Pen Testing

The document provides an overview of penetration testing, including its importance, methodologies, and the penetration testing lifecycle. It covers legal and ethical considerations, tools for testing, and resources for training and practice. Additionally, it highlights various platforms for Capture The Flag (CTF) competitions to enhance skills in ethical hacking.

Uploaded by

Eric Gutiérrezz

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

35 views18 pages

Pen Testing

Uploaded by

Eric Gutiérrezz

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 18

Penetration Testing

THE G OOD AND BAD OF PENT ESTING

What is Penetration Testing?
Introduction Importance of Ethical Hacking
to Differences between Penetration Testing and Vulnerability
Penetration Assessment
Testing Legal and Ethical Considerations (e.g., laws, contracts,
permissions)
Limitations
PTES (Penetration Testing
Execution Standard)
OWASP Testing Guide (for
Penetration web applications)
Testing
Methodologies NIST Cybersecurity
Framework
MITRE ATT&CK Framework
The Penetration Testing Lifecycle

Planning & Scanning &

Exploitation
Reconnaissance Enumeration

Reporting &
Post-Exploitation
Remediation
Planning & Reconnaissance

Defining scope and rules of engagement Passive and active information gathering
(OSINT, WHOIS, DNS enumeration)
Identifying live hosts (Nmap, Masscan)
Scanning & Scanning for open ports and services
Enumeration
Banner grabbing and service identification
Common vulnerabilities (SQL
Injection, XSS, LFI/RFI, Buffer
Overflow)

Exploitation Exploiting misconfigurations

Social engineering techniques

Privilege escalation
Post-
Exploitation Lateral movement

Data exfiltration
Reporting & Remediation

Writing Writing a professional penetration test report

Providing Providing recommendations for mitigation

Network scanning (Nmap, Wireshark)

Web application testing (Burp Suite, OWASP ZAP)

Tools of the Exploitation frameworks (Metasploit, SQLmap)

Trade
Password cracking (John the Ripper, Hashcat)

OSINT tools (theHarvester, Maltego)

Online Labs & Virtual
Environments
Hack The Box (HTB) - Free Tier

TryHackMe

OverTheWire: Wargames

PentesterLab - Free Challenges

Root Me

VulnHub
Cybrary - Ethical Hacking & Penetration
Testing Course. Covers ethical hacking
basics, reconnaissance, and exploitation.
PortSwigger Web Security Academy.
Hands-on labs to practice web security
Free Courses attacks (e.g., SQL Injection, XSS).
& Training MIT OpenCourseWare - Computer and
Network Security. A free university-level
cybersecurity course.
OpenSecurityTraining2. Advanced
cybersecurity and penetration testing
courses.
[The Web Application Hacker’s Handbook
(PDF version may be found online)]:
Comprehensive guide on web security
Free Books testing.
& Reading OWASP Testing Guide: Official manual for
Material web application security testing.
NIST Special Publication 800-115: NIST’s
official penetration testing methodology.
Kali Linux – The go-to OS for ethical
hackers, preloaded with pentesting tools.
Parrot Security OS – Another great
alternative to Kali.
Free Tools Metasploit Framework – Essential for
for exploit development and testing.
Penetration Burp Suite Community Edition – Web
Testing application security testing tool.
Wireshark – Network traffic analysis.

Nmap – Network discovery and security

auditing.
Capture The
Flag (CTF)
Platforms
CTFtime – Lists ongoing
cybersecurity CTF events
worldwide.

PicoCTF – Beginner-friendly CTF

challenges.

