The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including 312-50v10: Certified Ethical Hacker v10 Exam Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.

Ethical Hacking Overview

10. Types of PenTests

The types of penetration testing will be discussed in the following lecture. Now we're going to start off with the various terms. So let's start off with a black box test. A black box test is going to assume you know nothing about the organization. A lot of times I'm given a black-box test to do. And then, once I've gathered as much information as possible about that particular organisation and its functionality and all of that type of stuff that I can glean from them without them actually telling me themselves, I go ahead and compare my notes with them to what they would have given me in a white box test. in a white box test, where it provides the testers with complete knowledge of the infrastructure. You could think of it as providing you with the viz, diagrams, source code, IP, and addressing information. Basically, it's a completely open book. You still have to try to break in, but it's much easier to do now. And then the grape box test is somewhere in between. So, to summarise in a nutshell, a black box penetration test versus a white box penetration test. One of the common questions we get from our clients is about what the differences are. Whitebox testing, also known as "clearbox testing" or "glass box testing," is a penetration testing approach that uses the knowledge of the internals of the target system to elaborate the test cases. In application penetration tests, the source code is frequently provided alongside the design information, interviews with developers and analysts, basically anything that we want to know, we're basically given that information in infrastructure, penetration tests, network maps, infrastructure details, and the like. The goal of the white box penetration test is to provide as much information as possible to the penetration tester so that he or she can gain insight and understanding of the system and elaborate the test based on it. Now, the white box penetration test obviously has some clear benefits and provides us with deep and thorough testing. It also maximises the testing time. Generally, when you're doing a pen test, they like to break the pen test into five-day segments. Now, that's not always the case, but it just seems like that's about what it is. You're usually given about five days to complete the onsite portion of the penetration test. The faster that you need to go generally ishow much more resources you have to do it. So in other words, you need to bring more people to do the pen test because having one person do the pen test is just not going to be realistic or be able to cover all the things that may need to get done in five days or in a week. Sometimes the pen tests, if it's a red team pen test, meaning we're going to test everything, may take us two weeks. It just depends on the size of the organization. So there are also some disadvantages to doing a white test. It's not really a realistic attack as the penetration tester is not in the same position as a non-informed potential attacker. A black box penetration test requires no previous information and usually takes on the approach of an uninformed attacker. In a black box penetration test, the penetration tester has no previous information about the target system. So the benefits of this type of attack are that it simulates a very realistic scenario. The disadvantage of the black box penetrationtest, of course, is testing time can'tbe maximised in certain situations. Some areas of the infrastructure might have to go untested. When commissioning a penetration test, there's not really any right or wrong decision about whether you use a black box or a white box, or possibly even a grey box, which is kind of something in between. It really depends on the scenario that needs to be tested. Now, consider whether the penetration testing will be an internal test, which basically means we'll consider it to be inside the perimeter of security of a company, and you'll notice I didn't say inside the company. With the advent of the cloud, your resources may be all over the map, so they would need to fall inside of it. An external penetration test is considered to be outside of that perimeter of security. An external penetration test can generally be done from anywhere. For an internal penetration test, you either need to have equipment that is shipped to them, or we have something called an "unannounced pen test." This is going to be able to test the response capabilities of the organization.

11. Types of Hackers

In this lecture, we're going to talkabout the different types of hackers.Now, of course, the one you probably heard aboutmost often is someone called the black hat hacker.They're regarded as evil underground villainous.They're the individual that is definitely going to do whateverit takes to get into your network to break in.They don't care how much damage it may do.We also have something called the gray hat hacker.And this is kind of in betweenthe black hat and the white hat.Maybe someone who sometimes acts foroffensive purposes, maybe sometimes in goodwill,sometimes for defensive purposes.I've been told that these individuals may havebeen black hat at one time and nowdoing things on the good side.And some people may refer to that as a gray hat hacker.Kevin Mitnick may be a great example of thisbecause he spent a number of years in prisonfor the black hat things that he has done.But now he typically works with the FBI and the FBI.Maybe they trust him, maybe they don't.Now, here's a bit of trivia for you.Where do you think the term blackhat and white hat actually came from?Now, if you've guessed that the white hatcame from the old Western movies, wearing thewhite hat was the good guy.The guy wearing the black hat was alwaysthe bad guy, whether you guessed correctly, becausethat's exactly where it came from.

12. Common Definitions

In this lecture, let's cover just a few common definitions and terms. The black-hat hacker is frequently referred to as a cracker. Now, this can actually be a derogatory term in some cultures, but it actually stands for a criminal hacker. Hence the term cracker. The hacker in reality is someone whois just interested in how things work. Hollywood has actually made the term hacker somethingthat seems to be villainous or underground. Hacktivism means hacking for a cause. They actually want something to be brought out. A good case in point here are the anonymous folks. Now, a lot of times during the course, you'll hear me use the term "attacker." This simply states that anyone attempting to break in may be a pen tester or a cracker. It's basically an all-encompassing word to mean either one or both. Another thing you'll typically see is the rationale. The penetration test should be carried out on any computer system that is to be deployed into a hostile environment. For example, in the DMZ or on the Internet. In most pentest courses, in most security courses,you'll often see them quote the book fromThe Sun The Art of War. One of the things he's famous for stating is that if you know the enemy and you know yourself, you need not fear the result of 100 battles. Basically it's saying that you have to think likea hacker in order to catch a hacker.

