Penetration Testing Defined

0:00You don't have to hang around with the security

0:02engineers in your organization long before you hear

0:05mention of penetration testing.

0:07Pen testing is so cool.

0:09And I know you're anxious to get started.

0:12But before we jump headlong into actual penetration testing,

0:16let's spend some time defining exactly what we're

0:19talking about here.

0:21And it is a really interesting discussion,

0:23because it all stems around hacking.

0:25Yeah, we are going to be hacking when we

0:28engage in penetration testing.

0:30And a hacker, as even the National Institute

0:33of Standards and Technology would define,

0:35this is an unauthorized individual

0:38that is trying to gain access to some system that

0:42has security mechanisms in place to keep

0:44that unauthorized individual out.

0:47So right off the bat, it's like wait a minute,

0:50we're going to be engaged in something that is not ethical?

0:55Well, that's really what's happened.

0:57Hacking has evolved so much that we really

1:00need to separate out the ethical hacking

1:04from the unethical hacking.

1:06Ethical hacking is going to be doing things

1:09like penetration testing.

1:11And this is where we are going to be

1:14authorized to carry out security testing against systems.

1:19And typically, we are looking for vulnerabilities that

1:23might exist in the security.

1:24We'll look at the defenses that are put in place to see

1:28if they're actually working.

1:30And this is something, the penetration testing,

1:33that we'll want to do both periodically as well

1:37as randomly because we know things are going to be changing

1:40constantly in networks today.

1:42And clearly, we're going to need to make sure

1:44that our penetration test results and reports are

1:47up to speed with all those changes.

1:50Now keep in mind that penetration testing could

1:54be done in an unethical manner.

1:57Of course it could.

1:58In fact, this might even not be all that intentional.

2:02For instance, let's say we're doing some penetration

2:04testing against Windows systems and we

2:07discover some unknown vulnerability

2:11that exists inside of Windows.

2:13Yikes.

2:14Not good.

2:15We then go ahead, let's say, and go to our blog site

2:19and document this previously unknown Windows vulnerability.

2:24Well, technically, sorry, we have just

2:27engaged in unethical hacking with our penetration testing,

2:31because Microsoft is going to be very, very upset with us

2:35that we are now alerting to individuals out there

2:38that might do harm that there is this vulnerability.

2:42And perhaps in our blog we explain

2:44exactly how to trigger that vulnerability

2:47within the system.

2:48As part of this skill where you'll really

2:51get to penetration testing well, we'll

2:53take a look at the threat landscape that we have today.

2:57It's pretty scary, because the threat actors as we call them,

3:02those that might do us harm, they're

3:04more varied and diverse than ever.

3:07And then we also will talk about the overall methodologies

3:11that will be used with penetration testing.

3:13And finally, we'll even give you advice

3:16on how easy it can be today for you

3:19to set up a safe and effective pen test lab

3:23that you can utilize in order to experiment

3:26with many of the technologies I'll be demonstrating for you.

3:30So penetration testing.

3:31Think about it.

3:32It's often about validation.

3:34Yeah.

3:34It's an ethical hacking process that we'll go through

3:37to validate the security mechanisms that

3:40are in place for maybe it's very sensitive data that we

3:44are trying to keep secure in our organization.

3:47Without the penetration testing, we're

3:49not going to know if we did a good job in securing

3:52that information.

3:54I hope this has been informative for you.

3:56And I'd like to thank you for viewing.

0:00I really need you to brace yourself.

0:02Incoming is probably one of the worst Bob Dylan impressions

0:06you've ever heard.

0:07Oh the times, they are a changing.

0:12Why does this song come to mind?

0:14Well, we're going to talk about the modern threat landscape

0:16when it comes to penetration testing

0:18and, Yeah, a lot has changed and always will change.

0:23Think about the year 2017, for example.

0:26This became known as the year of ransomware.

0:30That's how prevalent ransomware attacks have become.

0:34And think about it.

0:35If we go back 10 years from this point,

0:37no one had even thought of the word ransomware.

0:40So it's interesting how things like this happen too.

0:44We can learn so much from some of

0:47the famous ransomware attacks.

0:49The example that I'm showing you right here

0:51is the very famous WannaCry example.

0:55How did the WannaCry ransomware attack

0:58end up affecting an estimated 350,000 IP

1:04addresses across the globe?

