1.8 Explain the techniques used in penetration testing Flashcards
Known Environment (Penetration testing )
White-box A.K.A known environment, are tests performed with full knowledge of the underlying technology, configurations, and settings that make up the target.
Unknown Environment (Penetration testing)
Black-box tests A.K.A unknown environment tests, are intended to replicate what an attacker would encounter. Tester are not provided with access to information about an environment.
Partially known environment (Penetration testing)
Gray-box a.k.a partially known environment tests, are a blend of black-box and white-box testing. A gray-box test may provide some information about the environment to the pen testers without giving full access, credentials, or configuration details.
Rules of Engagement (Penetration testing)
Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions.
Lateral movement (Penetration testing)
Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets. After entering the network, the attacker maintains ongoing access by moving through the compromised environment and obtaining increased privileges using various tools.
Lateral movement allows a threat actor to avoid detection and retain access, even if discovered on the machine that was first infected. And with a protracted dwell time, data theft might not occur until weeks or even months after the original breach.
Privilege escalation (Penetration testing)
Privilege escalation uses hacking techniques to shift from the initial access gained by the attacker to more advanced privileges, such as root access on the same system.
Persistence (Penetration testing)
Attackers establish persistence on compromised networks by installing backdoors and using other mechanisms that will allow them to regain access to the network, even if the initial vulnerability is patched.
Cleanup (Penetration testing)
After the pen testing
Typical cleanup activities include:
Removing any executables, scripts, and temporary files from compromised systems
Reconfiguring settings back to the original parameters prior to the pentest
Eliminating any rootkits installed in the environment
Removing any user accounts created to connect to the compromised system
Bug Bounty (Penetration testing)
Bug bounty programs provide organizations with an opportunity to benefit from the wisdom and talent of cybersecurity professionals outside their own teams.
These programs allow outsiders to conduct security testing of an organization’s public services and normally incentivize that research by offering financial rewards to testers who successfully discover vulnerabilities.
Pivoting (Penetration testing)
The act of an attacker moving from one compromised system to one or more other systems within the same or other organizations. Pivoting is fundamental to the success of advanced persistent threat (APT) attacks. SSH trust relationships may more readily allow an attacker to pivot.
War flying (Passive and active reconnaissance)
Similar to war driving but with drones and Unmanned aerial vehicles (UAV)
War driving (Passive and active reconnaissance)
Where they drive by facilities in a car equipped with high end antennas and attempt to eavesdrop on or connect to wireless networks.
Footprinting (Passive and active reconnaissance)
Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them. It is one of the best methods of finding vulnerabilities.
Exercise types (team colors)
*Red-team
*Blue-team
*White-team
*Purple-team
