1.4 Explain penetration testing concepts Flashcards
Which phase of a penetration test uses a phishing email and payload, or obtains credentials via social engineering to gain access to the target’s network?
Initial exploitation
Which type of penetration test requires the tester to perform partial reconnaissance?
Gray box
During which type of penetration test does the tester specifically include the reconnaissance phase of the test?
Black box
What type of pen test allows the tester to use default credentials to log into the system, after discovering a vulnerability on a server?
Passive reconnaissance
A pen tester gathers some information about a target to find ways for remote access. After gaining access, what other penetration techniques should a tester perform before performing further reconnaissance?
Persistence
Which of the following is a system susceptible to, if a user with system access can obtain keys from the system memory or pagefiles and scratch disks?
Privilege escalation
initial exploitation phase
In the initial exploitation phase, an exploit is used to gain access to the target’s network. This initial exploitation might be accomplished using a phishing email and payload, or by obtaining credentials via social engineering.
Pen testing
active reconnaissance technique. Active techniques include gaining physical access or using scanning tools
Open Source Intelligence (OSINT)
Publicly available information and tools for searching it, are referred to as Open Source Intelligence (OSINT). Gathering this kind of information is referred to as passive reconnaissance
pivot point
system and/or set of privileges that allow the tester to compromise other network systems (lateral spread). The initial exploit might give the tester local administrator privileges, and use these to obtain privileges on other machines
black box
During a black box pen test, the consultant is given no privileged information about the network, its security systems and its configuration. Black box tests are useful for simulating the behavior of an external threat
white box pen test
During a white box pen test, the consultant is given complete access to information about the network. This type of test is sometimes conducted as a follow-up to a black box test, to fully evaluate flaws discovered during the black box test
gray box pen test
During a gray box pen test, the consultant is given some information; this resembles the knowledge of junior or non-IT staff to model types of insider threats
sandbox environment
Ideally, pen tests should be performed in a sandbox environment that accurately simulates the production environmentPassive reconnaissance
Vulnerability scanning
passive reconnaissance techniques. Passive reconnaissance is not likely to alert the target of the investigation as it means querying publicly available information
Active reconnaissance
more risk of detection. Active techniques might involve gaining physical access to premises or using scanning tools on the target’s web services and other networks
Action on objectives
- refers to the adversary or penetration tester stealing data from one or more systems (data exfiltration)
- means carrying out the work as defined by the tester or client. Data exfiltration is an example of an objective
initial exploitation (a.k.a. weaponization) phase
- an exploit is used to gain some sort of access to the target’s network
- occurs after gathering some initial information about the target to figure out what vulnerabilities are available to exploit. Persistence occurs after the initial exploitation
Persistence
followed by further reconnaissance in a pen test attack life cycle. Persistence is the tester’s ability to reconnect to the compromised host and use it as a remote access tool (RAT) or backdoor
Persistence
followed by further reconnaissance in a pen test attack life cycle. Persistence is the tester’s ability to reconnect to the compromised host and use it as a remote access tool (RAT) or backdoor
SQL injection
An SQL injection attack inserts an SQL query as part of user input, which allows an attacker to extract or insert information into the database or execute arbitrary code
Directory traversal
when the attacker gets access to a file outside the web server’s root directory
Transitive access
describes the problem of authorizing a request for a service that depends on an intermediate service
Which of the following penetration steps should a tester perform after obtaining a persistent foothold on the network and internal reconnaissance?
Obtain a pivot point
pivot point
Having obtained a persistent foothold on the network and performed internal reconnaissance, the next likely objective is to obtain a pivot point, and compromise other network systems (lateral spread)
A pen tester discovered that a certain vulnerability did not get patched on an SQL server. The pen tester then exploited the vulnerability with code injection and owned the server. Which of the following best describes this technique?
Active reconnaissance
What is the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is passive and penetration testing is active
During which type of penetration test does the tester skip the reconnaissance phase of the test?
white box
During which type of penetration test does the tester skip the reconnaissance phase of the test?
White box
What is the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is passive and penetration testing is active
