Join Malcolm Shore for an in-depth discussion in this video Pen testing overview, part of Penetration Testing Essential Training.
- [Instructor] Over the last decade, testing computer systems for vulnerabilities has become a necessary part of any deployment. Traditionally, the software development lifecycle included testing as the final stage prior to going live. They'd use testing methods based on development test cases to confirm the software was functionally correct, ie, it produced the correct results. While this was all very well for software through to the 1990s, the advent of the internet and online services provided a rich environment for hackers to find flaws in software.
Often, these flaws exploited unexpected input, such as maliciously crafted packets, and used unexpected techniques such as command injection. The typical hacker was a bored teenager with a computer and a modem and plenty of spare time. These attacks demonstrated the limitations of testing by thinking like a developer, and began the age of testing by thinking like an attacker. In other words, don't just run a set of test cases. Also use your imagination, and try to think of different ways to penetrate your target.
Pen testing, as this approach to testing is now known, has become a recognized testing approach, and a popular career choice. The name "hacker" was originally used to describe someone who was very skilled at modifying computer software in order to make it perform exceptionally well. Over the years, the term has been increasingly used to describe someone who has the same level of skills, but uses them for annoying or malicious purposes. As the internet grew, hackers started posting their hacking software on bulletin boards, and then on shared underground websites.
These were often scripts that automated the attacks using languages such as Pearl, or more recently, Python. Would-be hackers with few skills were then able to download the tools and run them, and this community became known as "script kiddies." As businesses started using attack techniques in a controlled environment to check their own software, the term "white hat" was used to distinguish the authorized testers from the black hat, or unauthorized hacker.
As the internet grew, a number of different types of black hat hacker emerged. Hacking amongst bored teenagers has continued to flourish, but increasingly are script kiddies. Some of the more skilled amongst them have become research hackers, who find bugs and develop their own exploits, often in order to sell them to other black hats on the dark net. Of more concern, many countries now fund state-sponsored hackers, sometimes called cyber warriors, who hack for military or espionage purposes.
Similarly, organized crime has seen the financial gain possible with hacking, and now cyber criminals form one of the biggest groups of hackers targeting industry. State-sponsored hackers and cyber criminals are very skilled and will often deploy zero day exploits, which can punch holes through even the best defended networks. They operate stealthily, they cause immense damage and financial loss, and have created a toxic environment of mistrust and fear on the internet.
As to the white hats, the increase in black hat activity has seen a massive demand for penetration testing, and a demand for a much higher skill level, to match that of the black hats. Some of the more skilled white hat testers have focused on research to find bugs, and to claim bug bounties. As with black hat hackers, the white hat community develops and posts white hat testing tools on the internet. Some of these are commercial tools released onto the internet, often with a community edition with a limited capability, and require a license to be purchased in order to unlock their full potential.
Others are fully functional freeware or shareware tools. In addition to individual tools, there are a number of testing frameworks available, which bring a set of tools together. The best known of these is Kali Linux, a full freeware Linux distribution, which includes over 600 tools, which is often the primary framework used by a pen tester. The start point for a career in penetration testing is to become an ethical hacker. The ethical hacker understands the internet environment, and has a knowledge of the tools used to test systems.
An ethical hacker can run the standard tests, and provide a first level of confidence that a system is secured against a causal attacker. The pen tester has a much higher level of both knowledge and skills, and is able to not only use the tools, but also find the more sophisticated weaknesses in systems. A pen tester will be able to not only detect a security issue, but also demonstrate how it can be exploited. This may be done by modifying an existing exploit, or creating new exploit code.
The pen tester is able to provide confidence that a system can withstand a sustained attack from a skilled attacker. An elite pen tester is someone who has the highest level of skills, and often finds zero day exploits to support his or her pen testing. Elite pen testers are also the community of hackers who create many of the public domain tools used by the white hat community. The Certified Ethical Hacker is a paper-based certification which provides evidence of knowledge, but does not test skills.
It's the basic certification required for someone to start out on a career in system testing. Offensive Security is the organization which provides the Kali framework, and it offers a range of pen testing certifications, which are recognized globally. The benchmark certification for a professional pen tester is the Offensive Security Certified Professional, or OCSP. This is the certification most professional pen testers have, and it demonstrates not only knowledge of pen testing techniques and tools, but also a high level of skill in applying them to an unknown target environment.
For people wanting to focus on wireless, or add wireless testing to their skillset, there's the Offensive Security Wireless Professional Certification. This involves demonstrating the ability to use wireless tools and techniques effectively. The Offensive Security Web Expert, or OSWE, is the specialist certification focused on web applications. Gaining this certificate demonstrates a thorough knowledge of web application vulnerabilities, and how to exploit them.
The Offensive Security Certified Expert, or OSCE, goes beyond the skills and knowledge set required for OSCP, and demonstrates the very highest level of expertise. This involves not just having the knowledge, experience, and training to do pen testing, but an ability to creatively find new ways to penetrate a network. The OSEE Certification is based on the tester's ability to create exploits which penetrate the Windows system, and are able to bypass the most stringent controls.
While we focused on pen testing in this course, this is just one of a number of ways in which cyber defenders can address the threats. An important part of cyber defense is checking for and correcting known vulnerabilities. This can be done for the perimeter with an online service, such as Nessus, and internally with network vulnerability assessment tools, such as Rapid 7's Nexpose. Pen testers run tools and techniques against targets, looking for areas of weakness that the developer hasn't found during testing, and that the vulnerability scanner hasn't detected.
These may be oversights that should've been found, or zero day vulnerabilities that aren't in the signature database. The ultimate pen test is called a red team test, where a team of pen testers are given authority to mount an unannounced attack on the whole network, with the objective of doing everything that an attacker would to find a way to penetrate the network and get to its internal systems. Finally, there's a new approach, and a new breed of professionals, called a cyber hunter, whose job is to do deep monitoring of the network and server environment, looking for indicators that the network has been compromised.
The cyber hunter will use network intrusion detection systems and big data security analytic solutions to find indicators of compromise. Cyber hunting is an emerging discipline, and there are, at this stage, no specialist tools available. This function, and the tools for it, will be a significant area of development over the next decade.
Cybersecurity expert Malcolm Shore reviews popular pen testing tools, as well as the Bash and Python scripting skills required to be able to acquire, modify, and re-use exploit code. He also provides a refresher on Kali Linux and introduces techniques for testing web services. At the end of this course, you'll be prepared to take more advanced training, and to pursue the popular Offensive Security Certified Professional (OSCP) certification.
- Pen testing overview
- Pen testing tools
- Bash scripting
- Python scripting
- Kali and Metasploit
- Web testing
- Finding exploit code