1
00:00:00,450 --> 00:00:04,470
‫A penetration test briefly consists of five phases.

2
00:00:05,610 --> 00:00:06,570
‫Reconnaissance.

3
00:00:07,170 --> 00:00:12,150
‫Now that's the act of gathering preliminary data or intelligence on your target.

4
00:00:12,960 --> 00:00:16,620
‫The data is gathered in order to better plan for your attack.

5
00:00:18,180 --> 00:00:25,320
‫The phase of scanning requires the application of technical tools to gather further intelligence on

6
00:00:25,320 --> 00:00:25,890
‫your target.

7
00:00:26,370 --> 00:00:31,950
‫But in this case, the intel being sought is more commonly about the systems that they have in place.

8
00:00:32,640 --> 00:00:37,050
‫A good example would be the use of a vulnerability scanner on a target network.

9
00:00:38,570 --> 00:00:39,770
‫Exploitation.

10
00:00:40,810 --> 00:00:48,910
‫That's the phase that's also known as gaining access, it requires taking control of one or more network

11
00:00:48,910 --> 00:00:56,800
‫devices in order to either extract data from the target or who use that device to then launch attacks

12
00:00:56,800 --> 00:00:58,030
‫on other targets.

13
00:00:59,360 --> 00:01:06,560
‫The purpose of the post exploitation phase is to determine the value of the machine compromised and

14
00:01:06,560 --> 00:01:09,290
‫to maintain control of the machine for later use.

15
00:01:11,110 --> 00:01:16,600
‫The value of the machine is determined by the sensitivity of the data stored on it and the machine's

16
00:01:16,600 --> 00:01:19,600
‫usefulness and further compromising the network.

17
00:01:21,010 --> 00:01:28,120
‫Now covering tracks simply means that the attacker must take steps necessary to remove all semblance

18
00:01:28,150 --> 00:01:28,960
‫of detection.

19
00:01:29,830 --> 00:01:36,640
‫Any changes that were made, authorizations that were escalated, et cetera, all must return to a state

20
00:01:36,640 --> 00:01:41,050
‫of non-recognition by the host networks administrators.

21
00:01:42,200 --> 00:01:46,730
‫Reporting is the proof of your actions performed during the pen test.

22
00:01:47,180 --> 00:01:52,550
‫It's where you're going to report the findings and share recommendations to remediate the vulnerabilities

23
00:01:52,550 --> 00:01:53,360
‫and weaknesses.

24
00:01:55,420 --> 00:01:58,110
‫So let's have a look at these phases in detail.

25
00:01:59,460 --> 00:02:00,420
‫Reconnaissance.

26
00:02:01,950 --> 00:02:06,570
‫As you already know, it's the act of gathering preliminary data or intelligence on your target.

27
00:02:07,230 --> 00:02:10,410
‫The data is gathered in order to better plan for your attack.

28
00:02:11,960 --> 00:02:16,940
‫The success of the pen test depends on the accuracy of your reconnaissance.

29
00:02:18,590 --> 00:02:24,950
‫A pen tester works on gathering as much intelligence on the client organization and the potential targets

30
00:02:24,950 --> 00:02:26,690
‫for exploit as possible.

31
00:02:28,130 --> 00:02:31,460
‫We can classify the scanning activities into two main parts.

32
00:02:32,970 --> 00:02:39,750
‫Network skin is used to discover devices such as end user computers, servers and peripherals that exist

33
00:02:39,750 --> 00:02:40,410
‫on a network.

34
00:02:41,590 --> 00:02:48,160
‫Results can include details of the discovered devices, including IP addresses, device names, operating

35
00:02:48,160 --> 00:02:51,040
‫systems, running applications and services.

36
00:02:51,310 --> 00:02:54,160
‫Open shares, usernames and groups.

37
00:02:55,090 --> 00:03:03,070
‫Since we gather information about the network and system, this process is often related to the reconnaissance

38
00:03:03,070 --> 00:03:04,000
‫phase as well.

39
00:03:05,590 --> 00:03:12,610
‫A vulnerability scan detects and classify system weaknesses in computers, networks and communications

40
00:03:12,610 --> 00:03:16,630
‫equipment and predicts the effectiveness of countermeasures.

