1 Network penetration testing

This chapter covers

  • Corporate data breaches
  • Adversarial attack simulations
  • When organizations don’t need a penetration test
  • The four phases of an internal network penetration test

Everything today exists digitally within networked computer systems in The Cloud . Your tax returns, the pictures of your kids that you take with a cellphone, the locations, dates and times of all the places you’ve navigated to using your GPS. It’s all there ripe for the picking by a dedicated and skilled-enough attacker.

The average enterprise corporation has ten times (at least) as many connected devices running on their network as they do employees who use them to conduct normal business operations. This probably doesn’t seem alarming to you at first thought, considering just how deeply integrated computer systems have become to our society, to our existence and to our survival.

Assuming that you live on planet Earth, and I have it on good authority that you do, there’s a better than average chance you have the following:

  • An email account (or four)
  • A social media account (or seven)
  • At least two dozen username/password combinations you’re required to manage and securely keep track of to log in and out of the various websites, mobile apps and cloud services that are essential in order to function productively within your normal everyday life.

1.1       Corporate data breaches

1.2       How hackers break in

1.2.1   The defender role

1.2.2   The attacker role

1.3       Adversarial attack simulation:  penetration testing

1.3.1   Typical INPT workflow

1.4       When a penetration test is least effective

1.4.1   Low-hanging fruit

1.4.2   When does a company really need a penetration test?

1.5       Executing a network penetration test

1.5.1   Information-gathering

1.5.2   Focused penetration

1.5.3   Privilege escalation

1.5.4   Documentation

1.6       Summary



Unfortunatly, we weren't able to load your books.

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes) homepage