Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
The Ultimate Kali Linux Book

You're reading from   The Ultimate Kali Linux Book Harness Nmap, Metasploit, Aircrack-ng, and Empire for cutting-edge pentesting

Arrow left icon
Product type Paperback
Published in Apr 2024
Publisher Packt
ISBN-13 9781835085806
Length 828 pages
Edition 3rd Edition
Arrow right icon
Author (1):
Arrow left icon
Glen D. Singh Glen D. Singh
Author Profile Icon Glen D. Singh
Glen D. Singh
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Introduction to Ethical Hacking 2. Building a Penetration Testing Lab FREE CHAPTER 3. Setting Up for Advanced Penetration Testing Techniques 4. Passive Reconnaissance 5. Exploring Open-Source Intelligence 6. Active Reconnaissance 7. Performing Vulnerability Assessments 8. Understanding Network Penetration Testing 9. Performing Network Penetration Testing 10. Post-Exploitation Techniques 11. Delving into Command and Control Tactics 12. Working with Active Directory Attacks 13. Advanced Active Directory Attacks 14. Advanced Wireless Penetration Testing 15. Social Engineering Attacks 16. Understanding Website Application Security 17. Advanced Website Penetration Testing 18. Best Practices for the Real World 19. Index
Appendix

Discovering penetration testing approaches

Each penetration test approach is a bit different from the others, and it’s important that you know about all of them. Imagine a potential client calling to request a black box test on their external network infrastructure; as a penetration tester, we must be familiar with the terminology and what is expected by the customer. The following are the approaches used:

  • A white box assessment is typical of web application testing but can extend to any form of penetration testing. The key difference between white, black, and gray box testing is the amount of information provided to the penetration testers prior to the engagement. In a white box assessment, the penetration tester is provided with full information about the targeted applications, systems, and networks, and is usually given user credentials with varying degrees of access to quickly and thoroughly identify vulnerabilities in the targeted systems and networks. This approach reduces the time required by the ethical hacker and penetration tester to perform reconnaissance to identify the attack surface of the target. Not all security testing is done using the white box approach; sometimes, only the target organization’s name is provided to the penetration tester.
  • Black box assessments are one of the most common forms of network penetration testing and are most typical among external network penetration tests and social engineering penetration tests. In a black box assessment, the penetration testers are given very little or no information about the targeted organization, its networks, or its systems except the organization’s name. This particular form of testing is efficient when trying to determine what a real adversary will find and their strategies to gain unauthorized access to the organization’s network and techniques for compromising their systems.
  • Gray box assessments are a hybrid of white and black box testing and are typically used to provide a realistic testing scenario while also giving penetration testers enough information to reduce the time needed to conduct reconnaissance and other black box testing activities. In addition, it’s important in any assessment to ensure you are testing all in-scope systems. In a true black box, it’s possible to miss systems, and as a result, they are left out of the assessment.

Having completed this section, you have learned about white, gray, and black box security testing approaches. Up next, you will learn about different types of penetration testing in the industry.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image