1:06Well, it was taking advantage of a Server Message Block SMB

1:12vulnerability found in Windows.

1:15The vulnerability was named EternalBlue.

1:19And this vulnerability in SMB Microsoft knew about.

1:23They had released a patch for this vulnerability.

1:26But no one took it really seriously.

1:29And the EternalBlue vulnerability

1:31ended up giving the door into the WannaCry ransomware

1:36attack that caused all these many problems.

1:39So this is just a representation of a couple of things--

1:43how this landscape changes and we end up getting attacks

1:47that are of a new category even.

1:50And it also represents how this vulnerability

1:54leads to this attack which leads to this attack.

1:58So everything's connected, man.

2:00And this is something that we'll see again, and again,

2:03and again as we work throughout these pen test skills.

2:07Something else that's super interesting

2:09that we'll be tackling is zero day type of attacks.

2:13So when there is some brand new attack

2:16that we have never seen before, it's called a zero day attack.

2:20And of course, one of the very interesting things about that

2:23is how in the world would we ever protect ourselves

2:27against it?

2:28I mean, there are no IPS signatures for it.

2:32There are no definitions for it in antivirus databases.

2:35So zero day is a very interesting topic

2:38that we'll be exploring.

2:40And then yet another super interesting topic

2:43is the Internet of Things, or IoT.

2:46Attacks are happening in this category.

2:48And one of the most fascinating comments

2:50on this that I ever heard was at a large tech conference

2:54where this IoT big shot got on the stage--

2:57and I didn't mean that negatively.

2:59He was really a big shot.

3:01This guy got on the stage and he said, you know,

3:03what's scary about the IoT security landscape?

3:07We don't know what's scary.

3:10We don't even know the kind of damage that could be done.

3:13We don't even know what the threats are going to look like.

3:16And that was the scariest part for him.

3:20And another thing that's really evolved and will continue

3:22to evolve are what we call the threat actors, those

3:25that seek to do these kinds of hacking activities against us.

3:31That's changing all the time.

3:33I mean, we've got organized crime in the game now,

3:36you know like Tony Soprano in the group.

3:38Hey, forget about it.

3:41We've got hacktivists.

3:42Yes.

3:43One of the famous groups called Anonymous.

3:46this right here is their flag.

3:48This right here is their little calling card

3:50that you will see after you've been attacked.

3:53This right here is those really, really freaky masks

3:56that they will wear.

3:57And you know, all of this stuff is centered around,

4:00oh, we're hacking, sure, and we're

4:02committing computer crime.

4:03Sure we are.

4:05But we're not doing it for financial gain.

4:07We're doing it for political reasons perhaps

4:10or social awareness reasons and all that kind of stuff.

4:14The main thing that I want you to remember

4:16is it's not money as the motivator with the hacktivists

4:20most typically.

4:21There's state-sponsored attacks where

4:23we have one country saying, hey, let's disable the systems

4:28of another country.

4:29Scary.

4:30And then, of course, we've always had this category.

4:34And this is by far the biggest category.

4:36And that is when we have attacks that

4:39are coming from disgruntled or even nondisgruntled users

4:43inside of our organization.

4:45Just like everything else, we have

4:47to consider that there are malicious versions of this

4:51and nonmalicious versions of this.

4:53But insider attacks, oh my goodness.

4:56They're so common.

4:57And we don't really even know how common

4:59they are, because not all of them are being reported.

5:02Many times these attacks come and the organization

5:06is under no legislative requirement

5:09to report the activity so they don't report

5:12the activity, leading me to make that statement of boy

5:15are they common.

5:16And we don't even know how common they are.

5:19Now as you and I are operating as part of the forces of good,

5:24you and I need to realize that, look, this is not all bad news.

5:27I mean, this Nugget may be like the ultimate buzzkill, right?

5:31No, no, no.

5:32It's not all bad news.

5:33We are going to have tools at our disposal

5:36as you'll see that are very, very sophisticated compared

5:39to what they used to be.

5:40And we're going to be able to do things that we were never

5:42able to do before when we are engaging in penetration

5:46testing.

5:47And then, of course, as is so typical,

5:50we are really helping organizations

5:53to guard against this ever evolving threat landscape.

5:58I hope this Nugget was informative for you.

