1 Network penetration testing


This chapter covers

  • Corporate data breaches
  • Adversarial attack simulations
  • When organizations don’t need a penetration test
  • The four phases of an internal network penetration test

Everything today exists digitally within networked computer systems in the cloud. Your tax returns; pictures of your kids that you take with a cellphone; the locations, dates, and times of all the places you’ve navigated to using your GPS--they’re all there, ripe for the picking by an attacker who is dedicated and skilled enough.

The average enterprise corporation has 10 times (at least) as many connected devices running on its network as it does employees who use those devices to conduct normal business operations. This probably doesn’t seem alarming to you at first, considering how deeply integrated computer systems have become in our society, our existence, and our survival.

Assuming that you live on planet Earth--and I have it on good authority that you do--there’s a better than average chance you have the following:

  • An email account (or four)
  • A social media account (or seven)
  • At least two dozen username/password combinations you’re required to manage and securely keep track of so that you can log in and out of the various websites, mobile apps, and cloud services that are essential in order for you to function productively every day.

1.1 Corporate data breaches

1.2 How hackers break in

1.2.1 The defender role

1.2.2 The attacker role

1.3 Adversarial attack simulation: Penetration testing

1.3.1 Typical INPT workflow

1.4 When a penetration test is least effective

1.4.1 Low-hanging fruit

1.4.2 When does a company really need a penetration test?

1.5 Executing a network penetration test

1.5.1 Phase 1: Information gathering

1.5.2 Phase 2: Focused penetration

1.5.3 Phase 3: Post-exploitation and privilege escalation

1.5.4 Phase 4: Documentation

1.6 Setting up your lab environment