Machine Translated by Google

FUNDAMENTALS OF PENTESTING AND ETHICAL HACKING

Introduction to Ethical Hacking

Definitions of what a Hacker is and types of Hackers

Hacker
A person with advanced skills in manipulating and exploiting computer systems, who can use his or her abilities for a variety
of purposes, legal or illegal.

Types of Hackers
• Ethical Hackers (White Hats): Test the security of computer systems with the permission of the owners for
identify vulnerabilities.

• Malicious Hackers (Black Hats): Breach the security of systems for illegal or malicious reasons, such as theft
information or financial fraud.

• Hacktivists: Infiltrate systems for political or social reasons, often as part of protests or to
spread a message.

• Script Kiddies: Low-skilled hackers using automated tools to carry out attacks without understanding
deeply the functioning of systems.

• Grey Hat Hackers: Operate in a middle ground, searching for vulnerabilities without the owner's permission, sometimes in order to
gain reconnaissance.

Classification of Hackers
Hackers are classified according to their goals and interests, including self-interest, helping the community, research, or mixtures of
these motivations.

Classification of Hackers according to their intentions and actions

Ethical Hackers (White Hats)

Hacker who acts legally to identify and correct vulnerabilities in computer systems with the authorization of
owners, in order to strengthen security.

Malicious Hackers (Black Hats)

Hacker who pursues illegal activities such as information theft, fraud, and data destruction, with criminal intent for personal gain.

Hacktivists
Hacker who infiltrates systems for political or social reasons, aiming to bring about change or spread
protest messages.
Machine Translated by Google

Script Kiddies
Hacker who uses automated tools and scripts to carry out attacks without having a deep understanding of the
systems, often in an unsophisticated manner.
Grey Hat Hackers
Hackers who seek vulnerabilities without permission, operating in a middle ground between ethics and malice, often seeking
recognition or personal gain.

Classification of Hackers

Hackers can be classified based on their intentions, ranging from ethical to malicious, and engage in
actions ranging from community assistance to criminal acts.

Differences between Hacking and Ethical Hacking

Hacking
Activity of exploiting vulnerabilities in computer systems without authorization, often motivated by malicious motives.
or criminals.
Ethical Hacking
The practice of testing and improving the security of computer systems with the permission of the owners, in order to
report vulnerabilities.

Hacking Intent Often

motivated by personal gain, malicious or criminal motives, aimed at stealing information or compromising systems.

Intention of Ethical Hacking

The goal is to improve the security of computer systems by reporting vulnerabilities with recommendations for
address the flaws.
Consent in Hacking Done without
permission, making it an illegal activity.
Consent in Ethical Hacking
Takes place with prior agreement and in compliance with the laws in force.
Use of Information in Hacking The information obtained
is used for illegal purposes, such as theft or blackmail.
Use of Information in Ethical Hacking Information about
vulnerabilities is reported to the system owner.
Legal Consequences of Hacking Leads to
prosecution, fines and imprisonment.
Legal Consequences of Ethical Hacking
Recognized as a legitimate and often valued practice in the field of cybersecurity.
Machine Translated by Google

Process followed by a Hacker during an attack

Process followed by a Hacker during an Attack

• Passive reconnaissance: Gathering information without directly interacting with systems, using tools like Google Hacking, searching
open source databases (OSINT), and social network analysis.

• Active reconnaissance: Direct analysis of systems through network scans and other techniques to identify
services and ports open.

• Vulnerability Analysis: Evaluation of the information collected to identify potential weaknesses in the system
targeted, including open ports, operating system versions, and running services.

• Threat Modeling: Developing an attack profile based on the information collected, identifying the points
potential entry points and attack vectors.

• Exploitation: Selection and execution of chosen techniques to exploit identified vulnerabilities, such as attacks
by injection or exploitation of software vulnerabilities.

• Access: Gain unauthorized access to target systems or applications if exploitation is successful.

• Post-Exploitation: Once access is gained, the hacker can perform various actions: total control of the equipment, creation of new
users, elevation of privileges, and access to sensitive information.

• Reporting: Documentation of vulnerabilities discovered and processes used, including a technical report for system administrators
and an executive report for management committees.

Passive recognition
Gathering information without directly interacting with systems, using tools like Google Hacking, open source databases (OSINT), and
social networks.

Active recognition
Direct analysis of systems through network scans to identify services and open ports.

Vulnerability Analysis Evaluation

of the information collected to identify potential weaknesses in the system, such as open ports and operating system versions.

Threat Modeling
Developing an attack profile based on the information collected, identifying entry points and attack vectors.

Exploitation
Selection and execution of techniques to exploit identified vulnerabilities, such as injection attacks or exploitation
software vulnerabilities.

Access
Gain unauthorized access to target systems or applications if exploit is successful.

Post-Exploitation
After gaining access, the hacker can control the equipment, create new users, elevate their privileges, and access
sensitive information.

