Vulnerability Assessment and Penetration Testing: Imitating a cracker

Hello Everyone,

My topic was prompted after I got to listen to some presentations by IT Security companies on carrying out a penetration testing on a company's network. It was quite a colorful and rich presentation about how they were going to scan the network from inside and outside, but the problem was that this has been the trend for some years now. Real world hackers are ever-dynamic evolving, upgrading, and getting more sophisticated by the day, most security consultant firms do not change in their methodologies.

Majority of attacks are now client-side based and exploits the weakest link in the network - the user. Social engineering attacks are now more sophisticated than ever, employing clever techniques to bypass endpoint security. Dozens of social engineering tools are out in the wild and can easily be used against targets. Real-world attacks are well-funded, motivated and have a specific aim. Simulating these attacks, which is the job of the pentester, will involve a huge amount of ingenuity and not just performing the run-of-the-mill, mundane scans and attacks.

Penetration testing has to be adaptive, fine-tuned to really achieve its goals.

Comments

Popular posts from this blog

Pentesting Android applications

Global Cyberlympics Finals 2015 Write-up - Tracker.7z

Red Teaming with Covenant and Donut