d

Penetration testing: The Complete Documentation

• This category contains 14 Papers
• The last paper was added on 2007-03-26 (YYYY-MM-DD)

Conducting a Penetration Test on an Organization

Published on 2002, by Chan Tuck Wai, ©SANS Institute.

This document is decided to give readers an outlook on how a penetration test can be successfully done on an organization. A methodology has been drawn out in this document to allow readers to be acquainted with the process that penetration testers go through to conduct a penetration test.

Demonstrating ROI for Penetration Testing (Part Two)

Published on 2003-08-04, by Marcia J. Wilson, ©SecurityFocus.

There are two camps when it comes to demonstrating ROI for security initiatives. One camp believes it is absolutely impossible, ridiculous and suggests you should not even try. The other camp believes it is not only possible but important and absolutely necessary. Somewhere in the middle is a plausible methodology for demonstrating ROI for many security initiatives, including penetration testing.

Distributed Metastasis: A Computer Network Penetration Methodology

Published on September 09, 1999, by Andrew J. Stewart, ©Phrack Magazine.

Metastasis refers to the process by which an attacker propagates a computer penetration throughout a computer network. The traditional methodology for Internet computer penetration is sufficiently well understood to define behavior which may be indicative of an attack, e.g. for use within an Intrusion Detection System. A new model of computer penetration: distributed metastasis, increases the possible depth of penetration for an attacker, while minimizing the possibility of detection. Distributed Metastasis is a non-trivial methodology for computer penetration, based on an agent based approach, which points to a requirement for more sophisticated attack detection methods and software to detect highly skilled attackers.

Guidelines for Developing Penetration Rules of Behavior

Published on August 14, 2001, by Nancy Simpson, ©SANS Institute.

Penetration testing has been well popularized by the media. Many companies are now offering penetration services to identify vulnerabilities in systems and the surrounding processes. Several reasons are given for the popularity of penetration testing. One of these is the mystique that has been associated with the hacker image. In some instances, prospective target organizations may be attracted to this type of service more from the perceived value rather than the actual value. After the completion of the penetration test and the hacker mystique dissipates, the target organization will be looking for substantive value from the penetration test such as corrective and improvement solutions. This may include in depth analysis of the penetration techniques with the target organization s information technology experts.

Penetration 101 - Introduction to becoming a Penetration Tester

Published on May 09, 2002, by Dave Burrows, ©SANS Institute.

The purpose of this paper is to give you a brief and basic overview of what to look for when starting out in penetration testing and to build up an internal penetration test kit to aid you in performing both internal and external penetration tests on your company network. To also make you aware of the problems with new network technology like wireless networks, and remote access devices that can circumvent network perimeter security devices like firewalls and IDS. Whilst also showing you the pit falls of security, and the need to check all systems for vulnerabilities and to carry out regular patching and monitoring of all systems within your network. This paper also lists suggested well known security penetration tools for both Linux™ and Windows™ operating systems.

Penetration Studies - A Technical Overview

Published on May 30, 2002, by Timothy Layton, ©SANS Institute.

Jessica Lowery wrote a fantastic paper on penetration testing and it is located in the SANS Reading Room at http://www.sans.org/rr/whitepapers/testing/264.php. The title of the paper is: Penetration Testing: The Third Party Hacker. Jessica s paper did a great job of outlining and defining what penetration tests are and how an organization should view and use them. This paper builds on Jessica s research paper by drilling down on some of the most common tools and applications used to perform penetration tests.

Penetration Testing - Is it right for you?

Published on March 20, 2002, by Jimmy Braden, ©SANS Institute.

The process of performing a penetration test is to verify that new and existing applications, networks and systems are not vulnerable to a security risk that could allow unauthorized access to resources. This paper will review the steps involved in preparing for and performing a penetration test. The intended audience for this paper is project directors or managers who might be considering having a penetration test performed. The process of performing a penetration test is complex. Each company must determine if the process is appropriate for them.

