projects & research / minor_pentest-methodology
user photo

Pentest Methodology

Published on
minor cyber body of knowledge · 6 min read
Duration: 1 whole day

pen-testing methodologies & practices

A penetration test is an attack that is used to assess the security of an information system in order to uncover system weaknesses and offer security fixes.

The goals of penetration testing and vulnerability testing are different. Automatic scanners are used in vulnerability testing to quickly discover the most frequent flaws. Penetration testing takes things a step further. It entails looking for logical faults that aren't detectable by automated methods, as well as a phase of manual exploitation of the discovered vulnerabilities. It's a more comprehensive and tried-and-true security audit process that allows you to assess the true effect of any flaw.

Black box, grey box, and white box penetration testing are examples of penetration tests. Grey-box testing target regions accessible only to customers, partners, or employees of an organization, whereas black-box tests target the attack surface open to any external attacker. The white box audit, on the other hand, allows you to assess the level of security by having the same level of access as a system administrator.

A security audit report, which contains the found vulnerabilities, defined by criticality level, as well as technical recommendations for remedy, is the deliverable sent out after a penetration test. A non-technical summary of the report can also be delivered for presentation to the management committee or partners.

Phases

A penetration test is built on a cyclic four-phase methodology: reconnaissance, mapping, discovery, and exploitation.

Recon

The recon step entails looking for open-source information on the security audit's objective. IP addresses, domain and sub-domain names, types and versions of technologies utilized, technical information disclosed on forums or social networks, data leaks, and other information that could be valuable to an attacker is gathered.

Mapping

The mapping phase allows you to list all of the audit target's functions. This stage allows pentesters to have a better view of the most important and vulnerable elements. When the goal of the security audit is to test all of a target's functionalities, this stage is especially important.

Discovery

The discovery phase is similar to the attack phase in that pentesters hunt for vulnerabilities manually and with the use of automated technologies. The goal is to find as many vulnerabilities on the target as possible.

Exploitation

The exploitation phase consists in testing possible exploitations of the flaws identified in the previous phase. This step allows using certain flaws as “pivots”, in order to discover new vulnerabilities. The exploitation of security vulnerabilities allows evaluating their real impact and thus their criticality level.

subsequent steps (post exploitation)

As the name implies, post exploitation refers to the phases of operation that occur after an attacker has compromised a victim's system. The value of the compromised system is determined by the actual data stored in it and how an attacker may use it for malicious purposes. The concept of post-exploitation arose solely as a result of how you can use the information from the victim's compromised system. This phase is responsible for gathering sensitive information, documenting it, and having a general understanding of the configuration settings, network interfaces, and other communication channels. These could be used by the attacker to maintain persistent access to the system.

  • Cleaning tracks and staying undetected
  • Collecting system information and data
  • Setting up backdooring and rootkits
  • Privilege escalation (full admin rights)

Standard methodologies

Depending on which standards and procedures are used, penetration tests and security audits might produce quite diverse findings. Companies that need to secure their systems and solve their cybersecurity vulnerabilities should use updated penetration testing standards and methodology.

Here are five approaches and criteria for penetration testing that can ensure a return on your investment:

OSSTMM

The OSSTMM framework, one of the industry's most widely accepted standards, provides a scientific methodology for network penetration testing and vulnerability assessment. This framework includes a comprehensive guide for testers to use when identifying security vulnerabilities in a network (and its components) from various potential attack angles. This methodology is based on the tester's extensive knowledge and experience, as well as human intelligence, to interpret identified vulnerabilities and their potential impact on the network.

OWASP

The Open Web Application Security Project (OWASP) is the industry standard for all aspects of application security. This methodology, backed by a very knowledgeable community that stays up to date on the latest technologies, has assisted countless organizations in reducing application vulnerabilities. Methodology of OWASP

This framework provides a methodology for application penetration testing that can identify not only common vulnerabilities in web and mobile applications, but also complex logic flaws caused by unsafe development practices. The updated guide provides comprehensive guidelines for each penetration testing method, with over 66 controls to assess in total, allowing testers to identify vulnerabilities in a wide range of functionalities found in today's modern applications.

NIST

NIST, in contrast to other information security manuals, provides more specific guidelines for penetration testers to follow. The National Institute of Standards and Technology (NIST) provides a manual that is best suited to improving an organization's overall Cybersecurity. The most recent version, 1.1, emphasizes Critical Infrastructure Cybersecurity. Compliance with the NIST framework is frequently a regulatory requirement for a variety of American providers and business partners.

With this framework, NIST aimed to ensure information security in a variety of industries, including banking, communications, and energy. Large and small businesses alike can tailor the standards to their specific requirements.

PTES

The PTES Framework (Penetration Testing Methodologies and Standards) highlights the best approach for structuring a penetration test. This standard guides testers through the various stages of a penetration test, such as initial communication, information gathering, and threat modeling.

ISSAF

The ISSAF standard (Information System Security Assessment Framework) takes a more structured and specialized approach to penetration testing than the previous standard. If your organization's unique situation necessitates an advanced methodology that is completely tailored to its context, then this manual should be useful for the specialists in charge of your penetration test.

Sources:

Thank you for reading this topic about Pentest Methodology I hope it was interesting any feedback is always welcome. Hope to see you in the next topic,
Byee! 👋🍺

TL;DR Pentest Methodology. Phases and frameworks used during pen-tests.