Let's now talk about testing various specialized services. These might be run as an additional task or be the only task that is run during penetration testing. It is likely that during our career as a penetration tester that we come across a company or a testable environment that only requires testing to be performed on a particular server, and this server may run services such as databases, VOIP, or SCADA control system. In this chapter, we will look at developing strategies to use while carrying out penetration tests on these services. In this chapter, we will cover the following points:
Understanding SCADA exploitation
Fundamentals of ICS and their critical nature
Carrying out database penetration tests
Testing VOIP services
Testing iDevices for exploitation and post-exploitation
Service-based penetration testing requires sharp skills and a good understanding of services that we can successfully exploit. Therefore, in this chapter, we will look...