WEEK 5 Penetration Testing Attacks and Malicious Codes
Penetration Testing Compliance
(Pen Testing or Ethical Hacking)
-A cybersecurity practice where an authorized
and simulated attack is carried out on a
computer system, network, or application to
evaluate its security.
Why do organizations do
penetration testing?
-Penetrations tests are crucial to an
organization’s security since they help
personnel learn how to handle any type of
break-in from a malicious entity. They examine
whether an organization’s security policies are
genuinely effective.
9 Key Reasons Organizations Conduct
Penetration Testing
Identify Security Vulnerabilities
-Uncover hidden flaws in systems, networks,
or applications that could be exploited by
attackers.
-Assess risks associated with weak
configurations, outdated software, or coding
errors.
Prevent Data Breaches
-Simulate real-world attacks to test defenses
against unauthorized access, data theft, or
system compromise.
-Mitigate risks of financial loss, reputational
damage, and legal consequences from
breaches.
Enhance Security Posture
-Gain insights into the effectiveness of existing
security measures and controls.
-Provide recommendations for strengthening
defenses and closing security gaps.
with Regulations and
Standards
-Satisfy legal and regulatory requirements
-Demonstrate commitment to protecting
sensitive information
Safeguard Business Continuity
-Test the resilience of critical systems and
networks against potential attacks
-Minimize downtime and disruption by
proactively addressing vulnerabilities
Test Incident Response Capabilities
-Evaluate how effectively the organization’s
security team can detect, respond to, and
mitigate simulated attacks.
-Identify areas for improvement in monitoring,
alerting, and response protocols
Assess Risk from Emerging Threats
-Stay ahead of evolving cyber threats, such as
ransomware, phishing, and zero-day
vulnerabilities.
-Adapt defenses to match the changing threat
landscape
Build Trust with Stakeholders
-Demonstrate to customers, partners, and
investors that the organization takes
cybersecurity seriously.
-Enhance reputation by showing a proactive
approach to securing assets and data
Cost Saving
-Addressing vulnerabilities before an attack is
often far less expensive than dealing with the
aftermath of a successful breach.
-Avoid potential fines, lawsuits, and
operational costs associated with data loss or
downtime.
Historical Evolution of Penetration Testing

Year Event Results

1961 Allen Scherr hacks the CTSS OS Demonstrated the vulnerability of early
computer systems
1965 First serious conversations about Raised awareness of the need for the
computer security held at the Fall Joint computer security measures
Computer Conference
1972 James P. Anderson published a paper on Provided a key foundation for modern
the reference monitor concept computer security
1984 US Navy formed a team of Navy Seals to Introduced the concept of “tiger teams”,
evaluate the security of its naval bases which were teams of ethical hackers who
were hired to attack an organization’s
systems to find vulnerabilities.
1995 SANTA, the first automated penetration Made it easier and more efficient to conduct
testing tool, was released. penetration tests
1996 The first commercial penetration testing Helped legitimize the field of penetration
company, Security Focus, was founded testing and made it more accessible to
organizations of all sizes
1999 The Open Web Application Security Provided open-source tools and resources
Project (OWASP) was founded for web application security, including
penetration testing
2003 OWASP published its first Testing Guide, Helped standardize the practice of
which provided best practices for penetration testing and improve the quality
penetration testing web applications of penetrations tests
2004 Penetration Testing Execution Standard Provided a common set of standards for
(PTES) was published conducting penetration testing
engagements
2011 The Cloud Security Alliance (CSA) Included a requirement for penetration
published its Cloud Security Assurance testing as part of its certification program for
Framework (CSA STAR) cloud service providers
2013 The National Institute of Standards and Recommended penetration testing as one of
Technology (NIST) published its the key controls for improving the
Cybersecurity Framework (CSF) cybersecurity of organizations of all sizes
2023 Penetration testing became widely Helped organizations identify and fix
accepted and an essential part of vulnerabilities in their systems before they
information security can be exploited by attackers
Penetration Test in MS-DOS
-Command Line Interface (CLI) has a wide variety of penetration testing tools available, thus
becoming familiar with the commands is necessary.

