CHAPTER 8

Penetration Testing

Gaining unauthorized system access, controlling systems without authorization, and exfiltrating data are inherently illegal in most jurisdictions. These crimes are analogous to burglary and robbery. Security testing is a professional service that sometimes mimics malicious attackers (also called white hat hacking), in particular during penetration testing (also called pen testing).

To protect yourself from legal consequences as you test systems, you must have clear authorization to conduct testing—a legal agreement, called Rules of Engagement (ROE), signed by you (the tester) and the client executives. Lawyers for both organizations should be involved. If test packets traverse other networks in other countries, you must consider the laws of all jurisdictions traversed.

In Chapter 7 I cover reconnaissance, network/port scanning, policy scanning, fingerprinting, and vulnerability probes. I continue to cover the phases of ethical hacking in this chapter continuing with network penetration, World Wide Web attacks, database attacks, user enumeration, password cracking, and privilege escalation. The final malicious phases are rarely conducted as part of pen testing, but they are very commonplace in the wilds of the Internet; these phases include back doors, rootkits, exfiltration, and abuse. To start, you need an understanding of the types of cyber attacks.

Forms of Cyber Attacks

Cyber-attack techniques are widely discussed and defined on the Internet, with ...