| As cyber threats increase,more organizations are making network security as their top priority.Network Security specialists vigorously keep up with patching and configuration management,continually monitor system defenses and ensure that they have securely configured systems and all applications.Employees are trained not to fall victim to social engineering attack.However,no matter how industrious any of them are,an attacker still might find a security flaw to breach into the network's defenses and steal data.Penetration testing has become a well-known testing method.It is a proactive security assessment that tests internal and external system by simulating attacks to point out its misconfigurations,weaknesses,or security vulnerabilities and their relative exploit that could be used by real attackers or black hat hacker to gain access to the system or network.Penetration test can be performed by penetration tester or white hat hacker,who examine the many ways a breach can occur.They act like and use the same approach to attack the system like what a black hat hacker does.Penetration testing is an approach to perform security assessments on network devices,web interfaces,email,wireless networks,applications and databases.Using,a systematic approach,the penetration tester goes through the system to locate and exploit vulnerabilities in order to test the strength of a system's digital security defenses against attacks by black hat hackers or other intruders.In this thesis,we create a wireless network laboratory set up replicating to organization infrastructure and home wireless network to simulate the real attack by hacker.To make this possible,we have to use penetration testing tool such as Kali Linux and Aircrack-ng to perform the attack and we also proposed the security baseline to defense in depth to those attack then we move on to scan for vulnerability on the hosts on the network in order to identify which hosts have a critical vulnerability and use that vulnerability security flaw to exploit those hosts in order to gain a complete control on that host.In addition to this,in this thesis,we also write a python script to couple with the existing penetration testing tool to demonstrate the attack on the network.Those attack can include Man in the middle attack,DNS Spoofing,Key Logger which will be used to capture username and password credential of users from a well-known website such as Facebook,Gmail,and QQ mail.In addition to this,we also write a RATs,or better known as Remote Access Trojans which will implant on the victim machine and will provide us a full control on that machine.More importantly,we also address the way to deliver Rats or any malware to the victim machine by intercept their traffic between them and theWebserver in the purpose of replacing any legitimate application or software that user try to download with our RATs or malware.Last but not lease,we also address the defend against each of those attack in order to educate user not to fall victim to those threats. |
PDF Full Text Request