1.4 Explain penetration testing concepts Flashcards
Which phase of a penetration test uses a phishing email and payload, or obtains credentials via social engineering to gain access to the target’s network?
Initial exploitation
Which type of penetration test requires the tester to perform partial reconnaissance?
Gray box
During which type of penetration test does the tester specifically include the reconnaissance phase of the test?
Black box
What type of pen test allows the tester to use default credentials to log into the system, after discovering a vulnerability on a server?
Passive reconnaissance
A pen tester gathers some information about a target to find ways for remote access. After gaining access, what other penetration techniques should a tester perform before performing further reconnaissance?
Persistence
Which of the following is a system susceptible to, if a user with system access can obtain keys from the system memory or pagefiles and scratch disks?
Privilege escalation
initial exploitation phase
In the initial exploitation phase, an exploit is used to gain access to the target’s network. This initial exploitation might be accomplished using a phishing email and payload, or by obtaining credentials via social engineering.
Pen testing
active reconnaissance technique. Active techniques include gaining physical access or using scanning tools
Open Source Intelligence (OSINT)
Publicly available information and tools for searching it, are referred to as Open Source Intelligence (OSINT). Gathering this kind of information is referred to as passive reconnaissance
pivot point
system and/or set of privileges that allow the tester to compromise other network systems (lateral spread). The initial exploit might give the tester local administrator privileges, and use these to obtain privileges on other machines
black box
During a black box pen test, the consultant is given no privileged information about the network, its security systems and its configuration. Black box tests are useful for simulating the behavior of an external threat
white box pen test
During a white box pen test, the consultant is given complete access to information about the network. This type of test is sometimes conducted as a follow-up to a black box test, to fully evaluate flaws discovered during the black box test
gray box pen test
During a gray box pen test, the consultant is given some information; this resembles the knowledge of junior or non-IT staff to model types of insider threats
sandbox environment
Ideally, pen tests should be performed in a sandbox environment that accurately simulates the production environmentPassive reconnaissance
Vulnerability scanning
passive reconnaissance techniques. Passive reconnaissance is not likely to alert the target of the investigation as it means querying publicly available information