6:00And I'd like to thank you for viewing.

0:00[TECHNO MUSIC]

0:10Think about it.

0:11A computer criminal, they're going

0:13to have a methodology as they're attacking us.

0:16It only stands to reason that, as penetration testers,

0:19we should have a really rock solid methodology as we

0:22are testing for the security in our systems.

0:26And I think this becomes even more

0:27obvious in today's landscape.

0:29And that's because one of the things that we see consistently

0:32is systems just keep getting more and more complex.

0:36So as the system grows in complexity

0:39that we are pen testing, the methodology that we use better

0:43be rock solid.

0:44And another reason we really want

0:46to come up with solid methodologies

0:49is because of what we call scope creep.

0:51This happens a lot.

0:53So it is our goal to pen test some component

0:56and then, inevitably, the pen testing

0:59starts spreading out to additional components.

1:03And now we're running into problems

1:04that we did not anticipate.

1:06We are producing reports that contain information

1:10that the person that we're pen testing for

1:13might not have even wanted to see.

1:15So we got to make sure that we really define scope.

1:19And I'll have a skill for you covering that, of course.

1:22And that will be one you do not want to skip.

1:24Now something else too that is really

1:27going to help us if we have a methodology that's

1:30tried and true that we are utilizing

1:32is the fact that, with the documentation that we

1:35are inevitably going to be needing to provide the client,

1:39the documentation is really facilitated

1:43through a careful, well thought through methodology.

1:46So we are almost, in a sense, automagically creating

1:50a lot of that documentation just through the great methodology

1:54that we're using.

1:55And speaking of the complexity of modern systems,

1:58we really need to group methodologies under the web

2:03application tests that we might be running, the network

2:06infrastructure tests, wireless, physical facilities,

2:10and social engineering.

2:12You may break this down into further categories.

2:15And keep in mind the delineations aren't always set

2:19in stone and rock solid.

2:20Let me give you a perfect example.

2:22We know that many web applications today

2:26are going to be built upon database technology.

2:29So there'll be underlying databases

2:31that store the information.

2:33The web application, one of its functions

2:36is to be a front end for that database

2:39and make the database information accessible.

2:43So as part of our web application testing,

2:47we will be doing things involving the database.

2:50But note it's really going to be constrained

2:54in scope to the web application aspects of the database.

2:58There may be other methodologies that we

3:01use against the underlying database itself

3:04for further testing.

3:05With network infrastructure tests,

3:07the sky's the limit, right?

3:08I mean, we may be dealing with our routers.

3:11We may be dealing with our firewalls.

3:13We may be dealing with switches.

3:17There is a wide variety and an ever-growing list

3:20of potential devices inside the infrastructure, which

3:24may need to be incorporated into our tests.

3:27I can't say enough about social engineering.

3:30So many of the massive attacks that we

3:32read about in the headlines today

3:35began with very relatively simple social engineering

3:40attacks that were successful.

3:42So this is an area that we really

3:44need to do due diligence on and provide

3:46a lot of great education on this topic to both the stakeholders

3:50as well as the employees or the clients of those stakeholders.

3:55Now before you get like super stressed out about all this,

3:59just realize that, like in so many areas of technology today,

4:02we don't have to operate from a vacuum.

4:05No.

4:06There's great classic methodologies out there

4:09that are documented for us.

4:10We'll be referencing them again, and again,

4:13and again in these penetration test

4:15skills like the penetration testing execution standard or p

4:20test.

4:21And no, that's not pee test.

4:23A p test is something different entirely.

4:25This is p tests.

4:27And we'll see where there's going

4:29to be excellent information inside of that standard.

4:32And it's going to give us Ike phase

4:35information in how we can operate

4:37in a tried and true manner.

4:39There'll be specific methodologies

4:41like the payment card industry data security standard.

4:45I'm pretty sure that's what DSS stands for.

4:48I know D is Data and S is Security.

4:51Data Security-- yeah.

4:52I got it right.

4:53Data Security Standard.

4:53Never question yourself, Anthony.

4:55And this is going to be a pen test guidance

4:58section of their documents that's

5:00going to be very, very valuable for us,

5:02things like the penetration testing framework

5:05and the open source security testing methodology manual

5:10is something that we will be taking

5:11a look at for its specific guidance in this area as well.

