1.4 Explain penetration testing concepts.

Question 1

Penetration Testing

Answer 1

Pentest
• Simulate an attack
• Similar to vulnerability scanning
• Except we actually try to exploit the vulnerabilities
• Often a compliance mandate
• Regular penetration testing by a 3rd-party

Question 2

Verify a threat exists

Answer 2

• Perform regular vulnerability scans
• Update your signatures
• Watch the news - Copycats are prevalent

Question 3

Passive reconnaissance

Answer 3

• Learn as much as you can from open sources
• There’s a lot of information out there
• Remarkably difficult to protect or identify
• Social media
• Corporate web site, online forums, Reddit
• Social engineering, dumpster diving
• Business organizations

Question 4

Active reconnaissance

Answer 4

Trying the doors
• Maybe one is unlocked
• Don’t open it yet
• Relatively easy to be seen
• Ping scans, port scans
• DNS queries
• OS scans, OS fingerprinting
• Service scans, version scans

Question 5

Exploiting vulnerabilities

Answer 5

Try to break into the system
You’ll only be sure you’re vulnerable
if you can bypass security
• If you can get through, the bad guys can get through

Question 6

The process

Answer 6

• Initial exploitation• Persistence• The pivot

Question 7

• Black box

Answer 7

/ Unknown environment
• The pentester knows nothing
about the systems under attack
• “Blind” test

Question 8

White box /

Answer 8

known environment

• Full disclosure

Question 9

Grey box /

Answer 9

Partially known environment
• A mix of black and white
• Focus on certain systems or applications