Report
Documentation of vulnerabilities and processes, with a technical report for administrators and an executive report for
the management committees.

Penetration Tests
Machine Translated by Google

Importance and necessity of penetration testing

Identification of Vulnerabilities

Penetration testing helps discover and fix weaknesses in IT infrastructure before they become

are exploited by real attackers.

Real Attack Simulation Security

experts simulate an attack on the system to assess the effectiveness of existing security measures, thereby providing a better
understanding of how an attacker might act.
Improving IT Security

Businesses can strengthen their IT security and protect their sensitive data, systems and digital assets

against potential attacks.

Preventing Financial and Reputational Losses By implementing

penetration testing, organizations reduce the risk of financial loss due to security breaches and protect their reputation.

Regulatory Compliance

Testing helps comply with regulatory requirements and cybersecurity standards, especially for companies handling sensitive customer information.

Continuing Education

These tests also help train internal teams in cyber defense and improve their understanding of
threats.

Skills Required for an Effective Pentester

Pentester

A Pentester, or penetration tester, is a cybersecurity professional who evaluates the security of computer systems by simulating malicious attacks in order to identify

and correct vulnerabilities.

Skills Required for a Pentester

• Hacking Knowledge: Understanding of the different hacking techniques used to exploit vulnerabilities

systems.

• Programming Skills: Proficiency in programming languages such as Python, JavaScript, and C to develop

custom scripts and tools.

• Understanding of Operating Systems: In-depth knowledge of major operating systems, including

Windows, Linux, and MacOS, to navigate and exploit their vulnerabilities.

• Computer Networks: Understanding network protocols, topologies, and infrastructures in order to detect potential vulnerabilities.

• Vulnerability Analysis: Ability to use analysis tools such as Nessus and OWASP ZAP to identify vulnerabilities
security.

• Penetration Testing Tools: Familiarity with specific tools like Metasploit, Nmap, Wireshark, and Burp Suite to perform effective penetration testing.
Machine Translated by Google

• Problem Solving and Critical Thinking: Ability to analyze complex situations and develop strategies
to address security issues.

• Documentation and Reporting: Ability to write clear and accurate reports on test results, including
vulnerabilities discovered and recommendations for correcting them.

Different Types of Penetration Testing and Their Applications

Black Box Testing Security

assessment without prior knowledge of the infrastructure, simulating an external attack such as that of a hacker
malicious.

Gray Box Tests Evaluation with

partial access to information, simulating an attacker with an internal privilege level.
White Box Testing Detailed assessment
with full knowledge of the infrastructure, including access to the architecture, source code and
documentation.
Network Penetration Test

Assessing the security of network infrastructure by looking for vulnerabilities that can be exploited by attackers.
Web Application Penetration Testing
Web application security analysis to detect vulnerabilities such as SQL injections, XSS, CSRF, etc.
Mobile Application Penetration Testing Assessing
the security of mobile applications to identify vulnerabilities that can be exploited by hackers.
Wireless Network Penetration Testing

Auditing wireless network security to find exploitable vulnerabilities.

Application of Black Box Testing

Useful for understanding how an attacker could break into the system without internal information.
Application of Gray Box Tests
Allows testing of vulnerabilities from the perspective of a user with access to certain systems.
Application of White Box Testing
Used for internal audits and in-depth vulnerability testing.

Typical Phases of Executing a Penetration Test

Penetration testing
Evaluation of the security of a system by simulating real attacks to identify vulnerabilities.
Passive reconnaissance
Gathering information about a target system without directly interacting with it, using techniques such as OSINT and
web searches.
Machine Translated by Google

Active recognition

Interact with the target system to discover information through network scans or application analysis.
Post-exploitation
Phase following exploitation of vulnerabilities, including controlling access to the compromised system, creating or escalating
privileges, and maintaining persistent access.

Phases of a Penetration Test

• Planning and Preparation: Define objectives, obtain client agreement, establish scope, and collect information
preliminaries.

• Recognition: Passive (collection of information without interaction) and Active (interaction with the system).

• Vulnerability Analysis: Identify and evaluate the weak points of the system.

• Threat Modeling: Analyze information to determine potential threats and create attack scenarios.

• Exploitation: Attempt to exploit identified vulnerabilities using the chosen techniques.

• Post-Exploitation: Control access to the compromised system, download data or maintain persistent access.

• Report: Document the results and vulnerabilities found, produce a technical report and an executive report.

Methodologies and Best Practices

Pentesting methodologies to adopt for maximum effectiveness

Penetration Testing Execution Standard (PTES)

Penetration testing methodology comprising seven main sections: pre-engagement, intelligence gathering, threat
modeling, vulnerability analysis, exploitation, post-exploitation, and reporting.
OWASP Testing Guide
Guideline focused on web applications, providing best practices and techniques for testing the security of
applications, including common vulnerabilities like SQL injection and XSS.
ISSAF (Information Systems Security Assessment Framework)
Methodological framework used to systematically assess the security of information systems.
OSSTMM (Open Source Security Testing Methodology Manual)
A detailed and standardized approach to conducting security testing, accessible and applicable to any type of organization and
infrastructure.

