PhysioFred

From Healing Hands to Coding Commands

Unveiling Vulnerabilities: Navigating Penetration Testing

By PhysioFred

In my journey from physiotherapy to IT, a pivotal chapter involved vulnerability testing across Windows and Linux virtual machines. Here’s a snapshot of this hands-on exploration:

Setting the Stage: Vulnerability Testing and Preparation

As part of my IT transition, I dived into penetration testing, meticulously preparing a comprehensive approach:

Task Ahead: Creating a Secure Environment

  1. Blueprint for Security: To prepare for penetration testing, my team devised an MSEL (Methodology, Strategy, Execution, and Learnings) aligned with the NIST framework.
  2. NMAP Vulnerability Scans: Our journey commenced with vulnerability scans, powered by nmap. The results unveiled network vulnerabilities, particularly SSH ports left open for exploration.
  3. DOS Attack with Hping3: Experimenting with Hping3, we orchestrated a DOS attack, witnessing the CPU output escalate. Our Linux system, equipped with limited CPU resources, buckled under the pressure, underscoring the need for resource allocation optimization.
  4. Bruteforce with Hydra: The allure of bruteforce beckoned, revealing the vulnerability of credentials. Successful until thwarted, this experience prompted us to strengthen passwords and enact lockout rules.
  5. Malware Experimentation: We embarked on a malware journey, injecting a test virus (EICAR) via SSH. Microsoft Defender responded instantly, but ClamAV’s detection only transpired during a routine full-system scan.

Results: Insights and Learnings Unveiled

Our dedication bore fruit, unearthing critical insights:

  • Windows and Linux Vulnerabilities: The penetration test exposed a network susceptible to ICMP pings, with open SSH ports posing risks.
  • DOS Attack Impact: Our DOS attack experiment illustrated the significance of CPU resource allocation in preventing system slowdowns.
  • Bruteforce Lessons: The bruteforce experiment reinforced the importance of robust credentials and lockout policies.
  • Malware Detection Variance: Microsoft Defender’s swift response contrasted with ClamAV’s lag, emphasizing the need for comprehensive malware detection strategies.

This chapter epitomized the fusion of theoretical knowledge with hands-on exploration. Amid this transitional phase, each endeavor fuels my growth in IT, underscoring the power of proactive learning and the dynamic world of cybersecurity.

By PhysioFred

Related Post

Batch Processing AD Users with CSV Files: A Hot Tamale Story

Simplifying Kubernetes Secrets with Base64 Encoding and Decoding

Discovering Favicon Vulnerability: A Lesson in Cybersecurity

You Missed

Bash Cloud Engineering Linux Server Administration

Getting Started with Puppet: From Local Manifest to Master/Agent Automation

Bash CICD Cloud Cloud Engineering Server Administration

Deploying Nginx on Kubernetes with Minikube: My Hands-On Journey

Bash CICD Cloud Cloud Engineering Linux Software Development

Building My Second CI/CD Pipeline: Lessons, Errors, and Triumphs

IT Foundations

Learning CI/CD with AWS and GitHub Actions