0.0 : Before we start

This is a personal study note.

It is for education only.

Do not try to do any illegal attempts in your country.

Hacking and Penetration testing

Hacking is all about escalating permission.

Try to gain & maintain access to the targets to do something you suppose cannot do.

Penetration testing is about identify vulnerability and try to gain access from that, only consists the below first 3 steps .

Consists of couple of steps

  • Reconnaissance

  • Active & Passive information gathering

  • Identify attack surface

  • Enumeration on target services, including port scanning, dns, vnp, snmp etc.

  • Identify Vulnerability

  • Penetrate, gain access, escalate access, try to get ROOT

  • Maintaining Access

  • Install Malware, trojans etc.

  • Covering tracks

  • Clean up records, histories

  • And then repeat to step 1.

Popular Vulnerability Scanning Tools

  • Nessus
  • OpenVAS
  • Metasploit

Important notes on a bug report

  • time-line on discovery
  • simple , repeatable steps to follow
  • include all related documents
  • only max 2 pages, don’t write lengthly content
  • few screenshots
  • the key is to create a easy to follow steps to reproduce the bug, and understand the security impacts