5:16Now the final point I want to make about methodologies as we

5:19really kind of zero in on defining what pen testing is

5:23all about is our box tests.

5:25You see there is testing that we do that couldn't be considered

5:30oftentimes or categorized as white box, black box,

5:33or you'll see gray box tests.

5:36What this is all about is simply how much information

5:39we have about the device or architecture

5:44that we are testing.

5:46If we know pretty much all there is to know about that entity,

5:50this is a white box test.

5:52So let's think about this in terms of like server operating

5:55systems.

5:56If the penetration test device that I

6:00am working with, if I know the exact version of the operating

6:06system, the patch level, the apps

6:09maybe that are installed inside of it,

6:11if I know all these great details,

6:13that's a white box test.

6:15But there are environments where we

6:17would want to be doing specifically black box tests.

6:21And that's where we know nothing.

6:23We're not provided any advanced information about the entity

6:27that we're testing.

6:28As you might guess, a gray box test

6:31would fall somewhere in the middle of these two approaches

6:34where we get limited information but at least some

6:38about that entity that we are testing.

6:41If you're confused on, OK, now wait a minute,

6:43when am I going to use which or the other, that is something

6:46we'll be working with throughout these skills as well.

6:49Now if you're like me, you're super

6:51anxious to get your hands dirty here

6:53to really jump in and start doing some penetration testing.

6:56And I've got great news for you.

6:58Next up in this skill, I'm going to have some nuggets for you

7:01that discuss the lab environment for penetration testing.

7:06And this is super exciting, because if we approach the lab

7:11environment properly, we can be up and running safely

7:16penetration testing in no time.

7:19I hope this Nugget was informative for you.

7:21And I'd like to thank you for viewing.

0:00[MUSIC PLAYING]

0:15I hope you dug that little intro tune.

0:17It only took me 3 and 1/2 hours in GarageBand last night.

0:22So this Nugget is important for two big reasons.

0:25Number one, we want to learn to build

0:28a really awesome penetration testing lab

0:31so that we can learn these technologies.

0:34But perhaps even more important than that,

0:37we need to discuss pen testing labs

0:40that we may be creating when we're out there consulting

0:44or working for our employer and we

0:46need to do penetration testing against a lab environment.

0:50So really this is a two for one kind of Nugget.

0:53And in both cases, regardless of whether we are setting up

0:56our penetration lab for our own education as we're learning

1:00this skill or if we are setting up a penetration

1:03lab due to an engagement we are on with a client--

1:07you can say it, Anthony--

1:09then either of those situations, it's

1:12typically a little more complex than we're

1:14used to setting up this lab.

1:16And that's because, as we've alluded

1:18to earlier in this skill, things are more complex than ever

1:22today.

1:23There's going to be a wider variety of systems and devices

1:26than ever that we might need to be pen testing against.

1:29And great news.

1:31We have more tools than ever.

1:33But you certainly need to know the ins and outs of these tools

1:36to use them appropriately and successfully.

1:40Now keep in mind that many times when

1:43we are working with clients and we're pen testing, by design

1:48we are going to be testing against their production

1:51network.

1:52Yeah.

1:52And you know, that's the whole thing.

1:55They're like, OK, we have this system in place.

1:57See if you can penetrate it.

2:00And we're going to be very, very careful in scoping that.

2:03And we're going to be very, very careful

2:05that we don't like disrupt for measurable time

2:09periods their operation and all that kind of stuff.

2:11We'll give you guidance on this.

2:13But just keep that in mind that we are not always

2:16testing for them against what we often

2:19call a sandbox where we isolate the system

2:23and test in that safe kind of-- oh,

2:26what's it-- sanitary environment where

2:28we can't mess with production.

2:30So there are definitely two ways to approach that.

2:33We'll be getting into much more detail about it.

2:35We can't forget though, yes, as I alluded to,

2:38the practice lab is something that we're also

2:41going to be setting up.

2:42And that's a great opportunity for us

2:44to practice with our tools and to practice

2:47pen testing different systems and different devices.

2:52Now because this is complex enough of a lab

2:55that we are going to be working with,

2:56I wanted to give you some often fundamental concepts

3:02that we want to know when it comes to pen testing labs.

3:06Oftentimes, our pen test lab will need to incorporate access

3:10to a public network.

