Types of Pentests and Pentesting Process

FeltSecure Labs
A free video tutorial from FeltSecure Labs
FeltSecure Labs: Cyber Security Courses with 10000+ Students
4.1 instructor rating • 4 courses • 17,940 students

Lecture description

Introducing types of pentests and pentesting process.

In this lecture, you will learn the most common and useful approaches for pentesting process which contains:

Planning, Reconnaissance, Scanning, Exploiting, Privilege Escalation, Cleaning-Up, Reporting

And also the types of pentests, such as; 

External Network Segment, Internal Network Segment, Web Applications and Services, Wireless networks, 
Servers, Network Devices, Databases, Internal Client Applications, Social Engineering, DDoS and Physical Security

Learn more from the full course

Practice Your First Penetration Test: Kali & Metasploit Lab

Learn ethical hacking with Kali in your own lab, scan targets with Nmap and exploit victims with metasploit!

02:46:35 of on-demand video • Updated May 2017

  • Install and configure Kali Linux
  • Prepare virtual lab environment with Kali and victim machines
  • Scan networks with Nmap
  • Discover vulnerable applications
  • Exploit Linux and Windows servers with Metasploit
English [Auto] There are three types of Pentheus lightbox gray box and white X in the black box. Pentasa has zero knowledge about the system at first. He discovers every information he needs with using different techniques like social engineering. Grey box pen Tester has limited information about the target IP addresses host names or application version information can be some of them. Most of the times this is the case in real life penetration tests since many companies don't want to spend much time for the reconnaissance part. And thirdly white box Pentheus to know every detail about the target system white box tests mostly focus on how defensive mechanisms work in detail. Now we know the types of Pentheus. What about Penn. testing process. Pentodes think process has several phases and different standards but I would the following seven step approach. Since it is concise easy to remember and meaningful in the first step which is planning defining scope signing agreement then rules of engagement. This also includes preparing your environments like Kalli and in the second phase reconnaissance. It's about searching the Internet resources domain name lookups even dumpster diving. This all of this fall under this category this face social engineering skills are also included in here. And thirdly scanning target selection scanning open ports and services and in the fourth race which is exploitation. It's about exploiting the vulnerabilities discovered in the scanning phase and maintaining permanent access. And next one privilege escalation. It's about gaining higher level of these after the initial compromise and then the sixth phase which is cleaning up. It's about cleaning up the artifacts of exploits and back doors etc.. This is because we need to keep the systems in their or regional state. And lastly phase seven reporting writing the report about the findings based on the severities these steps these seven steps are important because these are the key elements which distinguish a professional high quality path test and an amateur one. Whether we are planning to conduct our own tests or you want to ensure companies company's tests are carried out nicely this can be your checklist. No we know the types of pentodes and phases of apprenticing process. What about the scope of a test. There are many areas where a pen tester can focus on such as external network segment internal network segment web applications and services wireless networks servers network devices databases internal client applications social engineering DOS attacks or physical security depending on the agreement signed pentameters deal with these areas to find fools and exploit them