Effectiveness of Penetration Testing

Adopting well-defined methodologies such as PTES or OWASP is essential to maximize the effectiveness of testing.
penetration, ensuring a complete and systematic assessment of the security of systems.

Details of PTE methodology and its practical application

Machine Translated by Google

PTE (Penetration Testing Execution Standard) methodology

• Pre-engagement: Initial communication with the client to define the objectives and scope of the test, including agreement on the
limits and expectations.

• Intelligence Gathering: Gathering information about the target using techniques such as OSINT, Google hacking, and
search in open databases.

• Threat Modeling: Identifying and organizing potential threats based on collected information to create a specific attack profile.

• Vulnerability Analysis: Assessment of detected weaknesses, including analysis of open ports, services and

versions of operating systems.

• Exploitation: Implementation of exploitation techniques to take advantage of identified vulnerabilities and gain unauthorized access.

authorized to systems or data.

• Post-Exploitation: Maximize control over the compromised system, create new users, access information

sensitive and consider measures to maintain persistent access.

• Report: Writing of two types of reports, technical for administrators and executive for management, detailing the
vulnerabilities and providing recommendations.

Practical Application of the PTE Methodology

The PTE methodology is applied to ensure a consistent and effective structure for each penetration test, adapt the scope and techniques to the specificities of each

environment, and ensure reliable results to strengthen the security of

the organization.

Post-Exploitation
The stage after a vulnerability has been exploited where one maximizes control over the compromised system, creates new users,
accesses sensitive information, and considers measures to maintain persistent access.

Steps of intelligence gathering and their impact

Passive Information Collection

Gathering data without direct interaction with the target's systems, using tools like Google Hacking,

searches in public databases (OSINT), and analysis of profiles on social networks.

Active Information Collection

Direct interaction with systems to discover information about open ports, running services, and software version.

Using OSINT tools and techniques

Application of OSINT techniques to accumulate data from open public sources.

Target Profiling
Synthesis of collected information to create a complete profile of the target, including users and systems.
Attack Planning Using the
information gathered to develop specific attack strategies.

Impact of Passive Information Collection

Machine Translated by Google

Allows to obtain valuable information about the target without arousing suspicion, facilitating the planning of the attack.
Impact of Active Information Collection
Provides a more accurate overview of existing vulnerabilities by analyzing system behavior and responses
targeted.

Impact of Using OSINT Tools and Techniques

Provides a structured framework for extracting and analyzing information, allowing a detailed profile of the target to be created.
Impact of Target Profiling
Helps anticipate the target's reactions during an attack and plan the next steps of the attack more accurately.
Impact of Attack Planning Maximizes chances
of success by targeting weak points identified during information gathering.

Vulnerability Analysis and Threat Modeling

Vulnerability Analysis
The process of identifying and evaluating weak points in a system, using automated tools and analysis
manual.
Threat Modeling

The process of analyzing collected information to determine potential threats to an organization,

developing attack scenarios based on the identified vulnerabilities.

Vulnerability Categorization

• Old vulnerabilities

• Configuration flaws

• Coding errors

Identification of Weak Points

Using automated tools like Nessus or OWASP ZAP and manual analysis to detect vulnerabilities in the system. Vulnerability Assessment

Each identified vulnerability is assessed based on its potential impact on the organization.
Development of Custom Dictionaries
Generation of specific dictionaries for brute force attacks or other exploitations.
Organization of Information
Classifying and organizing all relevant information that could affect the security of an application or system. Developing Mitigation
Strategies
Based on the identified threats, formulating
mitigation strategies to reduce the risk of vulnerabilities being exploited.

Security Technologies and Tools

Machine Translated by Google

Security Technology and its Role in Global Strategy

Security technologies
A set of devices and methods used to protect systems, data and networks against
computer threats.
Intrusion Prevention Systems (IPS)
Devices that control access to a network to protect computer systems from attacks by taking
preventive actions.
Intrusion Detection Systems (IDS)
Systems that listen to incoming and outgoing messages to detect and alert on potential attacks.
Firewalls

A combination of hardware and software that separates networks and analyzes traffic between them, filtering out unwanted traffic.
Virtual Private Networks (VPN)
Technologies that provide secure extension of a local area network onto a public network, enabling remote access
secure.
Content Filtering Systems
Implementation of methods to block unwanted content (viruses, SPAM, phishing, etc.), aimed at optimizing
the use of resources.
Security Incident Response The process
that defines how an organization responds to computer threats, including detection,
incident management, and recovery from a security breach.

Impact on Global Strategy

Effective integration of security technologies strengthens an organization's security posture, reduces risk, and protects
critical assets.

