1.8 - Explain the techniques used in penetration testing.

Question 1

Penetration testing

Question 2

Known environment (Penetration testing)

Answer 2

-white box
-tests performed with full knowledge of underlying tech, configs, settings
-testers typically have net. diagrams, lists of sys, IP net. ranges, even creds to sys.
-test is often more complete since testers can get to every sys.
-may not provide accurate view of what external perp would see

Question 3

Unknown environment (Penetration testing)

Answer 3

-black box
-intended to replicate what perp would encounter
-testers not provided with access to or info about environ. > must gather info, discover vulns, make their own way thru infra/sys. like a perp would
-approach can be time consuming BUT can help provide reasonably accurate assessment of how secure target is against a perp

-quality + skillset of ur pen test team = v important

Question 4

Partially known environment - Rules of engagement (Penetration testing)

Answer 4

-gray box
-blend of white + black box
-may provide some info about environ. to testers wthout giving full access, creds, configs
-can help focus testers time + effort while providing more accurate view of what perp would actually encounter

Question 5

Lateral movement (Penetration testing)

Answer 5

-occurs as perp uses initial sys. compromise to gain access to other sys. on target net.

Question 6

Privilege escalation (Penetration testing)

Answer 6

-using hacking techniques to shift from initial access gained by perp to more advanced privileges (root access)

Question 7

Persistence (Penetration testing)

Question 8

Cleanup (Penetration testing)

Question 9

Bug bounty (Penetration testing)

Answer 9

-

Question 10

Pivoting (Penetration testing)

Answer 10

-occurs as perp uses initial sys. compromise to gain access to other sys. on target net.

Question 11

Passive and active reconnaissance

Question 12

Drones (Passive and active reconnaissance)

Question 13

War flying (Passive and active reconnaissance)

Answer 13

-use of drones/UAVs (unmanned aerial vehicles)

Question 14

War driving (Passive and active reconnaissance)

Answer 14

-drive by facilities in car equipped wth high end antennas
-attempt to eavesdrops on/connect to wireless nets.

Question 15

Footprinting (Passive and active reconnaissance)

Answer 15

-identify OS + apps in use

Question 16

OSINT (Passive and active reconnaissance)

Question 17

Red-team

Answer 17

-attckers who attempt to gain access to sys.

Question 18

Blue-team

Answer 18

-defenders who must secure sys. + nets. from attcks
-monitors environ. during exercise
-usually gets a head start to secure sys. b4 attack phase of exercise starts

Question 19

White-team

Answer 19

-observers + judges
-referees
->settle disputes over rules
->watch exercise to document Lessons learned
-able to observe activities of both red + blue teams
-responsible 4 ensuring exercise doesn’t cause prod. issues

Question 20

Purple-team

Answer 20

-at end of exercise red + blue teams get together to share info about tactics + Lessons learned (helps everyone learn from the process)
-combination of knowledge from red + blue teams