Hack The Box CTF – Competitive

hacking challenges.
Thank you!
[email protected]
X: @miguelguirao

Hacking For Beginners, 5 in 1 Book Set - Learn Kali Linux As A Penetration Tester and Master Tools
No ratings yet
Hacking For Beginners, 5 in 1 Book Set - Learn Kali Linux As A Penetration Tester and Master Tools
302 pages
The Professional Hackers Blueprint
No ratings yet
The Professional Hackers Blueprint
60 pages
03 Introduction To Penetration Testing Web and Wireless Security
No ratings yet
03 Introduction To Penetration Testing Web and Wireless Security
113 pages
WM4
100% (1)
WM4
47 pages
Network Penetration Testing Course Online 1720400534
No ratings yet
Network Penetration Testing Course Online 1720400534
10 pages
The Digital Landscape
0% (1)
The Digital Landscape
21 pages
Ethical Hacking Course
No ratings yet
Ethical Hacking Course
22 pages
Network Security Training Course
No ratings yet
Network Security Training Course
10 pages
Phillip Wylie - Hacking Your Pentesting Career
No ratings yet
Phillip Wylie - Hacking Your Pentesting Career
41 pages
Top 100 Ethical Hacking Tools 2023
67% (3)
Top 100 Ethical Hacking Tools 2023
28 pages
00 - Ethical Hacking and Pentesting
No ratings yet
00 - Ethical Hacking and Pentesting
27 pages
Penetration Testing Full Guide
No ratings yet
Penetration Testing Full Guide
3 pages
Penetration Testing
No ratings yet
Penetration Testing
14 pages
A Complete Penetration Testing
100% (1)
A Complete Penetration Testing
13 pages
Network Pentest Course 1692353982
No ratings yet
Network Pentest Course 1692353982
10 pages
Blockchain & Cyber Security. Let's Discuss
100% (2)
Blockchain & Cyber Security. Let's Discuss
14 pages
Week 1
No ratings yet
Week 1
20 pages
Penetration Testing Guide
100% (1)
Penetration Testing Guide
14 pages
Android Hacking in Kali Linux Using Metasploit Fra
No ratings yet
Android Hacking in Kali Linux Using Metasploit Fra
8 pages
Ethical Hacking and Penetration Testing Lecture 1
100% (1)
Ethical Hacking and Penetration Testing Lecture 1
19 pages
Penetration Testing Fundamentals
No ratings yet
Penetration Testing Fundamentals
7 pages
Ethical Hacking for Beginners
100% (1)
Ethical Hacking for Beginners
5 pages
HackLikePro v3
No ratings yet
HackLikePro v3
72 pages
Penetration Testing Book
100% (1)
Penetration Testing Book
119 pages
PenetrationTesting Notes
No ratings yet
PenetrationTesting Notes
4 pages
Penetration Testing 1
No ratings yet
Penetration Testing 1
10 pages
IAM Solutions TechCorp
No ratings yet
IAM Solutions TechCorp
2 pages
Ethical Hacking by Lewis, Elijah
100% (1)
Ethical Hacking by Lewis, Elijah
365 pages
14-10-2045 PR (2) .Avastlic
100% (1)
14-10-2045 PR (2) .Avastlic
32 pages
Network Penetration Testing Course Online 1667723384
No ratings yet
Network Penetration Testing Course Online 1667723384
10 pages
2021 CompTIA CySA+ CS0-002 Real Dumps
No ratings yet
2021 CompTIA CySA+ CS0-002 Real Dumps
11 pages
Module 1 - Solid Introduction To Penetration Testing PDF
No ratings yet
Module 1 - Solid Introduction To Penetration Testing PDF
20 pages
Complete Infrastructure Penetration Testing
No ratings yet
Complete Infrastructure Penetration Testing
96 pages
Complete Infrastructure Penetration Testing
No ratings yet
Complete Infrastructure Penetration Testing
14 pages
Section A Ethical Hacking
No ratings yet
Section A Ethical Hacking
16 pages
2-Ethical Hacking Methodology
No ratings yet
2-Ethical Hacking Methodology
21 pages
Ethical Hacking Course: CSTA Training
No ratings yet
Ethical Hacking Course: CSTA Training
2 pages
ISO 27002 2013 2022 MAP Annex B
No ratings yet
ISO 27002 2013 2022 MAP Annex B
12 pages
Intro Pentesting