Penetration Testing for Web Applications (Part 1)

Published on June 16, 2003, by Jody Melbourne and David Jorm, ©SecurityFocus.

There is a war going on, did you know that? Everyday there are people using the Internet to declare a war on both individuals and computers. There are two sides to this battle: on the one side is the security professional in the trenches trying to defend, and on the other side, there is the hacker (cracker).

Penetration Testing for Web Applications (Part 2)

Published on July 03, 2003, by Jody Melbourne and David Jorm, ©SecurityFocus.

Our first article in this series covered user interaction with Web applications and explored the various methods of HTTP input that are most commonly utilized by developers. In this second installment we will be expanding upon issues of input validation - how developers routinely, through a lack of proper input sanity and validity checking, expose their back-end systems to server-side code-injection and SQL-injection attacks. We will also investigate the client-side problems associated with poor input-validation such as cross-site scripting attacks.

Penetration Testing for Web Applications (Part 3)

Published on August 20, 2003, by Jody Melbourne and David Jorm, ©SecurityFocus.

In the first installment of this series we introduced the reader to web application security issues and stressed the significance of input validation. In the second installment, several categories of web application vulnerabilities were discussed and methods for locating these vulnerabilities were outlined. In this third and final article we will be investigating session security issues and cookies, buffer overflows and logic flaws, and providing links to further resources for the web application penetration tester.

Penetration Testing IPsec VPNs

Published on 2005-02-09, by Rohyt Belani and K.K. Mookhey, ©SecurityFocus.

As companies expand their presence globally, there arises a need for secure electronic communications between geographically dispersed locations. Virtual private networks (VPNs) provide an economically viable option to address this need. A VPN is a private network that uses the public Internet to either connect remote users to the company\’s internal network or establish a seamless connection between the company\’s physically isolated sites. Since a VPN uses the Internet it must provide security features like encryption and strong authentication to protect the confidentiality of internal company data. Thus there are inherent security concerns when implementing VPNs.

Penetration Testing with dsniff

Published on February 18, 2001, by Christopher R. Russel, ©SANS Institute.

The ability to access the raw packets on a network interface (known as network sniffing), has long been an important tool for system and network administrators. For debugging purposes it is often helpful to look at the network traffic down to the wire level to see exactly what is being transmitted. Dsniff, as the name implies, is a network sniffer - but designed for testing of a different sort. Written by hacker Dug Song, dsniff is a package of utilities that includes code to parse many different application protocols and extract interesting information, such as usernames and passwords, web pages being visited, contents of email, and more. Additionally, it can be used to defeat the normal behaviour of switched networks and cause network traffic from other hosts on the same network segment to be visible, not just traffic involving the host dsniff is running on.

Penetration Testing: The Third Party Hacker

Published on 2006-05-17, by Pieter Danhieux, ©SANS Institute.

Is my organization or infrastructure susceptible to compromise by a malicious attacker, unethical competitor or foreign government? Both security consulting companies and Big Four audit companies have been trying to answer this question by offering penetration testing services to their clients in the last decades. This kind of specialized testing is a method for evaluating the security of an organization’s information systems by simulating an attack. Its objective is to probe and identify security weaknesses in information systems, such as an online banking application, the supporting network infrastructure, or even the physical premises of an organization. Companies expect thirdparty organizations that perform penetration testing to be truthful with them, but this has proven not to be the case in many instances. This paper is intended to help managers decide on a penetration testing firm by providing them with some essential points of attention and critical questions to ask the prospective service providers.

Remote Network Penetration via NetBios Hack/Hacking

Published on 2006-09-01, by Darknet, ©Darknet.

These are basic techniques but very useful when penetration testing any Windows based network, the techniques were discovered on WinNT but are still very valid on Windows2000 and in some cases Windows2003 due to backwards compatibility.

This article is being written in a procedural manner. I have approached it much like an intruder would actually approach a network penetration. Most of the techniques discussed in this text are rather easy to accomplish once one understands how and why something is being done.