Pentesting Fundamentals | Tryhackme Walkthrough

Rahul Kumar
8 min readSep 4, 2023

Learn the important ethics and methodologies behind every pentest.

What is Penetration Testing?

Before teaching you the technical hands-on aspects of ethical hacking, you’ll need to understand more about what a penetration tester’s job responsibilities are and what processes are followed in performing pentests (finding vulnerabilities in a clients application or system).

The importance and relevancy of cybersecurity are ever-increasing and can be in every walk of life. News headlines fill our screens, reporting yet another hack or data leak.

Cybersecurity is relevant to all people in the modern world, including a strong password policy to protect your emails or to businesses and other organisations needing to protect both devices and data from damages.

A Penetration test or pentest is an ethically-driven attempt to test and analyse the security defences to protect these assets and pieces of information. A penetration test involves using the same tools, techniques, and methodologies that someone with malicious intent would use and is similar to an audit.

According to Security Magazine, a cybersecurity industry magazine, there are over 2,200 cyber attacks every day — 1 attack every 39 seconds.

Penetration Testing Ethics

The battle of legality and ethics in cybersecurity, let alone penetration testing is always controversial. Labels like “hacking” and “hacker” often hold negative connotations, especially in pop culture, thanks to a few bad apples. The idea of legally gaining access to a computer system is a challenging concept to grasp — after all, what makes it legal exactly?

Recall that a penetration test is an authorized audit of a computer system’s security and defenses as agreed by the owners of the systems. The legality of penetration is pretty clear-cut in this sense; anything that falls outside of this agreement is deemed unauthorized.

Before a penetration test starts, a formal discussion occurs between the penetration tester and the system owner. Various tools, techniques, and systems to be tested are agreed on. This discussion forms the scope of the penetration testing agreement and will determine the course the penetration test takes.

Companies that provide penetration testing services are held against legal frameworks and industry accreditation. For

--

--

Rahul Kumar

Cybersecurity Enthusiast!! | COMPTIA SEC+ | CCSK | CEH | MTA S&N | Cybersecurity Analyst | Web Application Security