It has been a couple of weeks since I started this blog and already we're almost half way through the term and have completed 6 projects. Now, I'll just explain quickly what penetration testing is for those of you who are unfamiliar with the term. Penetration testing (pen testing) is basically hacking into someone's system or network to find its weaknesses. This is done AT THE REQUEST of the person who owns the system or network! Permission is given and great care must be taken to keep the requesting party completely informed throughout the entire process. A company would much rather have a good guy hack their systems so they can fix their weak points than have a bad guy hack their systems and steal hundreds of credit card numbers.
Anyway, that's the rundown. Suffice it to say that mistakes could lead to an orange jump suit.
Alright, on to the good stuff! Pen testing generally follows these steps:
- Reconnaissance
- Scanning
- Exploitation
- Maintaining access
- Evading detection
There are many tools out there to accomplish each step. We'll see some of those tools in future posts. The next posts will mainly be lists of useful Windows and Linux commands.
Links for this post:
http://en.wikipedia.org/wiki/Penetration_testing
http://www.isecom.org/osstmm/
http://www.hackerhighschool.org/
No comments:
Post a Comment