In this part of the lecture on Cybersecurity, Bogdan explains the process of collecting information for penetration testing and security auditing, focusing on both external reconnaissance and internal cloud security assessments. External Reconnaissance Internet Scanning Services: Tools like Shodan, ZoomEye, and Censys are used to scan the internet and gather information about hosts. These services identify open ports, SSL/TLS certificates, and underlying technologies (e.g., Nginx, Apache). Information Leakage: SSL/TLS certificates can inadvertently expose subdomains if not managed correctly. Protocol Analysis: Identifying protocols on specific ports, such as port 25 for SMTP, provides potential attack vectors. Security professionals may use tools like telnet to grab service banners for further investigation. Domain Information: "Whois" lookups are a basic component of reconnaissance, providing contact information and location details related to domain registration. Purpose: The primary goal of this reconnaissance is to determine the "attack surface" of a target system before starting an assessment. Cloud Security Auditing Automated Auditing: Tools like ScoutSuite can be used to audit cloud environments. By providing API keys for cloud services, these tools connect to the environment and check configurations against security templates. Common Misconfigurations: A frequent issue is the accidental exposure of services (such as S3 buckets or databases) to the public internet. Developers may not realize their infrastructure is publicly accessible after deployment. Internal vs. External Checks: While penetration testers perform external checks to find what is exposed, organizations should also perform internal audits using checklists to ensure that services are not inadvertently opened to the public. Check out our workshops and events calendar at: https://luma.com/calendar/manage/cal-NHAHHepuTWOYDae/events

Penetration testing, also known as "pentesting," is a legitimate and controlled assessment where a specialist is hired by a company to perform hacking activities. Because pentesters and hackers share the same tools and techniques, this process allows for the identification of security weaknesses in a way that mimics real-world threats. Key Phases of Penetration Testing While methodologies can vary, the process generally follows eight main steps: Planning and Preparation: The scope is defined, covering areas such as websites, internal networks, cloud environments, or mobile applications. This stage involves legal agreements, including Non-Disclosure Agreements (NDAs) and clear "rules of engagement" that dictate when testing can occur and what limitations are in place (e.g., bandwidth restrictions). Reconnaissance: The specialist passively collects data about the target, such as emails, domains, and credentials. Scanning and Enumeration: An active phase where the specialist performs tasks like port scanning and searching for open directories, backups, or potential leaks. Vulnerability Assessment: Automatic web vulnerability scanners are utilized to detect known security flaws. Exploitation: The specialist exploits the discovered vulnerabilities. This is a critical stage where they may pause to confirm with the client whether they should continue or stop. Post-Exploitation: After successfully hacking a system, the specialist may attempt to elevate privileges to become an administrator or expand access to other systems. Reporting: Documentation of the findings for the client. Remediation: Addressing the identified issues. Tools and Technical Concepts Scanning Tools: Tools like NMAP are commonly used to identify open ports. Commercial tools such as Acunetix, Nessus, and Burp Suite are also employed to generate vulnerability reports. Ports and Protocols: There are 65,535 possible ports for both TCP and UDP protocols. Since a full scan is time-consuming, specialists often focus on the "top 100" most commonly used ports.