No ratings yet
Intro Pentesting
3 pages
Ethical Hacking Firefox Plugin by Srikanta Sen
No ratings yet
Ethical Hacking Firefox Plugin by Srikanta Sen
131 pages
Network Penetration Testing Course Online 1726163879
No ratings yet
Network Penetration Testing Course Online 1726163879
12 pages
Pentesting Course for IT Security Pros
No ratings yet
Pentesting Course for IT Security Pros
6 pages
Ceh V6
No ratings yet
Ceh V6
19 pages
ANAD Ethical Hacking
No ratings yet
ANAD Ethical Hacking
4 pages
Ethical Hacking Online Course Brochure
No ratings yet
Ethical Hacking Online Course Brochure
8 pages
Sophos Central Admin Guide
No ratings yet
Sophos Central Admin Guide
9 pages
New Brochure CPT
No ratings yet
New Brochure CPT
8 pages
Configure IPsec/IKE for Azure VPN via PowerShell
No ratings yet
Configure IPsec/IKE for Azure VPN via PowerShell
12 pages
Unit V-Eh-Notes-Q&a
No ratings yet
Unit V-Eh-Notes-Q&a
39 pages
Ethical Hacking for IT Students
No ratings yet
Ethical Hacking for IT Students
8 pages
Mastering Kali Linux For Advanced Penetration Testing Sample Chapter
100% (1)
Mastering Kali Linux For Advanced Penetration Testing Sample Chapter
37 pages
Cybersecurity Course Overview
No ratings yet
Cybersecurity Course Overview
56 pages
Basic Pentesting Concepts
No ratings yet
Basic Pentesting Concepts
49 pages
Cpte 2018
No ratings yet
Cpte 2018
10 pages
NIST SP 800-53r5-Draft
No ratings yet
NIST SP 800-53r5-Draft
481 pages
Kali Linux Penetration Testing Ethical Hacking
No ratings yet
Kali Linux Penetration Testing Ethical Hacking
14 pages
Ethical Overview
No ratings yet
Ethical Overview
17 pages
Evolution and Impact of SQL Injection Attacks in India: Analysis, Prevention Mechanisms, and Future Directions
No ratings yet
Evolution and Impact of SQL Injection Attacks in India: Analysis, Prevention Mechanisms, and Future Directions
5 pages
Hand Out Week 3
No ratings yet
Hand Out Week 3
4 pages
08 - Module 8
No ratings yet
08 - Module 8
87 pages
Crypto Assignment
No ratings yet
Crypto Assignment
4 pages
Web Application Security Guide
No ratings yet
Web Application Security Guide
32 pages
Module 4: Internet Threats
No ratings yet
Module 4: Internet Threats
10 pages
AA21-131A Darkside Ransomware Best Practices For Preventing Business Dis..
No ratings yet
AA21-131A Darkside Ransomware Best Practices For Preventing Business Dis..
6 pages
Cryptography
No ratings yet
Cryptography
92 pages
Exploiting The Authentication inMS-RDP (CVE-2018-0886)
No ratings yet
Exploiting The Authentication inMS-RDP (CVE-2018-0886)
16 pages
1.2.4.12 Lab - Social Engineering
No ratings yet
1.2.4.12 Lab - Social Engineering
4 pages
InfoSecurity Lect Week3
No ratings yet
InfoSecurity Lect Week3
31 pages
Security 1.1 - Security Control Types
No ratings yet
Security 1.1 - Security Control Types
11 pages
Network Security
No ratings yet
Network Security
43 pages
Lecture 6
No ratings yet
Lecture 6
20 pages
Chapter 17 Data Protection and Electrnoic Crimes
No ratings yet
Chapter 17 Data Protection and Electrnoic Crimes
1 page
(Template) Software Security - Milestone 2
No ratings yet
(Template) Software Security - Milestone 2
4 pages
Google Dorking Techniques for Database Access
No ratings yet
Google Dorking Techniques for Database Access
3 pages
Cyber Security
No ratings yet
Cyber Security
22 pages
Heartland Report
No ratings yet
Heartland Report
10 pages
Evaluación CND
No ratings yet
Evaluación CND
12 pages
Financial Institution Data Breach Response Guide
No ratings yet
Financial Institution Data Breach Response Guide
8 pages
Threat Intelligence Analysis Report
No ratings yet
Threat Intelligence Analysis Report
3 pages