The Basics of Infrastructure Tests
An infrastructure test involves internal computer networks, internet connection, external
devices, and virtualization technology. Let’s discuss these in detail:
Internal Infrastructure Tests – Hackers can take advantage of flaws in the internal
security of a network. By testing the internal structure of a target, you will be able
to identify and solve existing weaknesses. You will also prevent the members of the
organization from attacking the structure from the inside.
External Infrastructure Tests – These tests simulate black hat attacks. Because
malicious hackers will attack a network from outside, it’s important to check
whether the external defense mechanisms of that network are strong.
Wireless Network Tests – WiFi technology allows you to connect devices
indirectly. Here, data packets will just travel from one device to another. This
technology offers convenience. However, convenience creates vulnerability.
Hackers may scan for data packets that are being sent in a network. Once
Aircrack-ng, Wireshark, or similar tools obtain these data packets, the network will be
prone to hacking attacks.
A wireless network test allows the white hat hacker to improve the target’s defenses
against wireless attacks. The tester may also use his findings to create guidelines for the
Virtualization and Cloud Infrastructure Tests – Storing company-related
information in third-party servers is extremely risky. The hackers may capture the
data as it goes to the “cloud” server. They may also attack the cloud server itself
and access all the information stored there. Because the incident happened outside
the network, tracking the culprits can be extremely difficult.
How to Write a Report
Your efforts will go to waste if you won’t record your results. To become a successful
white hat hacker, you should know how to write good reports. In this part of the book,
you’ll discover important tips, tricks, and techniques in writing reports for penetration
Main Elements of a Report
Goals – Describe the purpose of your test. You may include the advantages of
penetration testing in this part of the report.
Time – You should include the timestamp of the activities you will perform. This
will give an accurate description of the network’s status. If a problem occurs later
on, the hacker can use the timestamps of his activities to determine the cause of the
Audience – The report should have a specific audience. For example, you may
address your report to the company’s technical team, IT manager, or CEO.
Classification – You should classify the document since it contains sensitive data.
However, the mode of classification depends on your client.
Distribution – Your report contains confidential information. If a black hat hacker
gets access to that document, the network you were meant to protect will go down.
Thus, your report should indicate the total number of copies you made as well as
the people to whom you sent them. Each report must have an ID number and the
name of its recipient.
Penetration tests involve long and complex processes. As a result, you need to describe
every piece of information that you’ll collect during the attack. Describing your hacking
techniques isn’t enough. You should also explain your assessments, the results of your
scans, as well as the output of your hacking tools.
Creating Your First Draft
Write the initial draft of your report after collecting all the information you need. Make
sure that this draft is full of details. Focus on the processes, experiences, and activities
related to your test.
Typographical and/or grammatical errors can ruin your report. Thus, you need to review
your work and make sure that it is error-free. Once you’re satisfied with your output, ask
your colleagues to check it. This approach will help you produce excellent reports.
Outline of a Test Report
1. Executive Summary
1. Scope and Limitations of the Project
5. Summary of Results
6. Summary of Suggestions
1. Plan Formulation
2. Execution of the Attack
1. Detailed Information Regarding the System
2. Detailed Information Regarding the Server
The Legal Aspect of Penetration Tests
As a hacker, you will deal with confidential data concerning a business or organization.
Accidents might happen, and the information may leak to other people. That means you
need to be prepared for legal issues that may arise in your hacking projects.
This part of the book will discuss the legal aspect of hacking. Read this material carefully:
it can help you avoid lawsuits and similar problems.
Here are some of the legal problems that you may face:
Leakage of confidential information
Financial losses caused by faulty tests
You can prevent the problems given above by securing an “intent statement”. This
statement proves the agreement between the client and the tester. This document describes
all of the details related to the penetration test. You’ll use an intent statement to avoid legal
issues in the future. Thus, both parties should sign the document before the test starts.