By raising hands please tell me ;
WHO LIKES MONEY ?
I bet none of you kept his hand low, and that’s fine, we love money, and because we love him it’s important to no let anyone steal it, and, on the other hand, we like to make money,
The PT and the whole “Cyber-verse” around it has created hundreds of thousands of well-paid jobs over the last few years, and the funny part is the fact that a couple of years back – those jobs didn’t exist.
In this article I’m gonna walk you through the things you need to know about the PT industry.
Firstly, what PT means ? – PT stands for Penetration Testing.
Companies and Organizations hire people to protect their valuable databases and systems from all sorts of attackers, whether their roles are SOC analysts or Security Researchers their main job is to Protect.
On the other hand, after a given permission of course, Pen-Testers are doing the exact opposite – they are attacking, trying to “exhaust” the system, and why would i want someone to do that?
There’s a phrase explaining it perfectly : “The best defense is to attack”, meaning that if we want to protect ourselves from attacks our Pen-Testers will simply attack whatever we’re trying to protect, and, as a result, they will be able to get an idea of how the system was “reacting” during active attacks, they will analyze and report what are the vulnerabilities being discovered, what’s missing, and what needs fixing.
You’re also need to understand that the main reason that the whole Cyber-Security-Related works got created because the need to protect Intangible Assets has risen.
Important note – Penetration Testers are also called “Ethical Hackers” (White Hat), and that’s due to the fact that their intentions are “clean” and the fact that they received permission to attack the given system, in contrast to Hackers that attack without informing anyone first, their intentions are unknown at this stage (Grey Hat).
Let’s have a look at some of the different tools we use for PT :
- Zmap – Zmap functions as a free network scanner, Zmap can be used to gather information about a simple Home-Network or even big, Multi-Based networks.
- Wireshark – Wireshark functions as a network protocol analyzer, the program tracks the network traffic and gathers intel about the systems and protocols being used, an attacker could take advantage and exploit it to his own purposes by intercepting and getting sensitive data.
- Burp Suite – being used to Pen-Test Web-applications, a very useful tool that allows us to perform many test in many different ways, it’s UI is very easy to use, by using this intercept tool we can retrieve an entire information from a request without actually “doing it” on our own browser, the Burp Suite “Repeater” allows us to analyze the application’s (being tested) responses based on the HTTP or WebSocket messages being included in a request being sent and allows us to change values on parameters and adjust changes so we can see the App’s reaction on real time every time we change something!
What we can use these tools for :
- Gather information and exploits that can be used.
- We can use it so simulate or actually attack Web-Apps (if we’re naughty).
- We can use it to Reverse Engineer Web-Apps.
- and so on…
The PT industry is not and easy one to get into, but it’s sure is a rewarding one!
Trying to find the best platform who performs PT and make reports that will be of great value to you while being very accessible and easy to use?
Well, you can always try Kayran, the best tool to PT yourselves!
Stay safe my little soon-to-be Hackers, choose Kayran.