Intrusion Prevention Systems (IPS) Explained

Intrusion Prevention System (IPS)

A security device that examines network traffic in real time to detect and prevent attacks on systems
computers.

Access Control

IPS determines whether incoming traffic should be allowed or blocked based on defined rules.
Automatic Reaction
IPS takes preventive action immediately, such as blocking an IP address or terminating a connection
suspicious, before an attack is underway.
Analysis of Protocols
IPS performs in-depth analysis of traffic and protocols to identify malicious behavior.
Types of Detection
IPS can detect attacks based on known signatures, similar to an antivirus, or monitor traffic to detect
behaviors that deviate from normal patterns.
Machine Translated by Google

Network Integration
IPSs are often deployed at strategic points in the network, such as at the border between the internal network and the Internet, to
monitor incoming and outgoing traffic.

Importance in Security An IPS is

crucial for system security as it helps protect sensitive data and maintain network integrity against online threats.

Intrusion Detection Systems (IDS) and their essentials

Intrusion Detection System (IDS)

A security device designed to monitor all traffic entering and leaving a network to detect potential attacks.

Continuous Monitoring
The IDS continuously monitors network traffic to identify malicious or abnormal behavior.

Real Time Alerts

When suspicious activities are detected, the IDS generates alerts to notify network administrators so they can take appropriate action.

Signature-Based Detection Methods IDS compares network

traffic to known attack signatures and triggers an alert if a match is found.
Anomaly Based Detection Methods
The IDS monitors network behaviors to identify anomalies from a normal behavior pattern.

Types of IDS
Network IDS (NIDS): Installed at strategic points in the network to monitor traffic across multiple systems. Host IDS (HIDS)
: Installed on individual devices to monitor host activity from inside.

Integration into the Security Strategy

IDS is an integral part of an overall security strategy, helping organizations identify and respond to threats in real time, complementing
other security devices such as firewalls and intrusion prevention systems (IPS).

Roles of VPNs and Content Filtering Systems

VPN (Virtual Private Networks)

A technology that allows a local area network to be securely extended over a public or uncontrolled network, such as the Internet.

Content filtering systems Tools used to

control access to the Internet by blocking sites or content deemed unwanted or inappropriate.

VPN Features
VPNs enable secure extension of remote network resources, encryption of data in transit, and the
hiding the user's real IP address.
Machine Translated by Google

Practical applications of VPNs

VPNs are used to secure connections over public or remote networks, particularly in the context of teleworking.
Features of Content Filtering Systems
They protect against malicious content, manage productivity by blocking unproductive sites, and offer tools for monitoring and
reporting on Internet usage.

Function of Firewalls and HoneyPot Systems

Firewalls

A firewall is a hardware or software device that is used to separate networks and analyze the traffic that passes between them.
HoneyPot System A
HoneyPot system is a computing resource created to attract attackers, in order to observe them and analyze their techniques.

Functions of Firewalls

Firewalls control incoming and outgoing network traffic, enforce security rules to block or allow connections, prevent
unauthorized access, and monitor Internet connections for suspicious activity.
Application of Firewalls
Used in enterprises to protect internal networks from external attacks, while allowing secure access
to internal users.
HoneyPot Systems Functions HoneyPot
systems detect potential attacks by acting as a vulnerable target, and collect data on attack methods, tools used, and attacker behavior.

Application of HoneyPot Systems

Used in security research environments to study intrusion techniques and improve network defenses
based on the observations collected.

History of Social Engineering

Definition and understanding of what social engineering is

Social engineering
A technique that uses psychological manipulation to induce individuals to reveal confidential information.
or to perform actions beneficial to cybercriminals.

Basic Principles
Social engineering is based on the principle that people are often more manipulable than machines, using human behaviors
such as trust, fear or curiosity.
Techniques used
Machine Translated by Google

Social engineers use a variety of channels such as phone calls, emails, social media, and instant messages. Common methods include phishing, vishing (voice

phishing), and pretexting (creating a false context).

Motivation for attacks Motivations

include theft of personal data, credentials, or access to sensitive systems, often for financial gain.
financial or recognition.

Business Vulnerability
Businesses may be vulnerable due to unregulated access to information, insufficient employee security training, and a lack of clear security policies.

Typical channels used by attackers to deceive victims

Channels used by attackers

• Telephone: Using voice calls or SMS messages to deceive victims and obtain sensitive information.

• Instant Messaging: Platforms like WhatsApp or Telegram are exploited to send misleading or
malicious.

• Email: Sending fraudulent emails containing malicious links or attachments to trick victims into revealing personal information.

• Social Media: Using platforms like Facebook, LinkedIn, and Twitter to create deceptive campaigns or send phishing messages.

• Bait and Lure: Offering prizes or promotions to entice victims to provide personal information, or using downloadable files or abandoned USB devices as bait.