3:12Yeah, like the internet.

3:14So we have this pen test lab.

3:16And we're doing all this great pen testing inside it.

3:18But we do have need for worldwide web access

3:22for all kinds of reasons.

3:25And this is important to think about because this technically

3:30is therefore an open system.

3:33And we need to make sure that we have the correct protection

3:37mechanisms in place since technically it's

3:39open that we don't allow maybe even attacks themselves

3:44to flow outside of the network.

3:48We have an opposite approach.

3:50And that is to build a closed system.

3:53So we say nope, nope, nope, nope.

3:56There is going to be no ability whatsoever for this system

4:01to reach out to other networks, other devices.

4:04We're staying completely closed.

4:06And this is often the approach we

4:08have to take when we are in the confines of our organization.

4:12That's a headquarters building in case you didn't know.

4:14It's also a domino.

4:16So we need to make sure when we're in HQ

4:20and we're doing this, can you imagine

4:22how upset the IT department would be when we bring down

4:25key systems and we're like, hey, whoa, whoa,

4:27whoa, wasn't my fault. I was just doing my pen test practice

4:30like Anthony told me to.

4:32In fact, please do not say that ever.

4:35So yeah, open and closed systems certainly a consideration here.

4:40We may have private services.

4:42And that's a star.

4:43We may have private services that we

4:45are going to incorporate into the pen test lab.

4:49And you know, this might be like DNS, and DHCP, and NTP.

4:55And oftentimes due to scope, we don't

4:58want to impact these things.

5:00So really keep that in mind.

5:03Something else that I want to share with you

5:05is the concept of a clean or dirty network.

5:09So what we will do is we will have this clean network where

5:13we are operating and where those services that we need live.

5:18And then we come up with a partitioning scheme.

5:21And you guessed it, what exists below this partition

5:25is the dirty network.

5:27This contains the systems and devices

5:30that we're going to be attacking,

5:32that we're going to be testing.

5:33So that's another very common design

5:36when it comes to awesome pen test labs.

5:39They consist of the clean and the dirty network.

5:44So you'll notice that as we discuss other really, really

5:48fundamental concepts here when it comes to our lab,

5:51you'll note I begin with just a reminder

5:54that we often will use closed systems and closed networks.

6:00And the example I gave, I can't emphasize enough this

6:04is something we often have to do when

6:06we are in an environment like the production headquarters

6:10network where we work and we want

6:12to ensure there is no impact to the surrounding devices.

6:16More so than ever today, virtualization

6:19helps us out when we are pen testing.

6:21We can build a virtualized environment

6:25that contains many virtual networks

6:29and many virtual devices that are going to be easy for us

6:32to pen test against.

6:34And guess what?

6:35In the very next Nugget of this skill,

6:38I'm going to share with you a cloud solution that

6:41would clearly involve virtualized devices

6:45but would give us many, many conveniences

6:47that the cloud brings.

6:49This is being done more often than ever.

6:52When you're designing your lab, you

6:53want to be as realistic as possible.

6:56This isn't a problem if we are testing a production

7:00device for a client.

7:02I'll say it's realistic.

7:03It's the production device.

7:05But it gets more problematic when

7:07we are building a closed system, a sandbox system,

7:11and we are trying to replicate some environment for testing.

7:15We need to really spend a lot of time

7:17on this to make sure it is truly realistic for the production

7:21network that we are modeling.

7:23Modeling.

7:24I can say it.

7:25Monitored.

7:27We need more sophisticated and in-depth monitoring than ever.

7:32One of the reasons that we would do this

7:34is to, in the pen testing, see the impact

7:38that the hacker tools are having on the network.

7:41But also we need to make sure that all of this stays up

7:46and functional.

7:47We may accidentally overload RAM or CPU just

7:52with the usage of the tools themselves.

7:54And that's not realistic for this scenario.

7:57So what we tend to do is overprovision

8:00a lot in these labs so that we don't

8:03run into artificial problems artificial resource

8:07constraints, because, clearly, we

8:11want to be in scope for what we're testing.

8:15We might involve multiple OSs.

8:18And that's another thing that you'll

8:19see that the cloud is so wonderful for.

8:22And we'll probably want to take our tool set

8:26and test with one tool, and then test with another tool that's

8:30like that tool, and then test with a third tool that's

8:33like that tool, and using different tools that

8:36attempt to do the same thing makes for a much more robust

8:40penetration test.