41
00:03:17,620 --> 00:03:24,490
‫Now, since there are thousands of different systems and services, we should perform thousands of analyses

42
00:03:24,490 --> 00:03:31,210
‫to understand whether or not a service has vulnerabilities and the vulnerability scanners are used to

43
00:03:31,210 --> 00:03:34,870
‫automate this process makes your job a whole lot easier.

44
00:03:36,480 --> 00:03:37,620
‫Exploitation.

45
00:03:38,600 --> 00:03:45,260
‫That's the phase that requires taking control of one or more network devices in order to either extract

46
00:03:45,260 --> 00:03:50,690
‫data from the target or to use that device to then launch attacks on other targets.

47
00:03:52,230 --> 00:03:59,050
‫The purpose of the post exploitation phase is to determine the value of the machine compromised and

48
00:03:59,050 --> 00:04:01,560
‫to maintain control of the machine for later use.

49
00:04:02,430 --> 00:04:07,980
‫The value of the machine is determined by the sensitivity of the data stored on it and the machine's

50
00:04:07,980 --> 00:04:11,130
‫usefulness in further compromising the network.

51
00:04:12,030 --> 00:04:13,440
‫Now I've got your attention.

52
00:04:15,360 --> 00:04:19,500
‫The final phase before reporting is covering your tracks.

53
00:04:21,450 --> 00:04:24,420
‫It's basically returning everything to the initial state.

54
00:04:25,860 --> 00:04:27,690
‫The state before the pen test.

55
00:04:28,980 --> 00:04:35,130
‫Now, since you have limited time to perform the pen test, you might ask the system owner to define

56
00:04:35,130 --> 00:04:37,830
‫some privileges and exceptions for you.

57
00:04:38,580 --> 00:04:44,840
‫If so, you should remind them to remove these exceptions at the end of the pen test.

58
00:04:46,100 --> 00:04:51,800
‫And in addition, you will probably make a lot of changes during the pen test, such as adding a new

59
00:04:51,800 --> 00:04:58,130
‫user to the domain admin group or create a backdoor into a compromised system for later use.

60
00:04:58,700 --> 00:05:04,160
‫It's very important to remove all these changes at the end of the pen test.

61
00:05:04,340 --> 00:05:11,210
‫Otherwise, the Black Hat hackers can compromise the systems using these modifications.

62
00:05:12,180 --> 00:05:14,910
‫The report is the fruit of the pen test.

63
00:05:15,630 --> 00:05:22,260
‫It's the outcome of the actions you performed threw out the pen test pen test report typically consists

64
00:05:22,260 --> 00:05:25,140
‫of the following sections An introduction.

65
00:05:26,060 --> 00:05:29,210
‫What's the purpose, the scope and the duration of the test?

66
00:05:30,570 --> 00:05:36,830
‫A management summary, the screenshot of the IT system to show how vulnerable it is.

67
00:05:38,270 --> 00:05:45,680
‫The findings section that lists all of the vulnerabilities found during the pen test and the recommendations

68
00:05:45,680 --> 00:05:50,330
‫section includes just how the owner can harden the system.

69
00:05:51,630 --> 00:05:56,790
‫That was obviously the findings is going to be the most important section of the Penn test report,

70
00:05:56,790 --> 00:05:57,870
‫especially to the owner.

71
00:05:59,060 --> 00:06:05,450
‫The system owner will see the weaknesses here and remediate them according to your recommendations,

72
00:06:05,990 --> 00:06:09,680
‫so you should give at least the following details about the findings.

73
00:06:10,490 --> 00:06:14,630
‫A short name of the vulnerability to give brief information about it.

74
00:06:15,920 --> 00:06:23,600
‫The severity level of the vulnerability that will help the system owner to triage the remediation process.

75
00:06:24,990 --> 00:06:30,900
‫The list of vulnerable assets, which assets in particular have this vulnerability?

76
00:06:32,170 --> 00:06:36,910
‫A detailed explanation of the vulnerability to show the possible consequences.

77
00:06:38,160 --> 00:06:41,550
‫A brief summary of how you identified the vulnerability.

78
00:06:42,430 --> 00:06:45,610
‫And support this section with screenshots wherever possible.

79
00:06:46,890 --> 00:06:51,840
‫Recommendations to remediate or at least mitigate the vulnerability.

80
00:06:53,330 --> 00:06:59,390
‫And finally, share the references about the vulnerability to let the system owner find out more about

81
00:06:59,390 --> 00:06:59,510
‫it.