This is second part of penetration tests. I recommend to you read the first part.
Part 1 Link:
https://www.turkhackteam.org/siber-guvenlik/1908069-sizma-testi-penetrasyon-testi-bolum-1-a.html[/COLOR]
What Did We Learn In First Part ?
Entry to Penetration Test
Using Armitage on Penetration Tests
Advanced Level Techniques on Penetration Tests
BlackBox Pentest
WhiteBox Pentest
GreyBox Pentest
Penetration Test Steps
Planning
Implementing
Reporting
The Importance Of Penetration Tests for Information Security
What Will We Learn Today ?
External Network Security Tests
LAN Penetration Tests
Social Engineering Tests
DDoS Tests
Wireless Network Tests
External Network Security Tests
Companies care their external network securities. They need to care. Otherwise, they come up against with Black Box attacks. There are so many tests for external network security. We'll learn respectively to them.
DNS Tests
There is DNS in all websites. DNS contains personal datas of belong to owner of that website. There are different DNS tests. What are they ?
DNS Subdomain Determining
Zone Transfer Tests
DNS Subdomain Tests
We can call subdomain like assistant of main domain. Usually, big websites use subdomains. Website shows with the aid of subdomains when we click an option. If attackers hack a subdomain, they can place their ads or they can steal datas from subdomain. Penetration test companies make penetration tests to prevent this.
How do they hack to subdomains ? Hackers usually use Subdomain Takeover and XSS attacks while they are hacking the subdomains.
DNS Zone Transfer Tests
This vulnerability occurs by a code mistage or configuration error while DNS Zone transfer.
E-Mail Tests
Using e-mails popularities has been increasing in last 20 years. We use e-mails for normal purposes and for work. Their using purposes are different. But their danger size is same. Pentesters checks that spam mails' IP address and check topics of e-mails, and make analys. It needs to attention to understand that e-mails fake or not.
All of the spam e-mails dont reach to us. They go to spam file. If one of them reach to us, don't clickt the them quickly. First, research about that link which is in that e-mails.
There was a fake mail like this to me.
First, check to e-mail name who sent that mail.
First, look at Instagram's formal e-mail account. I can understand this that mail is fake after looking Instagram's formal e-mail. I dont trust to this e-mail. I am logged in my account on Instagram. And I changed my password. If that mails are coming again, they are fake. They can ask this in credit card cases. If we encounter with a case like that, we must to call our bank quickly. Sometimes we don't understand an e-mail fake or not. We should go to a expert in this cases.
Social Engineering Test
Social enginnering is most powerful and common attack type. You can gather informations with deceiving from your target. Social engineering tests are making on people. This tests' purpose is taking precautions to human vulnerabilities. For example;
Let's say we applied to test center. That testers will reach to us about between 1 months - 12 months. They ask personal informations. Maybe you dont remember you applied to them. They still this case until you give any information to them. When you give them any informations, that penetration company sends a text which is contains your vulnerabilities to you. That contains can be different from others. Not all people same.
How Can We Understand We Are In Test ?
It can be little bit hard. If we don't give any informations to him/his there won't be any problem. He/she can be a real attacker who wants to steal your informations.
LAN Penetration Tests
This penetration tests making for taking precautions from WhiteBox attacks. It blocks data stealing by any worker in company.
LAN Penetration Tests;
Database Security Checking Test
Internal Network Scanning
Manuel Vulnerability Scanning.
Database Security Checking Test
Companies store its datas in databases. If someone can hack them, he/she can steal critical datas. Also, a company sometimes can go bankrupt in this cases. They must make tests for blocking these cases. Main Purpose is increase database's securiy level.
Internal Network Scanning
The purpose is blocking network attacks with determining problems in network.
Manuel Vulnerability Scanning.
Manuel vulnerability scanning tests are very common. Because this tests provide so many advantage to us when our test ended. It finds secret mistakes. It says our application is safe or not. It can increase of our applications' safety. So, hackers cant steal our datas easily
DDoS Tests
DDoS attacks close websites temporarily with sending bots to website. Website's infrastructure is very important to block that attacks. Attackers can't give any damage to website which website has a good infrastructure. We should make some tests for find vulnerabilities in our infrastructure.
DDoS test are these;
DDoS and Performance Tests
DDoS Forensics and DDoS Attacking Analyze
DDoS and Performance Tests
A person sets DDoS power, and sends it to be tested website. That power increases 1 per minute. And performance report comes to us. We can see vulnerabilities in our website with this report.
DDoS Forensics and DDoS Attacking Analyze
This tests purpose is find the attacker who attacked to our website. Its for find his/her IP address, country or fake IP address who attacked to our website. Sometimes they cant find. This is cause of their took preventions. These tests are making from cyber security companies with spesific quantities
Wireless Network Tests
Nowadays, wireless network vulnerabilities increased with increase of wireless networks. Big vulnerabilities occured. Most big reasons of them are easy passwords and old modems.
What Will Come True If a Modem Hacked?
Think this, we are in cafe. That cafe has a public network. People connected to it. You connected to it too. If someone hack that modem, your passwords and your datas can be steal. And he/she can attack to your device. Here is there are wireless network tests for blocking them. If you ask how do they do it ? They use some programs (like Aircrack, Wireshark, Wi-Fi CommonView, etc.). They can crack the passwords with Kali Linux tools. Or they dont make that processes. Cafes' and Shopping Malls' Wifis are generally havent got password. Hacker can connect and gather information from them with android tools (Dsploit, INCEPTER NG, etc.).
