Samer Aoudi
Samer
Coming Soon...

High-value penetration testing involves modeling the techniques used by real-world computer attackers to find vulnerabilities, and, under controlled circumstances, to exploit those flaws in a professional, safe manner according to a carefully designed scope and rules of engagement. This process helps to determine business risk and potential impact of attacks, all with the goal of helping the organization improve its security stance. (Source: SANS)

The Pentest Wizard (PW) is a free educational tool that can help you as penetration tester by following a simple step-step guide to perform the test, and generate a professional pentest report.

Always make sure you have explicit written permission to perform any security test, and you exploit detected vulnerabilities in a controlled environment.

Start New Pentest »
Penetration Testing 101
The Methodology

A Penetration Test (Pentest) is security test whereby the tester attempts to exploit existing weaknesses (i.e. simulate an attack) A pentest can be performed on networks, applications (Web; Mobile; etc.), physical resources, and people. Penetration testing involves two main teams:
Blue Team
Red Team

There are many Pentest Methodologies out there. While the details might differ, in essence they all do the same thing:
  1. Planning and Preparation (Pre-Engagement)
  2. Information Gathering and Analysis (Reconnaissance)
  3. Vulnerability Detection
  4. Penetration Attempt
  5. Analysis and Reporting
  6. Cleaning Up
Planning and Preparation
In this Pre-Engagement phase, you kickoff meetings with your client in order to define the objectives and scope of the test (what's included and what's not included). An objective may be to demonstrate exploitable vulnerabilities. You must agree on detailed Rules of Engagement (ROE) that may include: timing and duration; whether to inform staff or not; date; time of the day; etc.
Always ensure you have written permission
Information Gathering and Analysis
Once you've obtained all the required permissions, and the RoE have been clearly defined, you set out to discover as much information about the target, as possible. This is called Reconnaissance. This entire phase may not bbe required if you are performing a Clear-Box pentest (i.e., you are already given all the information).
Vulnerability Detection
When you have enough information about your target, you must determine whether or not vulnerabilities exist. You can scan the target networks and attempt to extract the information you will need for the attack. Examples: Port scanning, network mapping, vulnerability scanning, etc.
Penetration Attempt
Information you collected from previous steps (e.g., user accounts, IP addresses, running services, etc.) can be used to perform different attacks (AKA Exploitation). Examples: DoS, password cracking, system access, etc.
Analysis and Reporting
Since the ultimate goal of penetration testing is to highlight system weaknesses for better security, the red team must analyze the findings and report the following:
  • Successful exploits
  • Information gathered about the system
  • Vulnerabilities found
  • Fix recommendations
Cleaning Up
Penetration testers must clean up all unwanted changes that resulted from their tests. Always keep a list of what you have done. You may need to do backups before you start, and restores when done. Example: remove accounts created for testing.
© Samer Aoudi 2005-2022