MS-DOS Command What the command does

whoami
net share
net use X: \\IP_Address\c$
net localgroup
net localgroup Administrators
net user pentester pentestpass /add
net localgroup Administrators pentestuser /add
net user pentuser /domain
net group “Domain Admins” /domain
net config server/workstation
net view
net view /domain
net user /domain
List the current user
View current network shares
Mount a remote network share
Retrieve local groups
Retrieve local administrators
Add a new user to the current host
Add a pentestuser to the local administrator’s
group
View information about a domain user
Retrieve domain administrators
View the domain name of current host
List all hosts in the current workgroup or domain
List all domains available
List all the domain users

Type of Penetration Testing

-SQL injection, sometimes referred to as SQLI,
Network Penetration Testing is a popular attack method that use malicious
-Focuses on evaluating the security of an SQL code to manipulate backend databases
organization’s network infrastructure, and access data that was not meant to be
including routers, switches, firewalls, and displayed.
servers. Focuses on testing:
Tools used: • Input fields (like login forms,
• Nmap- network scanning search boxes)
• Wireshark- analyzing network • User authentication
traffic mechanisms
• Metasploit- exploiting • Application logic
vulnerabilities • APIs (Application
• Nessus- vulnerability Programming Interfaces)
assessment • Server configurations

Web Application Penetration Testing

-Assesses the security of web applications,
including websites, web services, and web-
based APIs.
-Testers look for vulnerabilities like SQL
injection, cross-site scripting (XSS), and
insecure authentication mechanisms to
determine if attackers can compromise the
application.
Mobile Application Penetration Testing Social Engineering Testing
-Evaluates the security of mobile applications, -Assess an organization’s susceptibility to
both Android and iOS manipulation by attackers
-Testers assess the app’s code, data storage, -Testers use tactics like phishing emails,
authentication, and network communication phone calls, or physical impersonation to trick
to identify vulnerabilities or privacy issues. employees into revealing sensitive
Focuses on testing: information or performing unauthorized
• Data Storage Security- actions.
protecting stored data integrity Types:
• Authentication and • Phishing- sending fake emails
Authorization- verifying identity or messages that look like
and access they’re from a trusted source
• Network Security- to steal information
safeguarding networked • Pretexting- creating a false
systems scenario to get someone to
• Reverse Engineering- divulge private information
analyzing systems to • Baiting- offering something
understand attractive (like free software) to
• API Security- securing lure people into compromising
application programming their systems
interfaces • Tailgating- gaining physical
• Session Management- access to a building or office by
handling user session controls following authorized personnel
without them knowing
Wireless Network Penetration Testing Physical Penetration Testing
-Assesses the security of Wi-Fi networks -Evaluates the physical security controls of an
-Testers attempt to exploit weaknesses in organization, such as access badges, locks,
encryption protocols or gain unauthorized and security personnel
access to the network. -Testers attempt to gain unauthorized access
Focuses on testing: to physical facilities through various means,
• Authentication Mechanisms- including lock-picking, piggybacking, or
verifying user identity methods tailgating.
• Network Configurations-
setting up network parameters Red Team vs. Blue Team
• Access Control- restricting • Red Teaming- advanced form of
resource access permissions penetration testing where a group of
• Data Encryption- securing data experts simulates a sophisticated and
via encoding persistent adversary.
• Rogue Access Points- • Blue Teaming- involves the
unauthorized wireless network organization’s own security
devices professionals defending against the
• Man-in-the-Middle Attacks- red team’s attacks; a way to test and
intercepting communications improve an organization’s incident
between parties response capabilities.
Cloud Penetration Testing The Usual Process Flow for
-Assesses the security of cloud-based Penetration Testing
infrastructure, services, and applications
-Testers evaluate cloud configurations, access Reconnaissance
controls, and overall security of cloud -Gather information about the target
environments.
Scanning
IoT (Internet of Things) Penetration Testing -Identify open ports and services
-Focuses on identifying vulnerabilities in IoT
devices and their associated networks Vulnerability Assessment
-Testers assess the security of devices like -Identify vulnerabilities and assess their risk
smart thermostats, cameras, and industrial
sensors. Exploitation
-Attempt to exploit vulnerabilities to gain
Database Penetration Testing access
-Assesses the security of databases and data
storage solutions Reporting
-Testes look for vulnerabilities that could lead -Document findings and provide
to data breaches or unauthorized access to recommendations for remediation
sensitive information.