Source: https://www.turkhackteam.org/siber-guvenlik/1916543-sizma-testi-penetrasyon-testi-bolum-2-final.html
Translator: M3m0ry
Part 1 Link:
https://www.turkhackteam.org/siber-guvenlik/1908069-sizma-testi-penetrasyon-testi-bolum-1-a.html[/COLOR]
What Did We Learn In First Part ?
Entry to Penetration Test
Using Armitage on Penetration Tests
Advanced Level Techniques on Penetration Tests
BlackBox Pentest
WhiteBox Pentest
GreyBox Pentest
Penetration Test Steps
Planning
Implementing
Reporting
The Importance Of Penetration Tests for Information Security
What Will We Learn Today ?
External Network Security Tests
LAN Penetration Tests
Social Engineering Tests
DDoS Tests
Wireless Network Tests
External Network Security Tests
Companies care their external network securities. They need to care. Otherwise, they come up against with Black Box attacks. There are so many tests for external network security. We'll learn respectively to them.
DNS Tests
There is DNS in all websites. DNS contains personal datas of belong to owner of that website. There are different DNS tests. What are they ?
DNS Subdomain Determining
Zone Transfer Tests
DNS Subdomain Tests
We can call subdomain like assistant of main domain. Usually, big websites use subdomains. Website shows with the aid of subdomains when we click an option. If attackers hack a subdomain, they can place their ads or they can steal datas from subdomain. Penetration test companies make penetration tests to prevent this.
How do they hack to subdomains ? Hackers usually use Subdomain Takeover and XSS attacks while they are hacking the subdomains.
DNS Zone Transfer Tests
This vulnerability occurs by a code mistage or configuration error while DNS Zone transfer.
E-Mail Tests
Using e-mails popularities has been increasing in last 20 years. We use e-mails for normal purposes and for work. Their using purposes are different. But their danger size is same. Pentesters checks that spam mails' IP address and check topics of e-mails, and make analys. It needs to attention to understand that e-mails fake or not.
All of the spam e-mails dont reach to us. They go to spam file. If one of them reach to us, don't clickt the them quickly. First, research about that link which is in that e-mails.
There was a fake mail like this to me.
First, check to e-mail name who sent that mail.
First, look at Instagram's formal e-mail account. I can understand this that mail is fake after looking Instagram's formal e-mail. I dont trust to this e-mail. I am logged in my account on Instagram. And I changed my password. If that mails are coming again, they are fake. They can ask this in credit card cases. If we encounter with a case like that, we must to call our bank quickly. Sometimes we don't understand an e-mail fake or not. We should go to a expert in this cases.
Social Engineering Test
Social enginnering is most powerful and common attack type. You can gather informations with deceiving from your target. Social engineering tests are making on people. This tests' purpose is taking precautions to human vulnerabilities. For example;
Let's say we applied to test center. That testers will reach to us about between 1 months - 12 months. They ask personal informations. Maybe you dont remember you applied to them. They still this case until you give any information to them. When you give them any informations, that penetration company sends a text which is contains your vulnerabilities to you. That contains can be different from others. Not all people same.
How Can We Understand We Are In Test ?
It can be little bit hard. If we don't give any informations to him/his there won't be any problem. He/she can be a real attacker who wants to steal your informations.
LAN Penetration Tests
This penetration tests making for taking precautions from WhiteBox attacks. It blocks data stealing by any worker in company.
LAN Penetration Tests;
Database Security Checking Test
Internal Network Scanning
Manuel Vulnerability Scanning.
Database Security Checking Test
Companies store its datas in databases. If someone can hack them, he/she can steal critical datas. Also, a company sometimes can go bankrupt in this cases. They must make tests for blocking these cases. Main Purpose is increase database's securiy level.
Internal Network Scanning
The purpose is blocking network attacks with determining problems in network.
Manuel Vulnerability Scanning.
Manuel vulnerability scanning tests are very common. Because this tests provide so many advantage to us when our test ended. It finds secret mistakes. It says our application is safe or not. It can increase of our applications' safety. So, hackers cant steal our datas easily
DDoS Tests
DDoS attacks close websites temporarily with sending bots to website. Website's infrastructure is very important to block that attacks. Attackers can't give any damage to website which website has a good infrastructure. We should make some tests for find vulnerabilities in our infrastructure.
DDoS test are these;
DDoS and Performance Tests
DDoS Forensics and DDoS Attacking Analyze
DDoS and Performance Tests
A person sets DDoS power, and sends it to be tested website. That power increases 1 per minute. And performance report comes to us. We can see vulnerabilities in our website with this report.
DDoS Forensics and DDoS Attacking Analyze
This tests purpose is find the attacker who attacked to our website. Its for find his/her IP address, country or fake IP address who attacked to our website. Sometimes they cant find. This is cause of their took preventions. These tests are making from cyber security companies with spesific quantities
Wireless Network Tests
Nowadays, wireless network vulnerabilities increased with increase of wireless networks. Big vulnerabilities occured. Most big reasons of them are easy passwords and old modems.
What Will Come True If a Modem Hacked?
Think this, we are in cafe. That cafe has a public network. People connected to it. You connected to it too. If someone hack that modem, your passwords and your datas can be steal. And he/she can attack to your device. Here is there are wireless network tests for blocking them. If you ask how do they do it ? They use some programs (like Aircrack, Wireshark, Wi-Fi CommonView, etc.). They can crack the passwords with Kali Linux tools. Or they dont make that processes. Cafes' and Shopping Malls' Wifis are generally havent got password. Hacker can connect and gather information from them with android tools (Dsploit, INCEPTER NG, etc.).
Source: https://www.turkhackteam.org/siber-guvenlik/1916543-sizma-testi-penetrasyon-testi-bolum-2-final.html
Translator: M3m0ry
Son düzenleme:
