So, what is penetration testing ?. It's sometimes also called ethical hacking, security research and a lot of other fancy stuff, but it's almost the same thing. It's hacking in a legal way,
And why do i stress that ? Because as soon as you mention the word hacking, security testing, a bit like when you mention lockpicking, the listener always assume it's illegal, and I'm pretty tired of that !
Anything you read here is done in a controlled environment, with permission, or in labs made for trying out pentesting, and so should you. Don't be an **hat..
So, what is penetration testing ? It' s testing security in computer systems, by actually breaking stuff. A vulnerability assessment is just a scan to see if there are security holes, and can be done with something like the Nessus scanner, or other kind of automated scanner, or by doing recon against the target, to see what systems / services they run, and make some educated guesses on their status, and what "might" be possible to exploit.
A penetration test, on the other hand, is taking things a step further. It usually attacks the target in a controlled manner, with permission from the owner of the system ! Note permission here, it's quite important.
And what does it cover ?, well, that's another story. There's different types, some look at software, in a lab environment, to see if it's vulnerable, or contains flaws that can be exploited. Some is directed at networks and services, or against wireless networks, as in wireless hacking. Some are directed at users, something like trying to social engineer users by using phishing emails, or fake access points. Another form, is the physical pentest, targeting locks, alarms and CCTV systems or other parts of the building. So, penetration testing is a very large skillset to learn.
A question I get a lot is, how do you actually train this ?. Well, it's pretty simple really...
Buy a good computer, and a couple of access points, some old refurbished laptops to cover the hardware side of things, and make yourself a lab. Download something like Kali, and start to learn it. There's also a lot of good stuff on Youtube, and a veeery long list of books that's worth reading, so that's a good start.
For the physical side of things, it's the same deal. Buy a good pick kit (Andy Law's stuff is highly recommended for the more serious picker), buy a a couple of good training locks, (Sparrows / Multipick), and buy a decent selection form your local locksmith, and a good vice. Head on over to Youtube, and have a look at Bosnianbills and the lockpickinglawyer's channels, and of course let's not forget Locknoob's channel.
From that point of, it's time and training, not much else.
And throw in a alarmsystem / CCTV system, and you should have something to entertain you for hours on end. When you're done with that, go have a look at something like RFID / RF, and get yourself a HackRF and a Proxmark3, just for the fun of it, and I'll promise you, the world around you is never gonna be the same again ;)
But, how about the hacking part ?. Well there's something like HackTheBox and their labs. They are pretty cheap, and quite okay. They should keep you entertained for hours, and give you plenty of test targets to work on to build you skills. You can find them at https://www.hackthebox.eu. There's also something like Offensive Security and their proving ground labs, https://www.offensive-security.com/labs/.
Both cost a bit of money, but it's not so bad, and really worth the investment for the more serious. Another way, is VulnHub, that you can find at https://www.vulnhub.com/.
Vulnhub is virtual machines, some for VirtualBox, and some for VMWare, it depends. Those you can setup on a server / VM-Server in your own network and have a go at, it really is quite fun.
So, now you know how to get hold on targets, and know a bit about whet penetration testing is, go build you lab, and strap yourself in, and come back. In the next articles, we'll be looking at some VM's and how to hack them ;)