The Ethical Hackers carry out intrusion tests, “penetration testing or pentest”. There are several types of pentests: external (from the internet), internal (from the company network), in black box mode (without information), or gray box (with a test login for example) to name but a few.
How does External Blak Box Pentest is executed?
During an external black box pentest, the Ethical Hacker with cloud computing training in Dubai has no or very little technical information (an IP address for example, or a website URL) on the environment it is to attack. From there, he uses the same strategies as a hacker to achieve his ends. It will collect information on its target (the domain name, the services that are active on the targeted server, the technologies used…). Then, it will test the known vulnerabilities on the services discovered using the vulnerability scanner. And if they exist, he will try to exploit them to break into the system to potentially obtain the “holy grail”: administrator rights allowing him total control of the compromised machine.
And one thing leading to another, rebound from machine to machine and from network to network, he will be able to extend his misdeed on the target and potentially access confidential information, shut down systems and control all or part of the client’s Information System as he pleases. And this is where ethics makes all the difference, where the Ethical Hacker with networking course in Dubai will write his test report, without harming the customer, as a hacker might have done.
Internal Penetration Test
Internal penetration tests, on the other hand, aim to test what a malicious employee could do as damage in the company, simply by obtaining tools and by following tutorials available on the internet (cf. Kiddies scripts from Wikipedia)! The partitioning of networks and information, the escalation of privileges, the strength of passwords, are all elements that are tested in real during the internal pentest and which often make it possible to highlight shortcomings in these areas. Thus, weak passwords are generally discovered very quickly, thanks to “brute force” tools which allow all possible combinations of characters to be tested in record time. The “ABCD1234”, “12345678”,… cannot resist it, opening the door to internal intrusions, in directories and / or computer applications not authorized in normal times.