VAPT - Kickstart

Brief on VAPT - Naveen Kumar

⭐ Before Jumping into Types and Methods of VAPT. Let's learn and understand some technical terms used in it :) ⭐ 1) Vulnerability - Weakness in the system or server. (For eg. Let's assume there is a house(system) that contains valuable treasure(Confidential Data) in the center of that house and a thief(a Bad hacker) noticed it and planned to steal all those treasure(Data) for that he/she started to gather information(Recon, Enum or Scanning) about that house. And that thief noticed the house windows are made up of only glass. so here, the glass windows is a loophole it is the vulnerability by breaking it anyone can able to steal that treasure.)

The vulnerable house (System or Server)

2) Exploit - A Piece of Code or script or tool used to break that vulnerability in the system. (From the previous example the thief finds out the vulnerability(glass windows) in that house. now he/she wants to break down that glass. this can be done by a strong iron rod or by throwing some big size stone on that glass or by any other strong objects. in our case let's take he/she used a big size stone(Exploit) to break that vulnerability in that house(system).

The Big stone(Exploit) used to break that vulnerability.

3) Payload - A Piece of custom malicious code used to exploit that vulnerability. (From the previous example the thief used the stone to break that vulnerability but it matters what size of stone he/she used to break that window glass. The first thing is he/she should understand how thick the density of that glass is then only he/she can pick up the correct size of the stone(payload) and throw it on forcefully. by this a thief(bad hacker) can able to throw the correct size of the stone(payload) in that glass window(vulnerability) to break into(exploiting) that house(system).) Remember: The Correct Payload can only able to exploit the vulnerability.

Different sizes of stone (Payloads)

4) Network Protocols - Used to communicate between the user and that device or system. For more information -> Click Here 5) Ports & Sockets - A numbered tag used to communicate with the specific port number and services to that destination server or system using several protocols. For more information -> Click Here

6) CVE - Common Vulnerabilities and Exposures For clear understanding here is another small example: Let's take an Organization and its Products and Services. For Eg, Microsoft has many products and systems like Outlook, Skype, and all. Can't make sure these products are safe and secured. Remember, whenever there is a new feature there may be a bug. That's, why there is always an "UPDATE" & "UPGRADE" release by the organization by fixing many bugs in the current or previous version. So here worldwide Security Researchers will found bugs (Vulnerabilities) in these products and ethically report them to that organization which affected millions of vendors. For example: Security Researcher -> found a bug (sXSS) on Outlook Product -> reports to Microsoft -> Microsoft checks that bug is valid and if so then will assign CVE number like this (CVE-2020-XXXX) and acknowledge that researcher. CVE ID Format: CVE-Year-Number Note: These CVEs help us to identify existing vulnerabilities in the products and services. 7) CWE - Common Weakness Enumeration List the types of weaknesses in that product or system. For more information -> Click Here 8) CVSS - Common Vulnerability Scoring System: Here comes another important thing in mind when it's coming for reporting as well as giving the score for the vulnerability which we found during activity. It is used to characteristics and determine the severity of the vulnerability. It consists of three metric groups by which we can determine the vulnerability severity as Low, Medium, High or Critical. 1) Base 2) Temporal 3) Environmental For more information -> Click Here This vulnerability severity can be calculated by using the below Calculators: 1) National Vulnerability Database - NVD CVSS Calculator 2) First.org

⭐ Beginner Friendly Notes on VAPT ⭐ Vulnerability Assessment and Penetration Testing (VAPT) actually consist of two parts Vulnerability Assessment (VA) & Penetration Testing (PT). Vulnerability Assessment is finding a vulnerability using manual or automated scans. (For Eg: Performing recon and finding an outdated FTP service running in port 21) where Penetration Testing is exploiting the vulnerability which we found during vulnerability Assessment ✌️ (For Eg: Exploiting that outdated FTP service and showing the real impact of that Vulnerability)

⭐ Steps carried out in VA-PT ⭐ In Vulnerability Assessment Part: Recon Enumeration Scanning In Penetration Testing Part: Exploitation Post Exploitation & Lateral Movements Remember Recon, Enumeration & scanning methodology will differ person-to-person.

⭐ Types of Pentesting Assessments ⭐ 1) Black Box Testing - Mostly Scopes will not be defined by the client, only objective will be given. Targeting the scope without any prior knowledge. (For eg: The Client will ask us to do Web Application PT for their organization blankly without mentioning any specific website name or IP address) 2) Grey Box Testing - The Client will share with us partial information about the Pentesting scopes like IPs, Server names, website URLs. something can get demo credentials for the target. 3) White Box Testing - Mostly the client will share all the information about the target including Credentials and all & should target only given scope.

Common Types of Testing: 1) Manual Testing (By performing attacks and discover everything inch by inch manually) 2) Automation Testing (By running Automation Scans using Tools like Nessus, etc,.)