Penetration testing & mitigation techniques
Latimer, S.; Yasheng, Y.; David, Andrew; Shakiba, Masoud
View fulltext online
Citation:Latimer, S.; Yasheng, Y.; David, A.; Shakiba, M. (2022, December, 8-9). Penetration testing & mitigation [Paper presentation]. Rangahau: Te Mana o te Mahi Kotahitanga: Research: The Power of Collaboration, MIT/Unitec Research Symposium 2022, Te Pūkenga, New Zealand
Permanent link to Research Bank record:https://hdl.handle.net/10652/5970
Penetration testing is a security measure used by many organizations to identify and exploit security vulnerabilities within networks and computer systems, allowing organizations to prevent potential attacks. According to the recent figures released by Statista, Windows was 72.1% and Linux was 13.6% holding the global server OS market share as of June 2019. Windows is the 1st and Linux is the 3rd most popular desktop OS as of June 2022. The purpose of this research is to experiment with how to effectively incorporate methodology used by penetration testers to find and exploit vulnerabilities within a range of Windows and Linux operating systems. Many Windows and Linux users are unaware of potential threats leading attackers to unauthorized access to their systems. Usually due to not having a strong password and inadequate steps to secure their systems. Lawful attainment of user credential information and permission is anticipated to enhance cybersecurity and protect user systems from credential breaches. The focus is on attacking OS credential holders physically which contain users’ information and escalating privileges to gain unauthorized access remotely. This research is conducted in a virtual environment, aimed towards students and schools as it spreads awareness by posing the question of how safe our systems are. In 2021, a study taken by Youth19 reported that 94% of New Zealanders as active internet users, while 97% of students have devices with internet access. The pandemic made schools switch to remote learning, forcing students to use laptops/computers at a much higher rate. The importance of securing from potential threats and showing the ease of attacks that might take place to compromise systems are exhibited. Users then can comprehend how attacks take place from an attacker’s perspective. Awareness is anticipated by educating users by providing mitigation techniques as a measure to protect their systems from potential attacks. Although experiments for this research are done in collaboration with many other tools, the main ones are John the Ripper to crack hashed passwords and Metasploit used to gain access to systems remotely by using payloads to escalate privileges.