1
00:00:01,570 --> 00:00:08,620
All right, so penetration testing, execution standard, it's a specification document which is redefining

2
00:00:08,620 --> 00:00:13,180
the penetration test for both new and experienced penetration testers.

3
00:00:13,870 --> 00:00:19,130
It has been adopted by several leading members of the security community.

4
00:00:20,110 --> 00:00:26,950
So therefore, if you feel you are new to penetration testing standards or uncomfortable with the terms,

5
00:00:27,520 --> 00:00:29,350
please have a look at it.

6
00:00:30,320 --> 00:00:35,960
The penetration testing execution standard, I believe, will be the best one for you to go from.

7
00:00:37,170 --> 00:00:44,400
Now, I know that last sentences sounds like an advertisement, but you're not going to lose anything

8
00:00:44,400 --> 00:00:47,500
if you check some of these documents once.

9
00:00:47,560 --> 00:00:52,200
OK, so PTSA is divided into seven phases.

10
00:00:52,720 --> 00:00:54,270
Let's have a look at each of them briefly.

11
00:00:55,310 --> 00:01:03,200
Pre InterAction's, so the pre InterAction's, typically, that's the phase that you discuss, the scope

12
00:01:03,200 --> 00:01:10,130
and the terms of the penetration test and convey your goals of the engagement with your client while

13
00:01:10,130 --> 00:01:15,770
discussing the scope of the penetration test, you should clarify all the domains that will be tested,

14
00:01:16,520 --> 00:01:21,350
as well as any special requirements that are going to be needed, such as special privileges and.

15
00:01:22,390 --> 00:01:25,480
The access to the critical systems and so on, so forth.

16
00:01:26,500 --> 00:01:29,710
That's why you're going to develop your own way of keeping track of it all.

17
00:01:30,580 --> 00:01:36,040
The expected positives of the test should also be part of the discussion with the client in this phase.

18
00:01:36,880 --> 00:01:37,180
Great.

19
00:01:37,190 --> 00:01:45,100
So now this is what you should do before testing begins, intelligence gathering, the information or

20
00:01:45,280 --> 00:01:48,130
intelligence gathering phase or reconnaissance.

21
00:01:48,130 --> 00:01:52,930
As I talked about earlier, it's one of the most important phases in penetration testing.

22
00:01:53,620 --> 00:02:00,430
If you are properly gaining knowledge about your target from social networks, Google or any other way

23
00:02:00,430 --> 00:02:07,360
that you can accomplish, you're going to be able to simulate appropriate and exact attacks rather than

24
00:02:07,360 --> 00:02:09,850
trying all possible attack vectors.

25
00:02:10,510 --> 00:02:13,950
This will also help you save a huge amount of time as well.

26
00:02:14,920 --> 00:02:21,790
So it I believe anyway, it's a duty of a penetration tester to gather enough information about the

27
00:02:21,790 --> 00:02:25,060
target by performing a variety of scans.

28
00:02:25,390 --> 00:02:31,390
So that includes looking for open ports, identifying services, running on those ports.

29
00:02:31,990 --> 00:02:38,020
And you're also going to be able to discover what vulnerable services exist.

30
00:02:38,900 --> 00:02:47,960
I find this phase particularly important, so in Métis Floyd framework, there are many auxillary modules

31
00:02:47,960 --> 00:02:50,990
that enable you to gather information from the target.

32
00:02:51,560 --> 00:02:54,880
Now, the next phase is threat modeling.

33
00:02:55,580 --> 00:03:02,510
So this phase focuses on categorization and modeling of the threats based on their impact on the system.

34
00:03:03,350 --> 00:03:07,790
Now, in my point of view, this phase is not necessarily always applicable.

35
00:03:08,790 --> 00:03:10,380
It depends upon how much time you have.

36
00:03:11,540 --> 00:03:17,590
If you are performing a long term red team, activity modeling threats are going to work for you.

37
00:03:18,890 --> 00:03:24,320
On the other hand, in an ordinary situation, you probably don't have the time to model a threat.

38
00:03:25,400 --> 00:03:31,340
You're going to look rapidly for a way to exploit and gain access to the system.

39
00:03:32,220 --> 00:03:36,090
So our next phase will be vulnerability analysis.

40
00:03:37,490 --> 00:03:43,850
Now, in this phase, you analyze the target network and make a vulnerability scan over that network

41
00:03:43,850 --> 00:03:46,160
to identify all of the weaknesses.

42
00:03:47,470 --> 00:03:51,760
Once again, this is a very important phase.

43
00:03:52,750 --> 00:03:57,250
It's also what I would call a stepping stone into the exploitation phase.

44
00:03:58,270 --> 00:04:01,000
So the next phase is exploitation.

45
00:04:01,940 --> 00:04:07,550
Either manually or automatically, you will detect vulnerabilities for this network.

46
00:04:08,510 --> 00:04:15,650
In this phase, you'll identify which vulnerability is applicable, if possible, and then you run the

47
00:04:15,650 --> 00:04:19,490
appropriate exploit for this particular vulnerability.

48
00:04:21,300 --> 00:04:27,060
Now, being successful in this phase means that you have access to the system.

49
00:04:28,470 --> 00:04:31,650
Believe me, you will be satisfied.

50
00:04:33,170 --> 00:04:36,740
And now it's time to gather some extra information.

51
00:04:38,510 --> 00:04:42,650
So this next phase is called post exploitation.

52
00:04:43,800 --> 00:04:45,750
After gaining access to the target.

53
00:04:47,090 --> 00:04:53,390
You will look for some extra information and use some advanced ways to maintain your access.

54
00:04:55,010 --> 00:05:00,970
Now, this phase, if you haven't ever done it before, is is going to be really mind blowing for you.

55
00:05:02,430 --> 00:05:04,860
And then our last phase is reporting.

56
00:05:06,390 --> 00:05:12,060
So you've done a whole mess of things, OK, so you've exploited the target, maintained your access

57
00:05:12,060 --> 00:05:13,770
and and all kinds of things.

58
00:05:14,190 --> 00:05:21,110
Now to a client, this might not even seem like much you might not even have been detected by the client.

59
00:05:21,840 --> 00:05:27,600
So you have to report on what you have done on the system in a proper way.

60
00:05:28,520 --> 00:05:35,900
So it's important for this to make absolute clear sense and otherwise clients, they're pretty much

61
00:05:35,900 --> 00:05:38,300
going to wonder what you actually do.