Practical Penetration Test Training 7 presentation

About This Presentation

Transcript and Presenter's Notes

Title: Practical Penetration Test Training 7

1
ABOUT US

SECURIUM FOX offers cyber security consultancy
services with its expert and experienced team. We
are providing consulting services to prevent
cyber attacks, data leak and to ensure that our
customers are ready and safe against cyber
attacks, with more than 15 years of
experience.In addition to pentests and
consulting services, SECURIUM FOX prepares its
customers and field enthusiasts for real life
scenarios by providing trainings in the lab
environment which was prepared by themselves,
with its young, dynamic and constantly following
team.Everytime that hackers are in our lives,
there are always risks that we can face with a
cyber attack. Over the years cyber security has
become a critical precaution for all
organizations and companies after the effects and
number of attacks. SECURIUM FOX tests the weak
points of customers for possible attacks and
provides consulting services to eliminate these
weak points.SECURIUM FOX team also offers
support for the development of our country in
this field by supporting free events being
organized as a volunteer by the Octosec team.

PENETRATION TESTING AND TRAINING

3
What Is Penetration Testing?

Penetration testing, also called pen testing, is
a cyberattack simulation launched on your
computer system. The simulation helps discover
points of exploitation and test IT breach
security.
By doing consistent pen testing, businesses can
obtain expert, unbiased third-party feedback on
their security processes. Though potentially
time-consuming and costly, pen testing can help
prevent extremely expensive and damaging breaches.

How do I perform penetration testing?
Penetration testing challenges a network's
security. Given the value of a businesss
network, it is imperative that businesses consult
with experts before pen testing. Experts can
ensure that testing does not damage the network,
and they can also provide better insights into
vulnerabilities. Pen testing experts can help
businesses before, during, and after the tests to
help obtain useful and beneficial results.
Is pen testing the same as a vulnerability
assessment?
Pen testing and vulnerability assessments are not
the same. A vulnerability assessment is primarily
a scan and evaluation of security. But a pen test
simulates a cyberattack and exploits discovered
vulnerabilities.

Can a penetration test destroy my network?
Network integrity is the number one concern for
businesses considering pen testing. Responsible
penetration testing teams will have multiple
safety measures in place to limit any impacts to
the network.
Prior to a pen test, the business works with
testers to create two lists an excluded
activities list and an excluded devices list.
Excluded activities may include tactics like
denial-of-service (DoS) attacks. A DoS attack can
completely obliterate a network, so the business
may want to guarantee it will not be done on a
pen test.
What is ethical hacking?
Ethical hacking is synonymous with penetration
testing in a business context. Basically, in pen
testing an organization is ethically hacked to
discover security issues. Some people refer to
hacking efforts by rogue individuals for
political reasons as ethical hacking, or
hacktivism. But any unauthorized hacking efforts
are malicious and illegal. Penetration testing
includes consent between the business and the
tester.

Network infrastructure
An attack on a businesss network infrastructure
is the most common type of pen test. It can focus
on internal infrastructure, like evading a
next-generation intrusion prevention system
(NGIPS), or the test can focus on the networks
external infrastructure, like bypassing poorly
configured external firewalls.
In an internal test, businesses may be focused on
testing their segmentation policies, so an
attacker focuses on lateral movement in the
system. In an external test, the attacker focuses
on perimeter protection, like bypassing a
next-generation firewall (NGFW).
Network attacks may include circumventing
endpoint protection systems, intercepting network
traffic, testing routers, stealing credentials,
exploiting network services, discovering legacy
devices and third-party appliances, and more.

Web application
True to its name, this test focuses on all web
applications. While web applications may have
some overlap with network services, a web
application test is much more detailed, intense,
and time consuming.
Businesses use more web applications than ever,
and many of them are complex and publicly
available. As a result, most of the external
attack surface is composed of web applications.
Some web applications are vulnerable on the
server side, and some are vulnerable on the
client side. Either way, web applications
increase the attack surface for IT departments.
Despite their cost and length, web application
tests are crucial to a business. Web application
issues may include SQL injection, cross-site
scripting, insecure authentication, and weak
cryptography.

Wireless
A wireless test looks for vulnerabilities in
wireless networks. A wireless pen test identifies
and exploits insecure wireless network
configurations and weak authentication.
Vulnerable protocols and weak configurations may
allow users to gain access to a wired network
from outside the building.
Additionally, businesses are using more mobile
devices than ever but struggle to secure them. A
wireless pen test will try to exploit corporate
employees that use their devices on insecure,
open guest networks.
Social engineering
Social engineering tests simulate common social
engineering attacks such as phishing, baiting,
and pretexting. These attacks aim to manipulate
employees into clicking a link or taking an
action that compromises the business network.
Often, clicking the link authorizes access,
downloads malware, or reveals credentials.
A social engineering test can reveal how
susceptible a businesss employees are to these
attacks. Small employee mistakes can grant
adversaries their initial access to the
businesss internal network.

Physical
Finally, businesses can do a physical pen test
that focuses on the physical security of their
organization. During these tests, an attacker
attempts to gain building access or find
discarded papers or credentials that can be used
to compromise security. Once inside the building,
an attacker may attempt to gather information by
eavesdropping or hiding rogue devices in offices
to give remote access to the businesss internal
network.
While IT typically focuses on digital security,
tools for network protection can be useless if
the business allows building access or reveals
information to outsiders. For example, an
employee may let someone into the building or
offer a Wi-Fi password without checking to see if
the person requesting access is an employee.

10
You can always contact with SECURIUM FOX. You can
contact us through our email addresses or by
using the contact form on the side.

INFO
3rd Floor,Lohia Towers,
Nirmala Convent Rd,
Gurunanak Nagar,Patamata,Vijyawada,
Andhra Pradesh -520010
9652038194
08666678997
info_at_securiumfoxtechnologies.com

info_at_securiumfoxtechnologies.com
Andhra Pradesh Office
91 8666678997,91 91652038194
3rd Floor,Lohia Towers,
Nirmala Convent Rd,Gurunanak Nagar,Patamata,Vijaya
wada,
info_at_securiumfoxtechnologies.com
UK Office
44 2030263164
Velevate, Kemp House, 152 - 160,City Road,EC1V
2NX
London
info_at_securiumfoxtechnologies.com
Tamil Nadu Office
91 9566884661
Kailash Nagar, Nagar, Tiruchirappalli, Tamil Nadu
620019
info_at_securiumfoxtechnologies.com

Noida Office
91 (120) 4291672, 91 9319918771
A-25, Block A,
Second Floor,Sector - 3,
Noida, India
info_at_securiumfoxtechnologies.com
USA Office
1 (315)933-3016
33 West,17th Street,
New York,
NY-10011, USA
info_at_securiumfoxtechnologies.com
Dubai Office
971 545391952
Al Ansari Exchange, Ansar Gallery - Karama
Branch, Hamsah-A Building - 3 A St - Dubai -
United Arab Emirates

Write a Comment

User Comments (0)

Practical Penetration Test Training 7 PowerPoint PPT Presentation