• Impersonation: Pretending to be family members, co-workers, or support technicians to gain control

trust of victims and obtain confidential information.

Conclusion
Attackers use a variety of channels to deceive victims, including telephone, social media, and email phishing. Knowing these methods is essential to guard against

forms of social engineering and protect information.

sensitive.

Classic methods used by attackers and their examples

Phishing A

social engineering technique where attackers send fraudulent emails to trick victims into providing sensitive information, such as passwords or banking details.

Spear Phishing
A targeted variation of phishing, where attackers target specific individuals or organizations with personalized messages.

Vishing
Machine Translated by Google

Voice phishing using phone calls to obtain sensitive information.

Smishing
SMS phishing, where attackers send malicious text messages to trick users into responding or disclosing personal information.

Baiting
Technique where users are lured with offers of rewards, often to get them to download software
malicious.

Pretexting
Process where the attacker invents a false story or context to obtain information from the victim.
Impersonation
Posing as a trusted person or entity to deceive a victim.

Phishing Example
An email pretending to be a security notification from a bank asking to confirm account details through
from a malicious link.

Spear Phishing Example An email

pretending to be from a superior requesting confidential information from an employee.
Example of Vishing A
call from an individual pretending to be a customer service representative asking for account details to 'verify'
suspicious activities.
Example of Smishing An
SMS pretending to be a security alert about a bank account inviting you to click on a link.
Example of Baiting A
promise of free download of popular software that actually contains malware.
Example of Pretexting
A fake IT employee asking for login information under the pretext of a system update.
Example of Impersonation
An attacker posing as a maintenance technician calling the victim to retrieve sensitive information.

Classic methods used by attackers

• Phishing

• Spear Phishing

• Vishing

• Smishing

• Baiting

• Pretexting

• Impersonation

Types of Social Engineering

Phishing and its subtypes like Spear Phishing

Machine Translated by Google

Phishing
Social engineering technique where attackers impersonate a trusted entity in order to deceive victims

and trick them into disclosing sensitive information, such as passwords or banking details.

Spear Phishing
A variant of phishing targeted at specific individuals or organizations, where attacks are personalized by
using information collected about the victim.

Phishing Mechanism
Victims receive emails or text messages that appear to come from a trusted source, often containing malicious links or attachments that allow information to be

stolen or malware to be installed.

Spear Phishing Mechanism Attackers

conduct extensive research on the target, identifying personal details to send an email with specifically worded references, increasing
the chances of the victim falling for the trap.
Example of Targeted Attack
A hacker targets a company employee in order to obtain confidential information by pretending to be a colleague.

Personalized Content
The spear phishing email may contain references to recent company projects or previous interactions to appear authentic and trustworthy.

Differentiation between Vishing, Smishing and Whaling

Vishing
A scam technique that uses phone calls to trick victims into revealing sensitive information such as

passwords or credit card numbers.

Smishing
A type of phishing that uses SMS messages to trick users into obtaining personal or
financial.

Whaling
A type of phishing that targets high-level individuals in an organization, such as senior executives or managers,
often with access to sensitive information.

How Vishing Works Attackers

pose as representatives of a trusted company and attempt to obtain confidential information under the guise of necessity,
often through psychological manipulation.
How Smishing Works
Attackers send text messages containing links to malicious sites or instructions to call a suspicious number, often masquerading as trustworthy to trick the victim

into acting quickly.

How Whaling Works Whaling

attacks are highly personalized and sophisticated, using precise information about the target to make
the message is convincing and difficult to detect, with attackers spending time researching their target.
Machine Translated by Google

Baiting and Scareware Techniques to Manipulate Users

Baiting
Technique used by attackers to trick victims into downloading malware by offering them something attractive, such as free content or a
downloadable file.
Scareware

Malware designed to scare users into believing that their computer is infected or in danger, thus pushing them to purchase
unnecessary security solutions.

How Baiting Works

Attackers lure users to files or locations containing malware by promising
attractive rewards, often in the form of free software, music or movie downloads.
Example of Baiting
Offering free music software that, once downloaded, installs viruses or spyware on the victim's computer.
How Scareware Works

Scareware attracts users' attention with fake antivirus alerts or pop-up messages that trick them into purchasing software to fix
non-existent problems.
Example of Scareware A
message on the user interface claiming that the system is infected with a virus and suggesting to install compromised antivirus software.

Concept of Pretexting and its application in real scenarios

Pretexting
Social engineering technique where the attacker creates a false identity or context to trick a victim into disclosing information
sensitive information.

Operating mechanism

The attacker generates a credible fictional situation, convincing the victim that he has a legitimate reason to access confidential
information, often using personalized details.
Impersonation of a technician
An attacker poses as an IT technician, calling an employee to ask for passwords or access
administrative under the pretext of a system 'update'.
Fake Bank Calls An individual
pretending to be a bank representative calls a customer to report suspicious activity on their account and asks for personal information for
'verification'.

