You may ask yourself, why is Cybersecurity important? As a society, we are increasingly dependent on technology, with personal information such as credit card numbers and social security details being transmitted and stored online. Cybersecurity is the field that focuses on securing hardware, software, and protocols to safeguard valuable data and systems from compromise.

Although many applications may appear secure at first glance, that is not always the case. According to the CISA, "47% of American adults have had their personal information exposed by cybercriminals," and "1 in 3 homes with computers are infected with malicious software." These statistics highlight the integral role of Cybersecurity, not only for experts but for everyone involved in technology development, testing, or interaction.

This is one of the primary Cybersecurity fields and where most people start.

DISCLAIMER: Always remember to remain ethical. Attacking systems without explicit permission is illegal and dangerous. Therefore make sure to stick to labs that are specifically designed to practice penetration testing on. Only use the techniques here on lab environments!

What is penetration testing?

Penetration testing is a category of ethical hacking. During a penetration testing engagement, you simulate a cyber attack against a computer system to check for known vulnerabilities and exploit them. This can involve attacking a web application, exposed services that should be hidden, or laterally moving through an ad network to compromise multiple devices. A penetration test usually has multiple stages: OSINT, scanning and enumeration, exploitation, and post-exploitation.

Why do we do this?

Every day of the year hackers attempt to illegally gain access to vulnerable systems. Therefore it is important for companies to make sure that these hackers cannot easily access their systems. To achieve this, the first step is to have an internal security team. These however don't aren't always aware of all vulnerabilities. This is where Pentesters come in. They attempt to breach the target system in any way possible within the scope of the engagement. Then at the end of the given timeframe they submit a report to the client, listing all of their findings, which lets the client harden their systems before a hacker with malicious intent attacks them.

Capture-The-Flag (CTF) Competitions are exercises where participants attempt to find text strings, or "flags" (i.e. FLAG{this_is_the_flag}), hidden in a variety of different types of challenges spanning categories like web exploitation, reverse engineering ("rev"), forensics, cryptography ("crypto"), binary exploitation ("binex"), etc. CTFs help you learn a lot of different skills in all of these different specialties, and there are many resources to learn how to play CTF's. More about CTFs and these various categories can be seen in the Getting Started with Capture-The-Flag (CTF) Competitions section below.

As mentioned earlier in the Introducing Security section, a penetration test usually has multiple stages:

1. OSINT, or "Open-Source Intelligence"

In this phase you use Google, social media, and any other research method to find publicly available information about the target. You don't directly interact with the target, but rather just aim to gather information about the company and its employees.

2. Scanning & Enumeration

During this phase you use tools such as nmap or nikto to scan the target and gather as much information on it as possible. This stage is vital to any penetration test, and usually absorbs the most amount of time, as it is important to know as much about the target as possible before launching your attack.

3. Exploitation

In this phase you use the information gathered during your initial enumeration phase to chose a publicly available exploit to use a vulnerable point in the system to gain entry.

4. Post-Exploitation

Oftentimes after you get a shell on the target you only have access to the system as a lower privilege user. Your goal however is to have administrator/root rights. To achieve this, you once again start a new round of enumeration to find internal vulnerabilities that might allow you to escalate your privileges.

Always remember to remain ethical. Attacking systems without explicit permission is illegal and dangerous. Therefore make sure to stick to labs that are specifically designed to practice penetration testing on.

Pentesting Workshop Slides All the demos on the slides are no longer up. If you want, you can follow along on the TryHackMe Blue Lab referenced in the slides.

HackTheBox A Cybersecurity learning platform with a range of challenges from introductory to difficult. Sign up on HackTheBox Labs. Starting Point has some great free boxes to get started

TryHackMe Primary Cybersecurity Learning platform. You can use th pentesting starting path here, do as much or as little as you'd like.

If you want to go further, you can participate in the Club's Red Team / Blue Team simulations or try out the active HackTheBox boxes which are a bit more difficult.

Web Exploitation

The goal of web exploitation is to attack webpages. This can be done using multiple different vulnerabilities such as sql injections or directory traversals. The below links offer introductions to web exploitation methods, and a ctf focused on web challenges.

Reverse Engineering, or "Rev"/"RE"

Reverse Engineering in a CTF is typically the process of taking a compiled program and converting it back into a more human readable format. The goal of reverse engineering is usually to properly understand a program so you can identify its issues.

Binary Exploitation

After reverse engineering or fuzzing a binary to find vulnerabilities in it, binary exploitation comes into play. It describes the process of carefully crafting exploits to gain control over a binaries execution, and potentially spawn a shell. The resources listed below cover entry into the topic.

Forensics - Digital Forensics

Given a piece of digital evidence, investigate to figure out what the device was used to do and prove it. Common evidence includes: cell phones, computers, and files of various types.

Forensics - Incident Response

Given a network that has been compromised by a hacker, investigate to figure out how the hacker got in, how to remove them from the network, and how to prevent them from getting in again.

Cryptography, or "Crypto"

Cryptography allows us to transmit sensitive information over the web, and protects our privacy. These focus on breaking widely used encryption schemes which are improperly implemented. Interest in math is recommended.

OSINT, or "Open-Source Intelligence"

Osint stands for Open-source intelligence. It refers to collecting information that is openly available on the web. This can include enumerating social media profiles, or using google to bring up information on targets.

Pico CTF has a lot of ongoing beginner-level challenges for people getting started in security.

Play weekly CTF's with the club as announced in our #competition-announcements channel!

HackTheBox has free active challenges that are up for an extended period of time. There is a little bit of a learning curve, but they are interesting for learning real-world vulnerabilities.