13. Hacker vs. Penetration Tester

Now in this lecture, we're going to actually compare the hacker to the penetration tester. On our left side of our column, you can see that the hacker has all these attributes, and the Pentagon also has its version of these attributes. So let's compare the two. The hacker has absolutely, absolutely no code of ethics whatsoever. He can do anything without regard to what kind of information you may lose or what kind of overtime this may cost you anything.It doesn't make any difference to the hacker. They're not interested in what kind of things this may cause you to do. The penetration tester has to follow a strict code of ethics. He also has a certain scope of work that he must fall inside of.And sometimes this can lead you into a little trouble because the scope of the work will actually become narrower and narrower. So I may be told that, okay, you can only test from five in the evening to seven in the evening because we have to start our backups right after that. They're not going to finish until the morning. And sometimes, due to this window of opportunity, it's almost unrealistic to do your penetration test. So sometimes it gets to be very difficult to do that. Now the next one is a hacker, completely unauthorised, whereas with a penetration tester, you have to have signed authorization in order to be able to do the things that you're doing. Otherwise, it's absolutely illegal. The hacker can typically try any technique without regard to what's going to happen. You're the penetration tester; you've got that scope of work, and if it's within that scope, you can do it. If it's not within scope, unfortunately, you can't. A hacker tries to circumvent any type of logging or the penetration tester. You've got to log all of your activity. every single thing that you do. Myself, what I typically do is start recording, and I can't tell you how many times this has bailed me out. Because the first thing that happens is that whenever you go in to do a penetration test, you're going to get blamed for every single thing that goes wrong in that organisation that week. I don't care what it is. One time we got blamed for the coffee pot not working, and I just threw out my hands. Gotta give up. People typically want to blame what they don't understand. give you an example. Let's say you brought your car into the shop to have the brakes fixed. The very next day, the muffler falls off. More than likely you're going to bring it back to the shop and say, "What the heck did you do to my muffler?" And it's possible they may have done something to it; that's not necessarily exactly what happened. So you're going to get the blame for a lot of things. And if you have some way of being able to prove this is exactly what I've done, you're going to be in a lot better shape. I've known some penetration testers who have actually had to pay out a claim because the person that they pentested actually believed they did this amount of damage, when in reality they didn't do it at all. It was easier for them to pay out for the damage than it was for them to admit it. The hacker has no report at all. And I tell you, that's the best thing, because doing the pen test and going in and trying to find the vulnerabilities can be kind of fun. But boy, I tell you what, providing that detailed report is not fun at all. And the report needs to be substantial as well. If I were to go in with one sheet of paper and turn it into the company and say, "Your network really stinks; pay me," they're probably not going to feel they got a fair shake on it. So if the penetration test costs $25,000, for example, and I provided you with a one-page report of how I got in there, and it feels just a little bit shortchanged, you need to beef up that report. You need to have a number of things that are going to provide them with what they need. Now, the hacker also attempts to exploit vulnerabilities where the penetration tester attempts to correct the vulnerabilities. And you'll notice I put a little star up here because if you're following the OSSTMM model from Peter Herzog, he basically states that you should not correct any vulnerabilities. As a matter of fact, you can list the vulnerabilities, and you can explain to them how to fix them, but you really shouldn't be the one fixing them. The reason for that is that you could actually do a whole lot of work for yourself. Now I'm going to tell you what the OSS TMM model or methodology actually says, but I'm then going to tell you there's a number of places that do high-level pen testing that actually tell you up front, and we're going to try and sell you our solutions to correct some of these vulnerabilities. Now, as long as they do it upfront and you know exactly what they're doing, I guess you could give them a pass on that. but according to the OSS TM, you're not supposed to. So you can take that however you want to. So the hacker is considered to be the naturally bad guy. Well, the penetration tester is typically considered to be the good guy.

14. Penetration Testing Terminology

Now in this lecture, let's go ahead and give you a few more penetration testing terms that you're going to need to be aware of. As you can imagine, these are items that you'll often find on the exam, and so I really want to cover them. The purpose of the course, if you remember, is to provide you with as much information as you need to be able to take and pass your test. And hopefully you're going to be able to pick up quite a bit of good information along the way as well. So the term "tailgating" means that we follow an individual through a secured opening. This happens all the time when someone tailgates someone else into a building. They used their ID to open the front door, and they just walked right behind them. The term "unannounced pen test" is typically used when we want to test the response capabilities of an organization. We want to see if they are actually going to pick up some of the things that we're doing. Theoretically, the monitoring software should be catching this, and they should be on alert. If they're not, we really need to go back and take a better look at the monitoring capability of the organization. So this is typically used as a mechanism to determine how good they are and how readily they are available to meet these goals and see if the team is actually on its toes. The next term is the payment card industry, or PCI. Sometimes you'll hear it referred to as PCI DSS. Now this is the international organisation that regulates billions of transactions daily and provides security guidelines to protect personally identifiable information. This is known as PII. Personally identifiable information is the information that can identify you as an individual and can be used to steal your identity. A lot of the controls are used as a baseline to prevent low-level hackers. And our low-level hackers, if you remember, are script kiddies" who are causing a data breach. They want a higher threshold because the payment card industry loses billions of dollars every year from fraud. And most of the time they're giving you the assurance that, hey, if somebody steals your credit card and uses it without your knowing about it, we'll go ahead and take the hit. You don't have to. And that cost them quite a bit of money, and they don't want everything to come crashing back on their neck.They just now have the term "likelihood versus threat," where the likelihood is the probability that the threat source will exploit a vulnerability. In other words, if we knew we had a vulnerability, but to get to it, we had to go through all of these elaborate defence techniques. The likelihood of that happening is very, very remote. And then finally, we have HIPAA. And HIPAA stands for the Health Insurance Portability and Accountability Act. This is for our medical records that we want to keep private.