Fictitious job offers

An attacker sends an email to a potential candidate pretending to be from a reputable company, requesting personal and professional
information to complete an application.
Machine Translated by Google

Protection and Control Measures

Implementing an Acceptable Use Policy

Acceptable Use Policy (AUP)

An AUP is a security policy that defines acceptable and unacceptable behaviors for all employees with access to the organization's assets.

Hiring Conditions

The AUP must be made a condition of employment, and each employee must sign a document certifying that they have read, understood
and agree to the terms of the policy.
Site Security Check

It is essential to ensure that the websites visited are secure and use 'https' to ensure the encryption of information.

Prohibition of Access to Unsecured Sites

Access to unsecured sites, such as gambling sites or sites with explicit content, is prohibited to protect the safety of
information.

Download Precautions
Do not download files from suspicious pages or accept pop-up ads to avoid
malware.

Awareness and Training

A security awareness program must be implemented and regularly renewed, as well as ongoing training for security personnel.

Preliminary measures for review and preparation

Evaluation and Review of Security Policies

It is essential to ensure that existing security policies are up to date and incorporate protocols to deal with
new threats and vulnerabilities.

Risk Analysis
Conducting a risk analysis helps identify weak points in the infrastructure and potential threats to it.
arise.

Incident Response Plan

It is important to develop or update an incident response plan, detailing the procedures to follow in the event of a security breach, as well as the roles and

responsibilities of each team member.

Employee Training and Awareness Implement training

and awareness sessions for employees on security policies, threats
common ones like phishing, and best practices are crucial.

Tests and Simulations

Performing regular testing and attack simulations helps assess security responses and identify areas
requiring improvements.
Machine Translated by Google

Technology Updates
It is important to ensure that all operating systems, security software and applications are up to date with the latest patches and

updates to minimize vulnerabilities.

Importance of awareness and continuing education

Strengthening Security

Continuous employee awareness and training are essential to strengthening security within the organization by enabling a better understanding of threats and the

adoption of secure behaviors.

Prevention of Security Incidents

Regular training helps prevent security incidents by equipping employees with the knowledge needed to

recognize and avoid attacks such as phishing or social engineering.

Adapting to Technological Developments Continuous

training ensures that employees are up to date on the latest threats and security best practices, due to the constant evolution of technology and
attack methods.
Creating a Safety Culture

Integrating security awareness into employee training fosters a corporate culture where security is

a shared priority, thus reducing the risk of human errors.

Regulatory Compliance Security

training helps organizations meet regulatory requirements and industry standards regarding data protection.

Implementing phishing campaigns for education

Educational phishing campaigns

Phishing attack simulations implemented to raise awareness and educate employees about potential threats and
how to identify them.

Objectives of Phishing Campaigns To raise

awareness among employees about the types of phishing and the tactics used by cybercriminals.
Measuring resilience

Test employees' ability to recognize and report phishing attempts.

Scenario design
Create emails that simulate real attacks with personalized messages from legitimate sources.

Monitoring and evaluation

Analyze click-through rates on malicious links in test emails to assess the speed and effectiveness of phishing attempt detection.

Post-Campaign Training Provide

additional training based on test results to correct inappropriate behavior.
Machine Translated by Google

Learning resources

Provide ongoing information security resources to maintain vigilance over threats.

Passive Recognition

Introduction to OSINT (Open Source Intelligence)

OSINT

OSINT, or Open Source Intelligence, is a method of collecting and analyzing information based on the use of open and public
sources.

Sources of Information

• Websites

• Social networks

• Forums

• Blogs
• News

Applications of OSINT

• Cyber Threat Research

• Vulnerability analysis
• Detection of malicious activities

• Cybersecurity intelligence
• Research

• Journalism

• Market analysis

Research Techniques

• Advanced search engines

• Social media analysis tools

• Data extractors

• Specialized tools

Principles of OSINT
OSINT relies on the collection of data from publicly available sources, ensuring that collection activities
remain legal and non-intrusive.

Using the OSINT Framework to Collect Information

Machine Translated by Google

OSINT Framework
The OSINT Framework is an online platform that compiles open-source tools and resources for conducting research
in open-source intelligence (OSINT).

Tool Categories

• Email Search: Tools to check the validity of email addresses and search for related information.

• Social Network Analysis: Tools designed to explore profiles and activities on social networks.

• Geolocation Tools: Used to locate specific geographic information.

Practical Applications The

OSINT Framework is used in various scenarios, such as threat research, vulnerability analysis, and information gathering for
cybersecurity.
Support for Analysis
It supports analysts by providing them with resources that facilitate the understanding and contextualization of data
collected.
Ease of Access
The framework allows users to quickly access diverse resources, organized by categories, simplifying the information gathering
process.

