What you will learn:
Obtaining authorization to test
Why it is important to perform reconnaissance activities prior to conducting a penetration test
Steps to follow and items to check when conducting scanning activities
Gaining access and maintaining access
Removing traces of tests
Different tools that can be utilized for each step
Importance of accurate documentation
Recommendations on becoming a penetration tester
Pentesting Using BackTrack – It Is Just…The Security Toolbox
By Abdy Martinez, Telecommunications Administrator at AES Panama, specialized in Network / Information Security and Forensics
Let’s travel through the amazing resources that BackTrack brings us. Enjoy the reading and be prepared to start your hacking experience!
In this article, you will learn about BackTrack, what software it includes, the benefits, and features included. Also, The author will remind you about some important considerations before you create your hacking lab and perform a penetration test.
How Anyone Can Be Compromised
By Alex Soler Alvarez, an Information Security Engineer with around 6 years of experience
Most people feel safe browsing through the Internet and don’t imagine that they could be at risk from someone, stealing their credentials or compromising their computers. Thinking that only browsing well-known websites and avoiding reaching a suspicious one they are safe, but this is not really true. Using specialized pentesting tools, most of them included in a penetration testing distribution called Backtrack 5, you can design a scenario where any user with a device, which can be connected to the Internet, could be affected.
Pentesting with BackTrack
By Davide Peruzzi, OSCP certified, is a system administrator and freelance security consultant with about 10 years of experience in Information Technology
Abraham Lincoln said “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” This is really the basic concept and the start point of every penetration test.
In a pentest you have to sharper your axe, first by gathering information. The more you obtain the more surface to attack you will have. The gathering phase isn’t the more exciting one, but surely it is the one that let you make things better and smarter, so what do you need? Let’s see…
My Network is Ill, I Fear That He Has The Yersinia (pestis)
By Guglielmo Scaiola, MCT, MCSA, MCSE, Security +, Lead Auditor ISO 27001, ITIL, eCPPT, CEI, CHFI, CEH and ECSA
A lot of articles teach how crack a password, how to exploit a vulnerability and so on but a lot of us forget this simple concept while the network is up because we have a lot of network equipment and at present network’s complexity grows up every single day, in hacking world we talk about linux, windows, exploit, services, application, but we don’t talk about VTP, 802.1q or DTP with the same emphasis. These protocols are complex enough to use them for p0wning an entire network infrastructure.
How to Conduct A Penetration Test – A Beginner’s Guide
By John ‘J’ Trinckes, Jr, Vice President of Information Security at Ohio Shared Information Services (OSIS)
There are several ways to go about conducting a penetration test. This is just one standard testing methodology that the author has used and has proven to be effective for most engagements. It is very important to obtain an authorization to perform any testing activities discussed in this article. Penetration testing may be considered ‘hacking’ in most countries and testers could be prosecuted if they are not provided with the appropriate authorization.
PenTesting with BackTrack
By Piyush Verma, CompTIA Security+, CEH v8, ECSA|LPT, CHFI v8, Advanced PenTesting with BackTrack
PenTesting, short for penetration testing, is a technique used for evaluating the security posture of systems, applications and network of an organization from internal as well as external threat agents, at the request of the owner. A threat agent could be an employee making unintentional mistakes that can compromise the integrity of the information, or a hacker sending malware through unfiltered/open ports on the firewall. A pen-test emulates the same techniques an attacker would use, and therefore it should align with the latest hacking methodologies. Organizations perform this to determine the effectiveness of their security measures.
A Crash Course in Pentesting with Bactrack
By Nick Hensley, CISSP, Information Security Professional with 12 years of industry experience
In this article we will give you a crash course in pentesting. This article is meant to be a basis or primer if you will; it will teach you what a penetration test is and what it is not. We will show you the basic steps that go into virtually all penetration tests. And teach you what you need to be aware of, what to look for, and how to get started. That being said, this is not a “how to hack” article that will teach you how to break into some unsuspecting company’s website and further penetrate their internal infrastructure.
LEARN HOW TO USE BACKTRACK FOR PENTESTING and BECOME A PROFESSIONAL PENTESTER