This is the start of my journey in TryHackMe by starting with the Junior Penetration Tester Path.
The Pentesting Fundamentals room gives a good walkthrough of Penetration Testing. The room helped me understand that Penetration Testing is an act of assessing a companies security defenses in order to strengthen it and protect its information.
The room also introduces me to the ethics of Penetration Testing, the Hat Categories, and the Rules of Engagement in which it contains how the penetration testing should be carried out.
The Penetration testing stages is also explained here.
Information Gathering - research and gathering of information about a target or organization.
Enumeration/ Scanning - using tools to discover services or applications running on a system.
Exploitation - using vulnerabilities to gain access to a system.
Priviledge Escalation - attempt to expand access to a system.
Post- Exploitation - Involves other users that can possibly gain access to(Pivoting), other information we can gain as a user with priviledges, covering of tracks and reporting.
This also explains the different pentesting methodologies such as OWASP, OSSTMM, and NIST Cybersecurity Framework.
The room also goes deep into the three types of scope of Penetration Testing
Black Box Penetration Testing - no information is provided. penetration tester will have to test the application itself to find vulnerabiflities.
Grey Box Penetration Testing - partial information on how the application works is provided.
White Box Penetration Testing - information about how the application works is fully provided.