1 00:00:10,320 --> 00:00:17,340 Let us start the last lecture on this introduction to hacking section in this video, you will see what 2 00:00:17,340 --> 00:00:21,630 are the 10 steps security experts follow while doing a penetration test. 3 00:00:23,340 --> 00:00:30,300 The first is legal documentation in this step, the penetration tester should form agreements with the 4 00:00:30,300 --> 00:00:34,710 company or the organization for which he or she is going to test. 5 00:00:35,070 --> 00:00:41,670 This is very important agreements such as non-disclosure agreement, memorandum of understanding and 6 00:00:41,670 --> 00:00:43,480 financial agreements often. 7 00:00:44,310 --> 00:00:46,230 Next is scope assessment. 8 00:00:46,920 --> 00:00:53,640 In this step, the attacker or the penetration test must decide which aspects of the organizations should 9 00:00:53,640 --> 00:00:58,840 be tested if the organization have application and web applications and websites. 10 00:00:58,860 --> 00:01:03,690 Also, the attacker must decide which forms to test first. 11 00:01:04,620 --> 00:01:06,830 The next is information assessment. 12 00:01:07,410 --> 00:01:14,430 In this phase, the penetration test should gather as much information as possible to perform the required 13 00:01:14,430 --> 00:01:15,390 penetration test. 14 00:01:16,890 --> 00:01:19,190 Fourth step is vulnerability assessment. 15 00:01:19,620 --> 00:01:24,960 We have seen in the previous videos what we did with the assessment means, and therefore I'm not going 16 00:01:24,960 --> 00:01:29,460 to explain in this lecture the fifties penetration testing. 17 00:01:29,910 --> 00:01:32,970 We have also seen this step in previous produce. 18 00:01:33,840 --> 00:01:35,760 Six step is gaining access. 19 00:01:36,300 --> 00:01:42,390 In this step, the attacker or the penetration tester explodes when the abilities of the target system 20 00:01:42,390 --> 00:01:48,540 or the organization and then gains access to the valuable assets and data the organization. 21 00:01:49,550 --> 00:01:56,660 The seven step is privilege escalation in this step, the penetration tester gets the rights of the 22 00:01:56,660 --> 00:02:00,470 administrator of the database or of the system. 23 00:02:01,760 --> 00:02:08,330 The second last or the third last, which is the most important step of any penetration test, is repo 24 00:02:08,340 --> 00:02:14,570 generation now here in the step, and the attacker must file different types of reports. 25 00:02:15,050 --> 00:02:18,470 For example, develop a report and high level management report. 26 00:02:19,130 --> 00:02:26,150 Developers report stands for the developer of the system or the website explaining all the exploits, 27 00:02:26,390 --> 00:02:33,980 codes and badges that need to be present and in the high level management report should explain the 28 00:02:33,980 --> 00:02:40,460 business impact statistics and other things that are necessary for the management level personal. 29 00:02:42,220 --> 00:02:49,210 The second last phase is Bache assistance in this phase, the penetration test should provide patches 30 00:02:49,480 --> 00:02:52,360 and gauze to fix the bugs in the application. 31 00:02:53,290 --> 00:03:00,640 And the last step is revalidation in this step, the attack or the penetration tester should check again 32 00:03:00,640 --> 00:03:07,180 whether the organization or system has patched all the vulnerabilities which he or she had tested during 33 00:03:07,180 --> 00:03:07,640 the test. 34 00:03:08,320 --> 00:03:13,810 So this is a Tanque mantra if you follow these ahlborn steps. 35 00:03:13,840 --> 00:03:19,930 This is a perfect penetration testing start, which would help you and your organization to perform 36 00:03:20,140 --> 00:03:21,760 a perfect penetration test. 37 00:03:23,140 --> 00:03:30,730 So this was all for this lecture, if you have any doubts, please feel free to ask us in the note section. 38 00:03:31,750 --> 00:03:36,060 In the next section, you will see how to set up an ethical hacking lab. 39 00:03:36,640 --> 00:03:39,460 So let us get started with the next section.