Pen testing overview - Linux Tutorial

- [Presenter] Over the last decade, testing computer systems for vulnerabilities has become a necessary part of any deployment. Traditionally, the software development lifecycle included testing as the final stage prior to going live and used testing methods based on developing test cases to confirm the software was functionally correct, i.e. it produced the correct result. While this was all very well for software through to the 1990s, the advent of the internet and online services provided a rich environment for hackers to find flaws in software. Often, these flaws exploited and expected inputs such as maliciously crafted packets and used unexpected techniques such as command injection. The typical hacker was a bored teenager with a computer and a modem and plenty of spare time. These attacks demonstrated the limitations of testing by thinking like a developer and began the age of testing by thinking like an attacker. In other words, don't just run a set of test cases. Also use your imagination and try to think of different ways to penetrate your target. Pen testing, as this approach to testing is now known, has become a recognized testing approach and a popular career choice. The name hacker was originally used to describe someone who was very skilled at modifying computer software in order to make it perform exceptionally well. Over the years, the term has been increasingly used to describe someone who has the same level of skills, but uses them for annoying or malicious purposes. As the internet grew, hackers started posting their hacking software on bulletin boards and then on shared underground websites. These were often scripts which automated the attacks using languages such as Pearl, or more recently, Python, would be hackers with few skills were enabled to download the tools and run them, and this community became known as script kiddies. As businesses started using attack techniques in a controlled environment to check their own software, the term white hat was used to distinguish the authorized testers from the black hat or unauthorized hacker. As the internet grew, a number of different types of black hat hackers emerged. Hacking amongst bored teenagers has continued to flourish, but increasingly as script kiddies. Some of the more skilled amongst them have become research hackers who find bugs and develop their own exploits. Often in order to sell them to other black hats on the dark net. Of more concern, many countries now from state-sponsored hackers sometimes called cyber warriors, who hack for military or espionage purposes. Similarly organized crime has seen the financial game possible with hacking, and now cyber criminals form one of the biggest groups of hackers targeting industry. State-sponsored hackers and cyber criminals are very skilled and will often deploy zero day exploits, which can punch holes through even the best defended networks. They operate stealthily. They cause immense damage and financial loss and have created a toxic environment of mistrust and fear on the internet. As to the white hats, the increase in black hat activity has seen a massive demand for penetration testing and a demand for a much higher skill level to match that of the black hats. Some of the more skilled white hat testers have focused on research to find bugs and to claim bug bounties. As with black hat hackers, the white hat community develops some post white hat testing tools on the internet. Some of these are commercial tools released onto the internet often with a community addition, with a limited capability and require a license to be purchased in order to unlock their full potential. Others are fully functional freeware or shareware tools. In addition to individual tools, there are a number of testing frameworks available which bring a set of tools together. The best known of these is Kali Linux, a full freeware Linux distribution, which includes over 600 tools, which is often the primary framework used by a pen tester. The start point for a career in penetration testing is to become an ethical hacker. The ethical hacker understands the internet environment and has a knowledge of the tools used to test systems. An ethical hacker can run the standard tests and provide a first level of confidence that a system is secured against a casual attacker. The pen tester has a much higher level of both knowledge and skills and is able to not only use the tools, but also find the more sophisticated weaknesses in systems. A pen tester will be able to not only detect a security issue, but also demonstrate how it can be exploited. This may be done by modifying an existing exploit or creating new exploit code. A pen tester is able to provide confidence that a system can withstand a sustained attack from a skilled attacker. An elite pen tester is someone who has the highest level of skills and often finds zero day exploits to support his or her pen testing. Elite pen testers are also the community of hackers who create many of the public domain tools used by the white hat community. Certified Ethical Hacker is the foundational certification for ethical hacking or pen testing. Well, it used to be a paper-based certification. It now involves fully fledged hands-on training. It's the basic certification required for someone to start out on a career in system testing. Offensive security is the organization which provides the Kali framework. And it offers a range of pen testing certifications, which are recognized globally. The benchmark certification for a professional pen tester is the PEN 200 Offensive Security Certified Professional, or OSCP. This is the certification most professional pen testers have, and it demonstrates not only knowledge of pen testing techniques and tools, but also a high level of skill in applying them to an unknown target environment. While we're focused on pen testing in this course, this is just one of a number of ways in which cyber defenders can address the threats. An important part of cyber defense is checking for and correcting known vulnerabilities. This can be done for the perimeter with an online service such as Nessus and internally with network vulnerability assessment tools such as Rapid 7 and Expos. Pen testers run tools and techniques against targets looking for areas of weakness that the developer hasn't found during testing and that the vulnerability scanner hasn't detected. These may be oversights that should have been found or zero day vulnerabilities that aren't in the signature database. The ultimate pen test is called a red team test, where a team of pen testers are given authority to mount an unannounced attack on the whole network with the objective of doing everything that an attacker would to find a way to penetrate the network and get to its internal systems. Finally, there's a new approach and a new breed of professional called a cyber hunter whose job is to do deep monitoring of the network and server environment, looking for indicators that the network has been compromised. The cyber hunter will use network intrusion detection systems and big data security analytic solutions to find indicators of compromise. Cyber hunting is an emerging discipline and there are, at this stage, no specialist tools available. This function and the tools for it will be a significant area of development over the next decade.