1.8 Explain the techniques used in Penetration Testing Flashcards
Explain Penetration Testing
You are actively trying to gain access into a system. This is supposed to simulate an attack that would be done by an attacker that is external to your organization. Usually a third-party will conduct these tests on a regular basis.
Explain Penetration Testing in a known environment
There is full disclosure on the systems given to the pentester, especially if you are performing a test on yourself.
Explain Penetration Testing in an unknown environment
A pentester knows nothing about the systems under attack. They will have to build out a database of information as they go. This is a blind test.
Explain Penetration Testing in a partially known environment
A pentester will be given a mix of known and unknown. The provider to the third-parties may only give the essential information about the systems to the testers and everything else, the pentesters will have to figure and document for themselves.
Explain the Rules of Engagement for Penetration Testing
These are important documents that are designed to define the scope and purpose of the penetration test and makes everyone aware of the test parameters. These can define the type of test performed. There will be a list of devices that are in-scope and those that are out-of-scope. It also goes over how to handle sensitive data.
Explain lateral movement in penetration testing
It is when a pentester moves from system to system while inside of a network. The network is very weak on the inside.
Explain Privilege escalation in penetration testing
It is when a pentester elevates the privileges in order to carry out or have access to permissions or content that would be restricted otherwise.
Explain persistence in penetration testing
This is where a pentester will create multiple ways in which they can regain access to the system easier without having to execute the exploiting again. Setting up backdoors, making user accounts, changing registries, etc.
Explain cleanup in penetration testing
A pentester will want to revert the systems back to the way they are prior to the testing performed so they will try to leave the network in its original state, remove any binaries or temporary files, remove backdoors, delete user accounts created during the test, etc.
Explain a bug bounty in Penetration Testing
In some cases, people are able to make a living on performing penetration tests and discovering bugs for companies that will pay good money for the discovery of these bugs.
Explain pivoting in penetration testing
It is a system that will be the jumping off point that can be used to access other systems that would normally be inaccessible. It can also mask the attacker’s actual information by impersonating a device on a system carrying out the attacks.
Explain passive and active reconnaissance
Before you attack a system, network, or application, you need to gather information and learn everything you can. Things like firewalls, security configs, etc need to be learned.
Explain drones in passive or active reconnaissance
Drones can be used to fly over organizations to start gathering information from wireless networks, physical security, devices being used, etc.
Explain war flying in passive or active reconnaissance
It is used to combine wifi monitoring and a GPS to get an idea of the wireless network you are trying to get information from. You can get more info on the wireless network, like the APs, network name, type of device being used, etc. For flying
Explain War driving in passive or active reconnaissance
It is used to combine wifi monitoring and a GPS to get an idea of the wireless network you are trying to get information from. You can get more info on the wireless network, like the APs, network name, type of device being used, etc. For driving.
Explain footprinting in passive or active reconnaissance
Passive footprinting involves gathering information in a way that would not be seen by the victim. Accessing social media, online forums, reddit, a corporate website, social engineering.
Active footprinting involves actively trying to gather information in a way that can be seen. Like trying to gain entry into a building, trying to actively gain access to a network will be seen through network traffic monitoring tools, using ping scans, port scans, DNS queries, OS Scans, OS fingerprinting, etc.
Explain OSINT in passive or active reconnaissance
You can find information on anyone or anything online through many open sources. Many tools are available to automate gathering.
Explain Red-team
Offensive security teams that are hired to hack. They are ethical hackers that try to find security holes, exploit vulnerabilities, social engineer, web app scanning, etc.
Explain Blue-team
This is the team that is on defense that protect the data. They do operational security, incident response, threat hunting, digital forensics, etc. They protect the networks.
Explain White-team
They oversee the interactions between red team and blue team. They facilitate tests and give reports to both red and blue teams.
Explain Purple-team
This is a red team and blue team that will share information that they find on the network to help fortify and make sure a network is secure, actively finding vulnerabilities, and working to patch these vulnerabilities, etc.