CISC 7050 Lecture Notes - Lecture 1: Penetration Test, Metasploit Project, Denial-Of-Service Attack
Document Summary
Vulnerability testing actively scanning for vulnerable services strictly identification of flaws tools: nmap, nessus/openvas. Pen testing actively attacking system"s vulnerabilities that have been discovered running exploit against vulnerable system tools: metasploit, burp suite, zap: blue team: pen testing team that works cooperatively w/ org to assess their systems. Process: planning working w/ customer to clearly define & document assessment objectives, scope, & rules of engagement. Include screenshots, steps that blue/red team can take to repeat process/issue, & recommendations for solutions. Methods: network tests scans network, protocols, hosts, & services available for vulnerabilities. & weaknesses: broad in-scope & typically look at perimeter security and/or internal network resources, will test acls & its effectiveness as wel as service-side exploits across. Important to have public & internal ip addresses in scope: client-side tests test client software, test perimeter & functionality of internet-facing web resources, social engineering.