details:
- **Webservers – **check with Nikto and DIRB for misconfiguration’s and badly implemented permissions;
- **Windows Network – **run Responder or Ettercap and try catch hashes and clear text unencrypted traffic;
- **MSSQL – **monitor traffic with Wireshark and use sh to inject code;
- Exploit-based on the vulnerabilities found from your NMAP scan use Metasploit to execute them,
- **WiFi – **capture traffic and handshakes to crack the password with wifi-cracking tools;
- **Social Engineering – **leverage the social engineering toolkit to capture details from employees; and
- **Passwords – **check have i been pwned? To see if your domain or accounts have been involved in a breach.
Or spin up a Kali machine and go through every single one of the tools available, there are hundreds and they are all free. The Hackers Playbook 3 is a great resource for anyone who wants to know more and really get stuck in on performing a thorough Pen Test
What you should expect from a Pen Test
You should expect:
- A full report on all findings with different levels of severity from severe to info;
- A breakdown of what to do to remedy the vulnerabilities;
- Any forensic information to assess whether the system has already been breached; and
- An immediate action plan suggestion with a confirmed date on the next assessment in order to test fixes.
In the end
I hope this enlightens you to what a Pen Test is, how to perform your own and what to do with the results.
If you don’t have time to do your own or find that you run out of talent or just have too much to do and need some help, please contact GTconsult A team Protection who specialize in Pen Testing and Red Teaming.