001 Kali Linux penetration testing Introduction

Others 2019-07-22 22:09:25 views: null

The root causes of security issues

Hierarchical thinking

  Advantages: clear division of labor, high efficiency

  Cons: employees no overall understanding of the system, the more one-sided safety knowledge

 

Security objectives

  Before the attacker to detect and prevent loopholes

  Attack: the attacker's thinking discovered vulnerability, an attacker system

  Protection type: a huge investment, there will be omissions, not comprehensive enough, the effect is not high

Penetration Testing

  Weaknesses try to crack the system's defense mechanisms, discovery system

  Thoughts from an attacker's perspective, measure the effectiveness of security

  Proof problems, rather than broken ring

  It is not limited to a single machine problems arise, while focusing on vulnerability and harm the entire system

Penetration Testing Standard

PETS (http://www.pentest-standard.org)

The early stage of interaction (penetration testing to determine the scope of the application system penetration task division)

Intelligence gathering (information collection target systems, passive and active collection collection)

Threat Modeling (based on the information collected to determine the most effective, the most likely way to succeed attack)

Vulnerability analysis (analysis by the system software version, write exploit code)

Penetration attacks stage (not as imagined so smoothly, the target system protection system)

After penetration testing phase (to expand our coverage of penetration)

Penetration Testing Report Stage (may be controlled to customers and colleagues demonstrated that other systems, description found that the use of the process, and how to resolve)

Penetration Testing Methods

Whether to allow social engineering attacks

Whether to allow DDOS attack

 

Kali Linux strategy

Root user policy (different from the normal Linux system carefully use)

Network Services Policy (off by default all network services, since the launch of the script off by default)

An upgrade strategy (Debian + KALI official)

Practice is the best teacher, Kali is very powerful, but not all. This is just a starting point on penetration testing.

 

Guess you like

Origin www.cnblogs.com/w1023913214/p/11226328.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com