Agentless Automation Model for Post Exploitation Penetration Testing

Maddala, Saraswati; Patil, Sonali

doi:10.1007/978-3-030-30465-2_59

Saraswati Maddala¹⁷ &
Sonali Patil¹⁷

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1039))

Included in the following conference series:

International Conference on Intelligent Computing, Information and Control Systems

1214 Accesses
1 Citations

Abstract

In a world where even the most mundane of tasks requires the intervention of the cyberspace, it is particularly important to be aware of the risks and vulnerabilities that come with cyberspace. This has led to the development of a field better referred to as vulnerability assessment and penetration testing (VAPT). There are multiple parts to perform penetration testing, in this paper we will be focusing on the Post Exploitation part. Post exploitation outlines the activities to perform in order to breach the security of a target system by leveraging a discovered exploit. In this paper we propose an agentless model for the automation of post exploitation activities, where agentless means that no third party software is required to be installed on the target machine.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Goel, J.N., Asghar, M.H., Kumar, V., Pandey, S.K.: Ensemble based approach to increase vulnerability assessment and penetration testing accuracy. In: 2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH) (2016)
Google Scholar
Almubairik, N.A., Wills, G.: Automated penetration testing based on a threat model. In: 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST) (2016)
Google Scholar
Stefinko, Y., Piskozub, A., Banakh, R.: Manual and automated penetration testing. Benefits and drawbacks. Modern tendency. In: 2016 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET), Lviv, pp. 488–491 (2016)
Google Scholar
(lSC)2 Government Advisory Council Executive Writers Bureau: Penetration testing: Pros and cons of attacking your own network (2013). https://llgcn.comlarticles/2013/02/04/pros-cons-penetration-testing.aspx
Almubairik, N.A., Wills, G.: Automated penetration testing based on a threat model. In: 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST), Barcelona, pp. 413–414 (2016)
Google Scholar
Chen, C., Zhang, Z., Lee, S., Shieh, S.: Penetration testing in the IoT age. Computer 51(4), 82–85 (2018)
Article Google Scholar
Shebli, H.M.Z.A., Beheshti, B.D.: A study on penetration testing process and tools. In: 2018 IEEE Long Island Systems, Applications and Technology Conference (LISAT), Farmingdale, NY, pp. 1–7 (2018)
Google Scholar
Chu, G., Lisitsa, A.: Poster: agent-based (BDI) modeling for automation of penetration testing. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), Belfast, pp. 1–2 (2018)
Google Scholar
Tetskyi, A., Kharchenko, V., Uzun, D.: Neural networks based choice of tools for penetration testing of web applications. In: 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT), Kiev, pp. 402–405 (2018)
Google Scholar
Zitta, T., et al.: Penetration testing of intrusion detection and prevention system in low-performance embedded IoT device. In: 2018 18th International Conference on Mechatronics - Mechatronika (ME), Brno, Czech Republic, pp. 1–5 (2018)
Google Scholar
Yevdokymenko, M., Mohamed, E., Onwuakpa, P.: Ethical hacking and penetration testing using raspberry PI. In: 2017 4th International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T), Kharkov, pp. 179–181 (2017)
Google Scholar
Shinde, P.S., Ardhapurkar, S.B.: Cyber security analysis using vulnerability assessment and penetration testing. In: 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave), Coimbatore, pp. 1–5 (2016)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Information Technology, KJ Somaiya College of Engineering, Mumbai, India
Saraswati Maddala & Sonali Patil

Authors

Saraswati Maddala
View author publications
You can also search for this author in PubMed Google Scholar
Sonali Patil
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saraswati Maddala .

Editor information

Editors and Affiliations

Department of Computer Science and Engineering, Vaigai College of Engineering, Madurai, Tamil Nadu, India
A. Pasumpon Pandian
Electrical and Computer Engineering, University of Applied Sciences, Egaleo, Attiki, Greece
Klimis Ntalianis
Department of Business Administration, The Gerald Schwartz School of Business, Antigonish, NS, Canada
Ram Palanisamy

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Maddala, S., Patil, S. (2020). Agentless Automation Model for Post Exploitation Penetration Testing. In: Pandian, A., Ntalianis, K., Palanisamy, R. (eds) Intelligent Computing, Information and Control Systems. ICICCS 2019. Advances in Intelligent Systems and Computing, vol 1039. Springer, Cham. https://doi.org/10.1007/978-3-030-30465-2_59

Download citation

DOI: https://doi.org/10.1007/978-3-030-30465-2_59
Published: 19 October 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30464-5
Online ISBN: 978-3-030-30465-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics