16.1 Introduction to Pen Testing and Open Source Intelligence Flashcards
What is Pen Testing?
Penetration testing, often referred to **pen testing** or **ethical hacking**, is the offensive security practice of attacking a network using the same techniques that a hacker would use, in an effort to identify security holes and raise awareness in an organization.
Why do organizations hire pentesters?
While network administrators and security personnel do their best to harden their networks, it often takes an external entity to identify misconfigurations and subtle security holes.
Organizations hire pentesters to assess their security controls. Pentesters find flaws in those controls, help the organization understand their flaws, and provide recommendations about which vulnerabilities to prioritize and how to fix them.
A penetration test is often referred to as an __________ by practitioners
A penetration test is often referred to as an **engagement** by practitioners
What are the five stages of engagement?
- Active and passive reconnaissance
- Scanning and enumeration
- Gaining access
- Maintaining your access
- Covering your tracks
What types of tools do pentesters use? (General)
- Vulnerability scanners) a
- Manual tools to research vulnerabilities
- Craft phishing emails,
- Manually exploit hosts
- Write shell code.
What are the three primary types of penetration testing?
There are three primary types of penetration tests:
- No view (aka Black Box)
- Full view (aka White Box
- Partial view (Grey Box)
Explain no view testing:
**No view** testing, also known as black box, simulates a hacker who has no prior knowledge of the target system and network. They are paid to learn and exploit as much as they can about the network using only the tools available to an attacker on the public internet.
For example, they may only know the company name and be forced to find various key resources, like IP ranges and access credentials.
Explain full view pentesting:
**Full view** testing, also known as white box, is given full knowledge of the system or network. This knowledge allows them to tear apart subtle security issues on behalf of their clients. Full view pen testing is most appropriate when the client wants a detailed analysis of all potential security flaws, rather than all exposed and visible vulnerabilities.
For example, they may only know the company name and be forced to find various key resources, like IP ranges and access credentials.
Explain partial view pentesting
**Partial view** testing, also known as grey box, is performed by the in-house system or network administrator.
Regardless of the scenario, the main deliverable for pentesters is a report that summarizes their findings and recommendations for improvements.
Regardless of the scenario, the main deliverable for pentesters is a ___________and _____________.
Regardless of the scenario, the main deliverable for pentesters is a report that summarizes their findings and recommendations for improvements.
What do business or upper management care most about when it comes to pentesting?
Businesses are not primarily interested in how attackers might gain access to their networks. Instead, they are more concerned with how an exploited vulnerability might have major consequences on their reputation, operations, or bottom line.
What does OSINT stand for and what does it aim to do?
**open source intelligence (OSINT)**
OSINT aims to gather publicly available information about a target.
Since no view pentesters begin their engagement with very limited knowledge, they must use _____ to gain as much information about a target as possible.
OSINT
OSINT intelligence includes: (4)
- Usernames
- Email addresses
- Phone numbers
- Domain names
Performing any of the following acts without the specific, written permission of the system’s owner would be considered a felony: (3)
- Port scans
- Brute force attacks
- Social engineering