Attacks and Malicious Codes

Attacks and Intrusions Malicious Codes (Malwares)

-Attack vectors are pathways or methods that
malicious actors use to gain unauthorized
access to computer systems, networks, or
applications to compromise their security.
-Dates back to the early days of computing;
they have evolved significantly over time,
becoming more sophisticated and posing
increasingly serious threats to computer
systems and networks.

Year Type of Malware Description Origin

1971 Creeper Self-replicating program created as a research US
experiment
1974 Rabbit Self-replicating program created as a research US
experiment
1975 Elk Cloner First computer virus to be distributed in the wild; US
spread through Apple II floppy disks and displayed a
message on the screen
1977 Apple II Integer Virus that spread through Apple II BASIC programs US
BASIC and corrupted files
1978 W97M-Marker First virus to be discovered in the wild outside the US; US
spread through WordPerfect documents and
corrupted filed
1979 Vienna A virus that spread through Apple II floppy disks and Austria
corrupted files
1980 Stoned A virus that spread through Apple II floppy disks and US
corrupted files
1981 Boot Sector Virus A virus that infected the boot sector of floppy disks US
and prevented computers from booting up
1982 Frodo A virus that spread through Apple II floppy disks and N. Zealand
corrupted files
1983 Cascade A virus that spread through Apple II floppy disks and US
corrupted files
1984 Brain First IBM PC virus, spread via floppy disks Pakistan
1986 CIH A virus that infected the BIOS of computers causing Taiwan
them to fail
1987 Jerusalem A virus that infected the boot sector of floppy disks Israel
and prevented computers from booting up
1988 Morris Worm First internet worm, spread through emails and US
caused widespread outages
1989 Michaelangelo A virus that infected the boot sector of floppy disks Bulgaria
and prevented computers from booting up
1995 Chernobyl A virus that spread through email and corrupted files Taiwan
on infected computers
1999 Melissa A macro virus that spread through email and caused US
widespread damage to corporate networks
2000 Lovebug A virus that spread through mail and caused Philippines
widespread damage to corporate networks
2001 Code Red A worm that targeted web servers and caused millions China
of dollars in damage
2003 SQL Slammer A worm that targeted SQL servers and caused millions Italy
of dollars in damage
2004 MyDoom A worm that spread through email and denial-of- Russia
service attacks against websites
2005 Conficker A worm that spread through Windows computers and Russia
caused widespread damage to corporate networks
2006 Storm Worm A botnet that was used to send spam and launch Russia
denial-of-service attacks
2007 Zeus Trojan A Trojan horse that was used to steal banking Russia
information
2008 Stuxnet A targeted malware attack that was used to sabotage US/Israel
Iranian nuclear configures
2009 Conficker A worm that spread through Windows computers and Russia
caused widespread damage to corporate networks
2010 Flame A sophisticated malware attack that targeted Iranian Iran
infrastructure
2011 Stuxnet A targeted malware attack that was used to sabotage US/Israel
Iranian nuclear configures
2012 Shamoon A malware attack that was used to destroy data on Iran
Saudi Aramco computers
2013 CryptoLocker Ransomware attack that encrypted files on infected Russia
computers and demanded a ransom payment to
decrypt
2014 Heartbleed A bug in the OpenSSL cryptography library that US
allowed attackers to steal data from web servers
2015 WannaCry Ransomware attack that encrypted files on infected N. Korea
computers and demanded a ransom payment to
decrypt
2016 Petya Ransomware attack that encrypted files on infected Ukraine
computers and demanded a ransom payment to
decrypt
2017 NotPetya A wiper malware attack that was used to destroy data Russia
on computers in Ukraine and other countries
2018 Meltdown and CPU vulnerabilities that allowed attackers to steal US
Spectre data from computers
2019 BlueKeep A remote code execution vulnerability in the Remote US
Desktop Protocol
2020 SolarWinds Hack A supply chain attack that targeted SolarWinds Orion Russia
software and allowed attackers to gain access to
networks around the world
2021 Log4j Vulnerability A vulnerability in the Log4j logging library that allowed US
attackers to execute arbitrary code on computers
2022 Conti Ransomware attack that encrypted files on infected Russia
Ransomware computers and demanded a ransom payment to
decrypt
2023 LockBit Ransomware attack that encrypted files on infected Russia
Ransomware computers and demanded a ransom payment to
decrypt