Onnowpurbo at 04:01, 27 May 2018

2018-05-27T04:01:27Z

← Older revision		Revision as of 04:01, 27 May 2018
Line 1:		Line 1:
	~~The type and scope of the penetration test will determine the need for being stealthy during a penetration test~~. ~~The reasons to avoid detection while testing are varied~~; ~~one of the benefits would include testing the equipment that is supposedly protecting the network~~; ~~another could be that your client would like to know just how long it would take the Information Technology team to respond to a targeted attack on the environment~~. ~~Not only will you need to be wary of the administrators and other observers on the~~ target ~~network~~, ~~you will also need to understand the automated methods of detection such as~~ web ~~applications~~, ~~networks~~, ~~and~~ host~~-based IDSs that are in place to avoid triggering alerts~~.		Jenis dan ruang lingkup uji penetrasi akan menentukan kebutuhan untuk secara diam-diam / stealthty dalam melakukan tes penetrasi. Alasan untuk menghindari deteksi saat pengujian bervariasi; salah satu manfaatnya termasuk menguji peralatan yang seharusnya melindungi jaringan; yang lain mungkin adalah bahwa klien anda ingin tahu berapa lama waktu yang dibutuhkan tim Teknologi Informasi untuk menanggapi serangan yang ditargetkan pada lingkungan. Anda tidak hanya perlu waspada terhadap administrator dan pengamat lain di jaringan target, anda juga perlu memahami metode pendeteksi otomatis seperti aplikasi web, jaringan, dan IDS berbasis host yang ada untuk menghindari pemicu peringatan.

	~~When presented with a particularly opportune~~ target, ~~take the time to validate that it is not some sort of~~ honeypot ~~that has been set up to trigger alerts when~~ abnormal ~~traffic or activity is detected~~! ~~No sense in walking into a trap set by a clever~~ administrator. ~~Note that~~, ~~if you do find a system like this~~, ~~it is still very important to ensure that it is set up properly and not inadvertently allowing access to critical~~		Ketika disajikan dengan target yang sangat tepat, luangkan waktu untuk memvalidasi bahwa itu bukan semacam honeypot yang telah diatur untuk memicu peringatan ketika lalu lintas atau aktivitas abnormal terdeteksi! Tidak masuk akal untuk masuk perangkap yang diatur oleh administrator yang pintar. Perhatikan bahwa, jika anda menemukan sistem seperti ini, sangat penting untuk memastikan bahwa sistem ini diatur dengan benar dan tidak secara tidak sengaja memungkinkan akses ke aset-aset internal yang penting karena kesalahan konfigurasi!
	internal ~~assets due to a configuration error~~!

			Ada beberapa skill yang penting untuk di kuasai agar serangan yang kita lakukan tidak terdeteksi, skill tersebut antara lain adalah,

	~~In this chapter, we will review the following:~~		* Kemampuan untuk melakukan penetrasi ke jaringan yang di firewall.
	* ~~Pentesting firewalled environments~~		* Menyusup di bawah IDS.
	~~• Sliding in under the~~ IDS		* Setup lingkungan di dalam jaringan yang diserang.
	~~• Setting up shop internally~~		* Menganalisa / me-review traffic jaringan
	~~• Reviewing network~~ traffic		* Menggunakan kredensial standard.
	* ~~Using~~ standard ~~credentials~~		* Teknik membersihkan system yang kita ambil alih.
	~~• Cleaning up compromised systems~~

Onnowpurbo: Created page with "The type and scope of the penetration test will determine the need for being stealthy during a penetration test. The reasons to avoid detection while testing are varied; one o..."

2018-05-27T03:53:00Z

Created page with "The type and scope of the penetration test will determine the need for being stealthy during a penetration test. The reasons to avoid detection while testing are varied; one o..."

New page

The type and scope of the penetration test will determine the need for being stealthy during a penetration test. The reasons to avoid detection while testing are varied; one of the benefits would include testing the equipment that is supposedly protecting the network; another could be that your client would like to know just how long it would take the Information Technology team to respond to a targeted attack on the environment. Not only will you need to be wary of the administrators and other observers on the target network, you will also need to understand the automated methods of detection such as web applications, networks, and host-based IDSs that are in place to avoid triggering alerts.

When presented with a particularly opportune target, take the time to validate that it is not some sort of honeypot that has been set up to trigger alerts when abnormal traffic or activity is detected! No sense in walking into a trap set by a clever administrator. Note that, if you do find a system like this, it is still very important to ensure that it is set up properly and not inadvertently allowing access to critical
internal assets due to a configuration error!

In this chapter, we will review the following:
* Pentesting firewalled environments
• Sliding in under the IDS
• Setting up shop internally
• Reviewing network traffic
* Using standard credentials
• Cleaning up compromised systems

Stealth: Teknik Siluman - Revision history

Onnowpurbo at 04:01, 27 May 2018

Onnowpurbo: Created page with "The type and scope of the penetration test will determine the need for being stealthy during a penetration test. The reasons to avoid detection while testing are varied; one o..."