8:42Finally, when it comes to practice targets,

8:44we need to be creative.

8:46If we're operating outside of a production network

8:50to maintain that level of realism,

8:53we need to make sure that we model

8:55as closely as possible the targets in our penetration

8:59testing.

9:00So if building realistic, and well-provisioned,

9:04and rock solid labs is something that excites you as it does me,

9:09you're going to love penetration testing because

9:12so oftentimes we are not operating

9:15for various reasons against production systems or networks.

9:19And we want to really construct a kick butt lab.

9:23That's the official terminology.

9:26In our next Nugget of this skill,

9:28I want to elaborate with you on that cloud concept,

9:32because there's some key advantages to doing that that I

9:34want you to be aware of and also some super important key

9:38caveats.

9:40I hope this Nugget was informative for you.

9:42And I'd like to thank you for viewing.

0:00How in the world are we going to pull this off?

0:02The cloud.

0:03How in the world are we going to pull this off?

0:06The cloud.

0:07How in the world are we going to pull this off?

0:09The cloud.

0:11It might be that you're suffering from a little cloud

0:13fatigue, because we hear it as the answer

0:16so much for how we're going to solve a particular IT

0:20challenge.

0:21Listen, it's pretty legitimate.

0:23In this Nugget, let me show you of those characteristics

0:27that we talked about that often make

0:29for a great, successful pen test lab,

0:32of those characteristics, many can be directly addressed

0:36by moving to CloudTech.

0:39First of all, I really need to remind you, as we pointed out,

0:43remember, we may be doing penetration testing

0:47against a production network.

0:49And sure enough, with the popularity of cloud

0:52today, that production network your client

0:55may be running in the happy, happy cloud.

0:58It might be a public cloud.

1:00It might be a private cloud.

1:02It could even be a cloud that's part of a community cloud.

1:06So there's so many times where we'll

1:09be pen testing against somebody's cloud

1:12infrastructure.

1:13And it's so common, because so many clients today

1:17have moved to the cloud.

1:18And they're really kind of unsure

1:21about the security posture and security environment

1:24that they are operating within.

1:26But even if we are talking about a true lab,

1:30maybe for our learning practices or to sandbox

1:33and replicate a production environment that we're

1:36going to pen test against, the cloud

1:38is more and more appealing than ever today.

1:42But don't worry.

1:43If you're interested in setting up the classic data center

1:48architecture for your pen testing and maybe

1:51you're using all physical equipment in the data center,

1:53or if you're doing a data center and you

1:56are using virtualization inside that data center

1:59but you're not going all the way to cloud characteristics,

2:03no problem.

2:04In our pen test skills, we're going

2:06to be giving you examples of how to set all of this up

2:09and how to pen test against it.

2:11So if Cloud isn't your thing, I won't

2:15be biased as we move throughout these skills to the cloud.

2:18Now, do you remember this presentation

2:20from our previous Nugget in this skill?

2:23Sure.

2:24Think about how the cloud can actually

2:27help us accommodate so many of these common pen test

2:31lab mainstays.

2:33And some of them might even surprise you.

2:35For example, you might think, well,

2:37we can't do a closed environment in public cloud.

2:41No, no, no, no.

2:42Of course you can.

2:43You're going to have in the case of the famous Amazon Web

2:46Service example, you're going to have what is

2:49called a virtual private cloud.

2:52And you could have many of these, by the way.

2:54But in a single VPC, you could go ahead

2:57and you could do a totally private subnet.

3:01That's right.

3:01You can only get in there through something

3:04like Secure Shell, and it could be only you.

3:08And it will have no communication

3:10with any other entity.

3:12So yeah, we can do closed systems.

3:14In fact, we have even more flexibility

3:16with the cloud in setting them up.

3:17The cloud is powered by virtualization,

3:20so we can take advantage of that.

3:22We can get very realistic as far as modeling

3:26an actual infrastructure in the cloud,

3:28because we're going to have all kinds of opportunities

3:31for appliances that we might not be able to afford for a lab

3:36if we were having to go out and actually get

3:39the physical equipment.

3:40It is hyper monitored.

3:43You heard me right.

3:44Cloud implementations give us monitoring capabilities

3:47like never before.