Google Hacking Technique Explained with Examples

Role of DNS records in information gathering

DNS records Fundamental

parts of the Internet infrastructure used to translate domain names into numeric IP addresses.

DNS Record Type

• A Records: Link between a domain name and an IPv4 address.

• AAAA Records: Link between a domain name and an IPv6 address.

• MX Records: Indicate the mail servers responsible for processing emails for a domain.

• CNAME Records: Aliases for other domain names.

Identification of Domain Owners

DNS records are used to identify domain name owners and analyze relationships between different
areas.
Server Accessibility
Machine Translated by Google

They help understand which servers are associated with a domain, crucial for security and cyber threat investigations.
Infrastructure Analysis
DNS records provide a view into a network's architecture, showing how services are connected and where vulnerabilities may exist.

Resources for Attacks and Monitoring

Information extracted from DNS records can be used by attackers to plan cyber attacks by
identifying potential targets and mapping an organization's network infrastructure.

Active Recognition

Network analysis and scanning: methods and tools

Network analysis and scanning

The process of identifying active devices and services available on a network, making it possible to list the
resources, detect vulnerabilities and assess the security of an infrastructure.

Passive analysis
A technique of collecting information without directly interacting with the network or systems, by examining publicly available data and
DNS configurations.
Active scanning
Involves interacting with the network through scanning tools to determine port status and identify available services,
using ICMP requests, TCP/UDP port scans, etc.
Nmap
Primary network scanning tool used to discover hosts and services by sending specific packets and analyzing the responses.
Supports scanning methods like TCP SYN and UDP.
Wireshark

Protocol analyzer that allows you to examine network traffic in detail, useful for diagnosing problems and analyzing
attacks.

Objectives of Network Scans Assess

running services for vulnerabilities, and understand network configuration by listing available devices and connections.

Scanning methods

• Passive analysis

• Active analysis

Scanning Methods with Nmap

• TCP SYN Scan (-sS): Sends a SYN packet to determine open ports without establishing a full connection.

• UDP Scan (-sU): Identifies open UDP ports.

Machine Translated by Google

Classification of responses during port scanning

Open Response
When a port is identified as open, it means that the destination host is responding to the scan request and there is service

active listening on this port.

Closed Response A
port is classified as closed when the destination host has responded to the request but no service is active on that port.
Filtered Response
A port is considered filtered when there is no response to the request sent, often due to a firewall or security device blocking
access.

Open Response Indication

An open port is generally interpreted as an opportunity for exploitation, as the associated service could have
vulnerabilities.

Implications of the Closed Response

A closed port signals that the port is not accessible, reducing attack opportunities, but it could be opened in the future.

Consequences of Filtered Response

A filtered port indicates that filtering rules prevent its status from being determined, making it difficult to assess the security of the
network.

Concepts of service enumeration and analysis

Enumeration

Enumeration is the process of collecting detailed information about a network's resources, including active services, open ports, user accounts, and other security-related

details that can be exploited by an attacker.

Objectives of the Enumeration

Identify services and applications running on specific ports to assess potential vulnerabilities.
Collection of User Information

Access to usernames and groups, essential for planning a brute force attack or other exploits.
Enumeration Methods

Using automated tools to scan ports and determine active services, as well as techniques for searching networks and online applications.

Analysis of Services
Inspection of the protocols used by the services to understand their behavior and identify possible vulnerabilities. Version
Evaluation

Checking service versions for compliance with known Common Vulnerabilities and Exposures (CVEs) and determining
the necessary fixes.

Importance of Enumeration
Enumeration is crucial when assessing security because it helps identify potential entry points into a system,

often constituting a first step in the penetration testing process and in network reconnaissance.

Introduction to Network Analysis

Machine Translated by Google

Ping and Traceroute Techniques for Network Analysis

Ping
Network diagnostic tool that tests connectivity between two devices by sending data packets (ICMP
Echo Requests) to the target IP address and waiting for a response.
Traceroute
A tool that determines the path a data packet takes from its source to its final destination on the Internet, by timing each
hop between routers.

How Ping works

If the target device is active, it responds with an Echo Reply packet, thus confirming availability and measuring response time,
which helps to assess network latency.

Using Ping Used to

determine if a host is reachable on the network, fundamental for network troubleshooting and configuration.
How Traceroute works
Traceroute sends packets to the destination and uses ICMP to identify each intermediate router, displaying
the number of jumps and the time each jump takes.
Using Traceroute
Allows you to analyze network topology and identify bottlenecks or points of failure in the path of
connection.

Practical Applications
Ping and Traceroute tools are used to diagnose network problems, such as latency, packet loss, and
routing problems. Network
Performance Evaluation
They allow system administrators to measure connection performance and optimize data routing.

Description of Ping Sweeps and their usefulness

Ping Sweep
A technique used to determine which hosts on a network are active by sending ICMP requests to multiple IP addresses in a systematic
manner.

