What it takes to break into the field of penetration testing

by | Jul 17, 2015 | Pen Testing | 0 comments

Significant expansions of IT infrastructures combined with a surge of successful hacking attempts and data breaches are forcing companies and organizations to up the ante on IT security.

Penetration testing involves simulating authorized cyberattacks to evaluate a company’s computer and network security. Physical network devices and access points are tested to exploit critical systems and gain access to sensitive data. The goal is to demonstrate real-world attack vectors against an organization’s IT assets, data, humans, and/or physical security.

Penetration tests involve social engineering, attacking password hashes and authenticating, exploiting web application weaknesses, stealing credentials, spear phishing, and conducting port, operating system and service version scans.

Some of the tools needed to conduct a penetration test include:

Network survey tools. Penetration testers conduct a network survey to find the number of reachable systems, such as domain names, servers, Internet service provider information, and IP addresses. An example of a network survey tool is Nmap.

Vulnerability scanners. Tools are available to automate vulnerability detection. For example, Nessus is a security scanner that includes port scanning and OS detection and produces a list of vulnerabilities that exist in a network as well as steps that should be taken to address vulnerabilities. For web vulnerability scanning, there are tools such as Netsparker and Acunetix.

Packet manipulation tools. In addition to network surveys and vuln scans, penetration testers also do recon work using packet manipulation, which creates and sends specially crafted TCP/IP packets to test and exploit firewalls and other protections. An example of this service is hping, a command-line oriented TCP/IP packet assembler/analyzer.

Password crackers. This category includes providers such as Cain & Abel and John the Ripper, which are used to detect and obtain weak passwords. Methods of password cracking include:

  • The Dictionary Attack, which uses a simple list of words
  • A Brute Force, which tests for passwords using all possible combinations, including special characters
  • Hybrid Crack, a combination of the two

Exploitation tools. These are used to verify the existence of a vulnerability. Examples include:

  • Metasploit, used on web applications, networks, and servers
  • Sqlmap, used for detecting and exploiting SQL injection issues in an application
  • CORE IMPACT, which can be used to test mobile device penetration, network/network devise penetration, and password identification
  • w3af, a web application attack and audit framework tool