3:48As far as provisioning resources go,

3:51the cloud gives us not only scalability, the ability

3:56to increase resources quickly and easily,

4:00but the cloud gives us elasticity.

4:03And elasticity would allow us to grow or shrink resources

4:07as we need them.

4:08We're going to have a ton of options for practice targets

4:11thanks to the marketplace that is available with cloud

4:14infrastructures today.

4:16They're going to accommodate all kinds of different OSs.

4:19And they'll even offer us tools built right in.

4:23Even if up to this point you've only

4:25had a casual interest in pen testing,

4:28you probably heard about one of the shining

4:31examples of tools that we have in our tool belt these days.

4:34It's called Kali Linux.

4:36Check this out.

4:37We're going to go up to the AWS Marketplace.

4:40And I'm going to go in here, and I'm going to do a search

4:42for K-A-L-I, K-A-L-I, K-A-L-I. It's Kali Linux.

4:50Woo-hoo.

4:51There it is.

4:52This is Free Tier eligible.

4:55That means we can get this highly updated

4:58version of Kali Linux, and it's going

5:01to cost us $0.046 per hour.

5:06And it's Free Tier eligible, meaning

5:09that we can spin this up at that total price with no charges

5:15whatsoever from Amazon Web Services.

5:18And this Kali Linux is only going

5:20to cost us $0.046 per hour.

5:23And that's when it's running.

5:25So if we're only using it for a couple of hours

5:27and then we don't even need it anymore,

5:29we have gotten our money's worth, to say the least.

5:34Now, I don't know if you remember this,

5:35but at the end of the previous Nugget,

5:38I was talking to you about how there

5:40are going to be caveats here.

5:42Two that come to mind immediately

5:44is the simple fact that we can't do everything with the cloud.

5:48I mean, think about physical security penetration testing.

5:54We don't have any physical.

5:56Oops.

5:57So yeah, we're not going to be able to pen test

6:00the physical infrastructure in a public cloud environment,

6:03because I'm pretty sure Amazon Web Services would be super

6:06upset if we showed up at one of their high tech data centers

6:10and we're like, we're here to pen test the physical security.

6:14Not going to go over all that well.

6:17The other thing that I wanted to mention right away

6:19here is, if you have a big client that you're working with

6:24and they're in, let's say, Amazon Web Services

6:27and they hire you to pen test against their production Amazon

6:32Web Service infrastructure, you are almost always

6:36going to want to obtain--

6:37you may even have to obtain--

6:40written permission from Amazon Web Services to do that.

6:43It makes sense, right?

6:44Amazon must know that the attacks that are coming

6:49are from you, and they need to know why you're doing

6:51it and all that great stuff.

6:53They have very much over the years

6:56loosened up on you taking a private subnet

6:59inside a virtual private cloud and doing your own little pen

7:02testing of systems inside that sandbox.

7:05They're not nearly as concerned about that,

7:07and it's evident why.

7:09But boy oh boy, be careful with any public cloud vendor

7:14if your plan is to pen test against production networks

7:20that they're hosting.

7:21Makes good sense.

7:22I hope this Nugget was informative for you,

7:24and I'd like to thank you for viewing.

0:00I know.

0:01I know.

0:01You're probably not excited about penetration

0:03testing as I am.

0:05But I hope now that we've walked through these Nuggets

0:07where we really took a detailed look at exactly

0:11what penetration testing is all about,

0:13I sure hope you're almost as excited as me.

0:16And you're probably wondering, OK,

0:18I got a good handle now on penetration testing,

0:21and common methodologies, and things to watch out for,

0:24and different ways we can go about it.

0:27But what do we do next?

0:28Well, I would highly suggest that next you

0:31take a look at the skill where we

0:33are going to be really planning intensely

0:38for a successful penetration test engagement.

0:42I'm going to give you great strategies for planning,

0:44great tools that are going to help you plan.

0:46This is super important, because if we don't plan ahead,

0:50we could easily violate laws.

0:53We could get clients really, really angry with us.

0:57We could even--

0:58I shudder to think--

1:00give bad, bad advice when it comes to the security

1:04posture of an organization.

1:06I don't know about you, but I don't want that on my resume.

1:10I hope this Nugget was informative for you,

1:12and I'd like to thank you for viewing.