Indian Cyber Security Solutions - ICSS

(An ISO 27001 & 9001 Certified Company) A unit of Green Fellow IT Security Solutions Pvt Ltd

<img src="https://indiancybersecuritysolutions.com/wp-content/uploads/2019/02/EC-Council-ATC-1-1-new.png" alt="Snow" style="width:100%">

<img src="https://indiancybersecuritysolutions.com/wp-content/uploads/2019/03/iso-logo-9001.png" alt="Forest" style="width:100%">

<img src="https://indiancybersecuritysolutions.com/wp-content/uploads/2019/03/iso.png" alt="Mountains" style="width:100%">

info@indiancybersecuritysolutions.com

+91-8972107846 / +91-6291980077/ +91-6289183381 /+91-8420488199 / 033-46027398

<img src="https://indiancybersecuritysolutions.com/wp-content/uploads/2019/03/AWS52.png" alt="Snow" style="width:130%">

<img src="https://indiancybersecuritysolutions.com/wp-content/uploads/2019/03/BC4.png" alt="Forest" style="width:100%">

<img src="https://indiancybersecuritysolutions.com/wp-content/uploads/2019/03/IOT2.png" alt="Mountains" style="width:100%">

<img src="https://indiancybersecuritysolutions.com/wp-content/uploads/2019/03/ML1.png" alt="Snow" style="width:100%">

<img src="https://indiancybersecuritysolutions.com/wp-content/uploads/2019/03/PP3.png" alt="Snow" style="width:100%">

Penetration Testing | ICSS Student | Rakesh Mondal

Penetration Testing

Penetration testing, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).

Penetration testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.

Penetration testing project done by ICSS Student Rakesh Mondal. The full project discussed below:

Project Name: Penetration testing

Author Name: Rakesh Mondal

Publish Date: 12-07-2018

What is Penetration Testing?

An attack on a computer system with the intention of finding security weaknesses
Used to determine the feasibility of a set of attacks
Used to identity security vulnerabilities
Testing the ability of network defenders to respond to attacks
Can be used to help security
Used by security professionals to harden systems

Steps to Penetration Testing

Start with list of potential vulnerabilities
Possible open ports, old software, or week passwords
Rank the list in order of criticality.
Most damaging possible attack to least
Device a test for each possible vulnerability.
Port scans, password crackers, find software versions.
Run tests on possible vulnerabilities.
Fix issues that were found.

Penetration Testing Tools

Kali Linux
Nmap, Fragrouter, Fern Wifi Cracker, HydraGTK
Websites
Port scanners, web vulnerability checkers, DNS checkers
Metasploit
Exploit tester, GUI interface, test web apps and networks
Wireshark
Monitor network traffic, packets
W3af
Web attack and audit framework

What is Kali Linux?

Advanced penetration testing and security auditing linux distribution
300+ build in penetration testing tools
Free / Open source
FHS (File Hierarchy Standard) compliant
Secure development environment
Spin off of Backtrack

Using Kali Linux

Install to hard disk
10 GB disk space
USB / CD-DVD
Live USB Install
2GB capacity
Win32 Disk Imager
Android 2.1 + devices
5 GB free space
Network install
Virtual Machine
Run in side another OS

Included Kali Tools

Information Gathering
Dnsdict6
Nmap
Urlcrazy
IDS/IPS (Intrusion Detection/Protection System)
Fragrouter
Network Scanners
Dnmap
Netdiscover
Traffic Analysis
Intrace
Vulnerability Analysis
Cisco tools
Yersinia
Web Vulnerability Scanner
ProxyStrike
Cadaver
Wireless Attacks
Bluelog
Spooftooph
Wireless Tools
Aircrack

Information Gathering Tools DNSDICT6

Finds all sub-domains of a website or web server
Enumerates all IPv4 and IPv6 addresses to extract dumps
Sub-domains
IP information
Powerful for extracting sub domains that are restricted
Tutorials Online
Google
Youtube

Information Gathering Tools Nmap

Security Scanner
Gordon Lyon
Discovers hosts and services on a computer network and creates a map of the network
Special Packets
Analyzes reponses
Host discovery
Service discovery
Operating system detections

IDP / IPS Fragrouter

Intercepts, Modifies, and rewrites traffic destined for a specified host
Routes network traffic in a way that eludes IDS
Uses
Test IDS timeout and reassembly
Test TCP/IP scrubbing
Test firewalls
Evade Passive OS fingerprinting

Network Scanners DNMap

Framework for distributing nmap scans among many clients
Client/Server architecture
Server knows what to do
Clients do it
Clients work when server is offline
Real time statistics of the clients and their targets
Scans very large networks quickly

Traffic Analysis Intrace

Works along the same lines as Fragrouter
Enumerates IP hops exploiting TCP connections to display the path of packets over the network
Network reconnaissance
Who is connected to who
Firewall bypassing

Vulnerability Analysis Cisco Auditing Tool

Perl script that scans cisco routers for common vulnerabilities
Default passwords, usernames
Easy to guess names and passwords
IOS bug history
Hijack a router
Test router security
Password
Username

Web Vulnerability Scanner ProxyStrike

Active web application proxy designed to find vulnerabilities while browsing a web application
Mainly javascript
Sql injection and XSS plugins
Listens to port 8008 and analyzes all the parameters of applications running in the port for vulnerabilities

Conclusion

Security focused Linux Distribution
300+ security tools
Spin off of popular backtrack
Multiple ways to run
Hard drive
USB / Live CD
Virtual Machine
Detailed Look at some tools
To many to cover them all

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students

Network Pen Testing training

Ethical Hacking training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development training

Secured Coding in Java

Certified Network Penetration Tester

Diploma in Web Application Security

Certified Web Application Pen Tester

Certified Android Penetration Tester

Certified Python Programming

Advance Python Training

Reverse Engineering Training

Amazon Web Services Training

VMware Training

Cybersecurity services that can protect your company:

Web Security | Web Pen Testing

Network Pen Testing – NPT

Android App Pen Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Other Location for Online Courses:

© 2015 Indian Cyber Security Solutions|Indian Cyber Security Solutions