Measure the test taker's knowledge about the security vulnerability penetration test method in the detection system.

1 Definition

The penetration test (penetration test) does not have a standard definition. Some foreign security organizations have agreed that penetration testing simulates malicious hacker attacks, to evaluate the security of computer network systems. This process includes proactive analysis of any system vulnerabilities, technical defects, or vulnerabilities. This analysis is performed from a possible location where an attacker may exist, and take the initiative to take advantage of security vulnerabilities from this location.

We believe that penetration testing has two notable features: penetration testing is a gradual and progressive process. Penetration testing is a test conducted by selecting an attack method that does not affect the normal operation of the business system.

2 penetration testing is one of the security evaluation methods

Security Evaluation usually includes tool evaluation, manual evaluation, consultant interview, questionnaire survey, application evaluation, management evaluation, network architecture evaluation, penetration testing, etc.

The difference between penetration testing and other evaluation methods: Generally, the evaluation method is to identify all relevant security problems based on known information assets or other evaluated objects. Penetration Testing detects whether there are corresponding information assets based on known security vulnerabilities. Generally, the evaluation method is more comprehensive, and penetration testing focuses more on the severity of security vulnerabilities.

On the one hand, penetration testing can test whether the security protection measures of the business system are effective and whether various security policies are implemented from the perspective of attackers; on the other hand, potential security risks can be highlighted in the form of real events, which helps the relevant personnel to better understand security issues. After the penetration test is completed, reinforce the security immediately to solve the security problems found in the test, so as to effectively prevent the occurrence of real security events.

3. highlight the most serious security issues

Security Assessment usually finds many security problems. penetration testing is a "real" hacker event that can find out the most urgent part.

4 white boxes

You have obtained as much information as possible.

Penetration tests are usually conducted from outside the Organization and from within the Organization.

Black Box

No other information is provided except the known public information of the tested target.

Penetration tests are usually conducted only outside the Organization.

Gray box

Between the two

5. Information Collection and Analysis

Formulate and implement the penetration plan

Summary and analysis of previous information

Privilege Escalation, internal penetration

Summary of penetration results

Output Penetration Test report

Propose Security Solutions

6. Provided by the customer

This part mainly comes from a series of existing security systems such as the actual network structure and security level system provided by the customer.

Tool Scanning

This section uses a series of existing security products or hacking tools to perform comprehensive security scans on the target network, including services, ports, and other tools: nessus indexes, Nmap, and SnmpScanner.

Intelligent judgment

Collect and analyze the information of the target host using penetration testing and other security experience accumulated by engineers.

Local Scan

In order to better penetrate into the security of its network, the customer can perform on-site scanning within the scope permitted by the customer. Through a short period of simulated attack scanning combined with detailed information provided by the customer, quickly find the weak links in the target network, to ensure the overall efficiency of the developed penetration test solution.

Create information pool

Summarize the above information and establish an information pool

7. Factors for formulating the penetration plan

Network Scale

Business Composition

Network distribution

Other factors

Penetration solution content

Target and scope

Plan

Process

Risk Avoidance

Confidentiality

8. verify information pool content

Test and obtain permissions

Adjust the implementation process according to the specific information

9. Comprehensive and summarized information

Analysis, classification, filtering, and sorting

Information pool update

Determine penetration implementation focus

Develop the next implementation plan

10 vertical permission escalation

Read Permission is upgraded to write permission

Upgrade application system permissions to operating system Permissions

General User Privilege is elevated to administrator privilege

Horizontal permission escalation

Obtain remote host permissions with local Permissions

Obtain access permissions for local LAN and devices

Obtain access permissions for remote networks and devices

Recursive operation

Repeat from the first stage as needed

11 Summary of penetration results

Inform customers of major security issues in a timely manner

Summary of successes and failures

Clear intermediate files during penetration

12 Report and exchange of Penetration Testing Results

Penetration Process

Penetration Depth (vertical and horizontal)

Penetration result

Formal Penetration Test report

Comprehensive Solutions, processes, and results reports

Confidentiality

Document transfer and destruction

Information pool transfer and destruction

Confidentiality of penetration results

13. Backup System

Emergency Response Team

High-risk operations prohibited

Operation Process record

Intermediate File Processing

Finishing work handling

14 scans

Tool scanning: vulnerability, port, and account exhaustion

Manual testing: System Version, application service information, and network information

Local Permissions

Password Prediction

Remote Vulnerabilities and application Vulnerabilities

...

Privilege Escalation

Local overflow and process injection

Event triggering

...

Associated attacks

Network sniffing, session hijacking, and man-in-the-middle attacks