Objective of Ping Sweep

The main purpose of a Ping Sweep is to map active devices on a given network, by establishing a list of IP addresses that respond
to pings.

Sending ICMP Packets The

scan sends Echo Request packets to each targeted IP address. Active devices send back an Echo packet
Reply, thus indicating their availability.

Analysis of Responses
The responses received are used to determine which hosts are online and to measure the connection latency.
Network Assessment
Used in network diagnostics to discover hosts, assess their status, and provide management of network infrastructure.
Penetration Testing Planning
Machine Translated by Google

Provides pentesters with a basis for identifying potential targets on a network before performing more in-depth scans on
ports and services.
Network Integrity Monitoring Can help
monitor system availability and identify downtime or anomalies in the network.

Environment Installation

Necessary installation of the environment for pentesting

Kali Linux

Pre-configured operating system with many security tools, suitable for pentesting.
Nmap
Tool used for network scanning and service analysis.
Metasploit
Framework for developing and executing exploits.
Wireshark

Packet analysis tool to monitor network traffic in real time.

Burp Suite
Tool used to test the security of web applications.

System Configuration
Choose an operating system suitable for pentesting, such as Kali Linux.
Implementation Plan

Install and configure pentesting tools on your machine, in a secure test environment.
Access to the Target Network

Ensure you have the necessary permissions to test the security of the targeted systems.
Presence of Security Measures

Verify that existing protections, such as firewalls and intrusion prevention systems, are configured to test
the robustness of network security.

Essential Tools

• Nmap

• Metasploit
• Wireshark

• Burp Suite

Configuring the tools required for network scans

Machine Translated by Google

Nmap
Nmap is a network scanning tool used to discover hosts, detect services, and assess the security of a network.
Zenmap
Zenmap is the graphical interface to Nmap that makes it easier for less experienced users to implement scans.

Installing Nmap To install

Nmap, use the following command in the terminal: .

Installing Zenmap Zenmap

can be installed via the command: .
Port Scan

Use the option to specify which ports to scan. For example, to scan ports 80 and 443: .
Service/Version Scan

Add to detect versions of services running on open ports.

Connect Mode (TCP Connect)
The TCP connect() scan will attempt to establish a full connection with the target service.
SYN Stealth Mode

The SYN stealth() scan is more stealthy and does not establish a full connection, allowing open ports to be identified without being
detect.

Advanced Configuration with Nmap

Nmap allows the execution of scripts with the option, which enriches the analysis by providing additional information about the
vulnerabilities.

Operating System Detection By including the

option, Nmap can attempt to identify the operating system of the scanned host.

Introduction to NMAP

NMAP: function and usage in network analysis

NMAP

NMAP (Network Mapper) is a network scanning tool used to discover hosts and services on a network, as well as determine
information about the operating system and version of services running on a specified host.

Discovery of Hosts and Services

NMAP helps identify active devices on a network and open ports, providing information about the services associated with those
ports.
Service Version Detection

NMAP can determine the version of running services, which is essential for identifying vulnerabilities
specific to these versions.
Types of Scans Performed
NMAP is capable of performing different types of scans, including TCP and UDP port scanning, and intense scanning for a comprehensive
assessment of the destination host.

Configuring NMAP
Machine Translated by Google

Users can configure options to customize their scan, such as selecting which ports to scan or adding
specific scripts. A basic command for a scan is: sudo nmap [options] [target].
Practical Applications
NMAP is used for security analysis as part of penetration testing to detect system vulnerabilities, as well as
than for network mapping, facilitating the management and integration of new services.

Types of NMAP scans and their applications

TCP SYN Scan (-sS)

A technique that sends a SYN packet to the target port to determine if it is open, without establishing a full connection, which makes the
less detectable scan.

Scan TCP Connect (-sT)

Establishes a full connection to the target port to test its reachability, but is more easily detectable.
UDP Scan (-sU)
Performs a UDP port scan by sending UDP packets and waiting for a response.
Scan ACK (-sA)
Sends ACK packets to target ports to determine whether a port is filtered or not, helping to understand port configurations.
firewall.
Scan NULL, FIN, and Xmas (-sN, -sF, -sX)
Sends special packets designed to elicit specific responses from hosts: NULL sends packets without
flags, FIN sends FIN packets, and Xmas sends packets with the FIN, PSH, and URG flags enabled.
Scan Idle (-sI)
Uses a third-party host to send packets to a target to determine port status, avoiding the IP address of
the attacker is not detected.

Applications of NMAP scans

• Map open ports on a system without leaving traces (TCP SYN Scan).

• Test port accessibility when SYN scan is blocked (TCP Connect Scan).

• Identify UDP services running on target ports (UDP Scan).

• Analyze packet filtering rules to understand network security (ACK Scan).

• Bypass security device filters with special packets (Scan NULL, FIN, and Xmas).

• Reduce the chances of being detected by using a third-party host (Idle Scan).