1 00:00:06,596 --> 00:00:09,009 - Whether you're performing a penetration test 2 00:00:09,009 --> 00:00:12,759 as a consultant or on a team as a red teamer, 3 00:00:13,767 --> 00:00:17,430 having a structured methodology is essential 4 00:00:17,430 --> 00:00:18,855 to your success. 5 00:00:18,855 --> 00:00:21,211 There are several reasons for this. 6 00:00:21,211 --> 00:00:23,267 First, you need to have structure 7 00:00:23,267 --> 00:00:24,959 for your entire engagement to ensure 8 00:00:24,959 --> 00:00:28,539 that you do not miss any tests and you stay on time. 9 00:00:28,539 --> 00:00:30,663 Second, you want to make sure that you stay 10 00:00:30,663 --> 00:00:32,334 within the rules of engagement. 11 00:00:32,334 --> 00:00:33,997 You want to make sure that you do not scan 12 00:00:33,997 --> 00:00:37,770 any IP addresses that are not in the scope. 13 00:00:37,770 --> 00:00:40,005 You don't to want to hack in any machines 14 00:00:40,005 --> 00:00:42,186 that you're not allowed to hack into. 15 00:00:42,186 --> 00:00:44,801 And so, understanding your rules keeps you 16 00:00:44,801 --> 00:00:46,384 within your bounds. 17 00:00:47,450 --> 00:00:49,848 Also efficiency, you usually have 18 00:00:49,848 --> 00:00:52,384 only a certain amount of time to complete your tasks, 19 00:00:52,384 --> 00:00:54,802 so you want to make sure that your methodology 20 00:00:54,802 --> 00:00:59,142 keeps you on pace and ensures that you stay 21 00:00:59,142 --> 00:01:02,645 within the allotted time that you have. 22 00:01:02,645 --> 00:01:04,957 And also teamwork, it's really important 23 00:01:04,957 --> 00:01:07,385 to make sure that you're all in sync 24 00:01:07,385 --> 00:01:09,201 during the entire engagement. 25 00:01:09,201 --> 00:01:11,589 Some engagements, you'll be working on by yourself, 26 00:01:11,589 --> 00:01:13,273 but more often than not, you'll have 27 00:01:13,273 --> 00:01:15,175 at least two people on a team. 28 00:01:15,175 --> 00:01:18,131 And ensuring that you have that right structure in place 29 00:01:18,131 --> 00:01:22,065 makes sure that you do not duplicate any steps. 30 00:01:22,065 --> 00:01:24,849 So, you basically have to list out all the tasks 31 00:01:24,849 --> 00:01:26,043 that you're going to complete. 32 00:01:26,043 --> 00:01:28,770 You need to split them between members of your group. 33 00:01:28,770 --> 00:01:30,812 And that'll really ensure that you do not step 34 00:01:30,812 --> 00:01:33,410 on each others' toes and you do not repeat work. 35 00:01:33,410 --> 00:01:36,135 If all of you are repeating the same types of work, 36 00:01:36,135 --> 00:01:38,590 then that engagement's gonna take a lot longer 37 00:01:38,590 --> 00:01:40,689 than it really should. 38 00:01:40,689 --> 00:01:42,618 We're gonna take a look at some example 39 00:01:42,618 --> 00:01:46,283 penetration testing and ethical hacking methodologies. 40 00:01:46,283 --> 00:01:47,304 First, let's look 41 00:01:47,304 --> 00:01:50,222 at the Penetration Testing Execution Standard. 42 00:01:50,222 --> 00:01:52,655 So basically, some leaders in the security industry 43 00:01:52,655 --> 00:01:55,074 came together and created the standard. 44 00:01:55,074 --> 00:01:57,426 And it's really neat because it goes over 45 00:01:57,426 --> 00:02:00,771 everything from scoping out your engagement 46 00:02:00,771 --> 00:02:05,420 to intelligence gathering to types of tools you'll use 47 00:02:05,420 --> 00:02:08,070 and all the way up to reporting. 48 00:02:08,070 --> 00:02:10,962 So, it covers all stages of the penetration tests. 49 00:02:10,962 --> 00:02:13,273 It's really a great tool to use, 50 00:02:13,273 --> 00:02:15,290 and it's completely free. 51 00:02:15,290 --> 00:02:18,454 If you're doing any sort of web application testing, 52 00:02:18,454 --> 00:02:21,802 then the OWASP Testing Guide is the tool for you. 53 00:02:21,802 --> 00:02:25,490 This is through the Open Web Application Security Project. 54 00:02:25,490 --> 00:02:27,627 They pretty much outlined the standards 55 00:02:27,627 --> 00:02:31,452 for testing web applications and mobile applications, 56 00:02:31,452 --> 00:02:34,227 and they have a testing guide for looking 57 00:02:34,227 --> 00:02:36,226 at all these types of applications 58 00:02:36,226 --> 00:02:38,403 to ensure that you review the top threats 59 00:02:38,403 --> 00:02:40,535 to these applications and make sure 60 00:02:40,535 --> 00:02:43,825 that you do not miss any steps along your way. 61 00:02:43,825 --> 00:02:45,883 Then there is the National Institute 62 00:02:45,883 --> 00:02:48,364 of Standards and Technology, or NIST. 63 00:02:48,364 --> 00:02:50,902 They have several guides for testing, 64 00:02:50,902 --> 00:02:53,833 risk analyses, and system harding. 65 00:02:53,833 --> 00:02:56,867 This one in particular, 800-115, 66 00:02:56,867 --> 00:02:59,430 is the technical guide to information security testing 67 00:02:59,430 --> 00:03:00,520 and assessment. 68 00:03:00,520 --> 00:03:03,459 And this one is critical for testing 69 00:03:03,459 --> 00:03:05,852 any type of government facility 70 00:03:05,852 --> 00:03:10,464 or any other organization that is using the NIST standards. 71 00:03:10,464 --> 00:03:13,368 It's a pretty comprehensive document 72 00:03:13,368 --> 00:03:16,339 that covers all states of the engagement. 73 00:03:16,339 --> 00:03:19,231 And last but not least, the Open Source 74 00:03:19,231 --> 00:03:21,667 Security Testing Methodology Manual. 75 00:03:21,667 --> 00:03:25,051 This is a long-time favorite of many 76 00:03:25,051 --> 00:03:26,731 in the security industry. 77 00:03:26,731 --> 00:03:28,874 And basically, it is similar to the others 78 00:03:28,874 --> 00:03:30,430 where it covers all stages 79 00:03:30,430 --> 00:03:32,673 of the security testing engagement, 80 00:03:32,673 --> 00:03:35,163 ensures that all areas are covered, 81 00:03:35,163 --> 00:03:38,413 and the tester does not miss any steps.