Penetration testing terminology
One of the key factors for being successful in pen testing are the important terms are used day to day in the field. This is a list of well-known terminology:
- Cybercrime: Conducting a cybercrime is the act of conducting criminal activities such as theft, destruction, and identify theft (for example) using technology such as computer systems and networks. Hackers generally attack systems to exploit them conducting criminal activity. As an ethical hacker you will legally conduct the same hacking, only ethically for a company’s betterment and defense, not the contrary.
- Penetration testing: Penetration (pen) testing is the act of conducting a security exploit against a system ethically and legally to identify a weakness once completed. Pen testing is an entire methodology used to conduct security analysis that attempts to circumvent security applied to a system.
- Vulnerability testing and scanning: To know what exploits, weaknesses, and vulnerabilities exist, you must conduct a scan of a system, network, or infrastructure to identify them. A vulnerability assessment is the analysis of what is identified when a vulnerability test (or scan) is conducted. Usually the tool(s) used are uploaded with current vulnerability definitions that allow the system to more readily find current weaknesses in systems.
- Reconnaissance: The act of reconnaissance is the subvert nature of finding a penetration point. By checking out an attack vector, probing a system and identifying a possible entry point, you can conduct a pen test to test real-world and real-time situations that may need to be fixed.
- Infiltration and exfiltration: Infiltration takes place once a penetration has been established. You have successfully found an opening into a secure system and entering the system (likely undetected) is the beginning of an advanced persistent threat type test or APT. The theft of and leaving with and unauthorized transfer of information from an information system is exfiltration. Conducting both of these measures is part of an advanced or extended portion of the basic penetration test.
- Incident handling and response: Incident response is the movement of a group of security professionals to handle an unauthorized security event on protected systems. The incident handling portion is what an incident response team does to protect the chain of evidence and mitigate or neutralize the threat. Pen testing allows for incidents to be found prior to having to respond to them and when they are found, they can be added to a risk register for handling.
- Risk register management: Risk handling, management, and lowering risk through documentation of known risks in a risk register is part of an overall security program. Pen testing allows for the development of known risks to be identified or allows for known risks to be closed on the register by fixing them and running pen tests to ensure that there is no longer a threat.
Commonly used pen testing tools
In the field of pen testing, there are many, many tools you can use. A few are:
- Nessus is the foundation of most pen tester’s toolkits. Its focus is vulnerability scanning and assessment. You can quickly identify weaknesses to exploit in your organization or enterprise. From there, you can choose other functions within Nessus to further test or other tools to pen test and exploit those weaknesses.
- Kali Linux is a toolset that’s part of a Debian-based Linux distribution, purpose-made for pen tests, vulnerability scans, and forensics. Although you can download and install the toolset natively to Linux, you can also download the Linux distro into a virtual machine (VM) for ease of use. Kali is a set of tools bundled together by type and organized in a way that allows you to access what you need quickly and effectively. Originally called Backtrack (when Offensive Security got their start), this tool has evolved into one of the most used pen test applications of all time.
- Wireshark is a tool that can look at the data and show an analyst the various communication paths that exist, including those that may not be authorized. The tool is primarily used to capture data from your network so you can analyze it. Wireshark is a tool that requires you to be able to decode information that you capture with it.
- Nmap is a network mapper or mapping tool that allows you to identify a scope of a network or infrastructure, map it, and then launch a series of exploits against it (or systems on it) as part of a penetration test. You can look at the topology map after you finish mapping the network and it can provide you with places you may want to secure from hackers looking for jump-off points to get around your network and into other areas or secure hosts.
Pen testing certifications
Professional organizations and vendors both offer industry standard, generalized and specialized certification programs, as well as those based on specific vendor tools. Some of them mix the two. Here are the most popular among the list with details on how to obtain them:
- CompTIA PenTest+: CompTIA PenTest+ is a multiple choice and hands-on test that tests your ability to conduct a penetration test using tools such as Nmap. It also covers other skills required of penetration testers such as the ability to conduct vulnerability tests as well as how to plan, manage, and conduct a targeted assessment and test. According to CompTIA, the PenTest+ exam also includes management skills used to plan, scope, and manage weaknesses, not just exploit them.
- EC-Council Certified Ethical Hacker (CEH): The Certified Ethical Hacker (CEH) exam and certification is brought to you by the EC-Council and builds strength and branding around the ethical hacking profession. The test is a vendor neutral exam that covers how to conduct an assessment and find vulnerabilities, conduct exploits or penetration testing of systems, conduct scans to find weaknesses; identify and locate attack vectors; conduct penetrations such as SQL injection, system hacks, packet sniffing and capture, reconnaissance, and cover tracks; use malware for penetration; conduct a variety of web-based attacks such as cross-site scripting, cryptography attacks, and many more.
- SANS GPEN: The SANS organization’s Global Information Assurance Certification (GIAC) group has a suite of certifications that are very well designed and test your ability to not only know the details of pen testing, but also how to apply it in the real world. The Global Information Assurance Certification Penetration Tester (GPEN) validates your ability to properly conduct a penetration test, using best practice techniques and methodologies according to GIAC. The certified GPEN will be able to show the requisite knowledge required to conduct exploits, engage in reconnaissance, and conduct a detailed pen test project from the ground up.
- Offensive Security Certified Professional (OSCP): The Offensive Security Certified Professional test is highly focused on the Kali Linux distro. Kali and its very deep toolset of ethical hacking tools are the foundation of the OSCP’s fully hands on pen test certification.