1.8 Explain the techniques used in penetration testing Flashcards
What is Penetration testing?
Penetration testing is a proactive security assessment technique that involves simulating real-world cyberattacks on an organization’s systems, networks, or applications to identify vulnerabilities, assess security controls, and evaluate the effectiveness of defense mechanisms.
What term describes the proactive simulation of cyberattacks to identify vulnerabilities?
Penetration testing
What is a Known environment in penetration testing?
A Known environment in penetration testing refers to a scenario where the tester has comprehensive knowledge about the target systems, networks, or applications, including access credentials, configuration details, and architecture, allowing for focused testing and analysis of known vulnerabilities.
What term describes a penetration testing scenario where the tester has comprehensive knowledge about the target environment?
Known environment
What is an Unknown environment in penetration testing?
An Unknown environment in penetration testing refers to a scenario where the tester has limited or no prior knowledge about the target systems, networks, or applications, requiring extensive reconnaissance, scanning, and enumeration to discover vulnerabilities and assess security posture.
What term describes a penetration testing scenario where the tester has limited prior knowledge about the target environment?
Unknown environment
What is a Partially known environment in penetration testing?
A Partially known environment in penetration testing refers to a scenario where the tester has some information or understanding about the target systems, networks, or applications, but not comprehensive knowledge, requiring a combination of reconnaissance and testing techniques to identify vulnerabilities.
What term describes a penetration testing scenario where the tester has limited but not comprehensive knowledge about the target environment?
Partially known environment
What are Rules of engagement in penetration testing?
Rules of engagement in penetration testing are guidelines or agreements established between the tester and the client that outline the scope, objectives, limitations, and permissible actions for conducting the test, ensuring alignment with organizational goals, legal requirements, and ethical standards.
What term describes guidelines or agreements for conducting penetration tests?
Rules of engagement
What is Lateral movement in penetration testing?
Lateral movement in penetration testing refers to the technique of traversing or moving horizontally across a network or system from one compromised endpoint to another, typically to escalate privileges, access sensitive data, or pivot to additional targets, simulating the tactics used by real-world attackers.
What term describes the technique of moving horizontally across a network in penetration testing?
Lateral movement
What is Privilege escalation in penetration testing?
Privilege escalation in penetration testing refers to the process of gaining higher levels of access or permissions within a system, network, or application beyond what was initially granted, often by exploiting vulnerabilities, misconfigurations, or insecure design to elevate privileges and access sensitive resources.
What term describes the process of gaining higher levels of access within a system or network?
Privilege escalation
What is Persistence in penetration testing?
Persistence in penetration testing refers to the ability of an attacker to maintain unauthorized access or control over a compromised system, network, or application even after initial exploitation or detection, often achieved by installing backdoors, creating user accounts, or establishing covert communication channels.
What term describes the ability of an attacker to maintain access or control after initial exploitation?
Persistence
What is Cleanup in penetration testing?
Cleanup in penetration testing refers to the process of removing or mitigating the traces, artifacts, or backdoors left behind by the penetration tester during testing activities to restore the target environment to its original state and ensure no residual impact or vulnerabilities remain.
What term describes the process of removing traces or artifacts after penetration testing?
Cleanup
What is Bug bounty in penetration testing?
Bug bounty programs in penetration testing are initiatives or platforms offered by organizations to incentivize independent security researchers, hackers, or ethical hackers to identify and responsibly disclose security vulnerabilities in exchange for monetary rewards, recognition, or other incentives.
What term describes programs that reward individuals for finding security vulnerabilities?
Bug bounty
What is Pivoting in penetration testing?
Pivoting in penetration testing refers to the technique of using compromised systems or footholds within a network to gain access to other systems, networks, or segments that are otherwise inaccessible or protected, enabling attackers to expand their reach and control within the target environment.
What term describes the technique of using compromised systems to access other parts of a network?
Pivoting
What are Passive and active reconnaissance in penetration testing?
Passive reconnaissance involves gathering information about a target without directly interacting with it, while active reconnaissance involves actively probing, scanning, or interacting with the target to collect information about its systems, networks, or vulnerabilities.
What terms describe gathering information about a target without direct interaction and actively probing the target, respectively?
Passive and active reconnaissance
What are Drones in penetration testing?
Drones in penetration testing refer to unmanned aerial vehicles equipped with sensors or tools for conducting reconnaissance, surveillance, or security assessments of physical or wireless infrastructure, providing remote access to difficult-to-reach or hazardous areas.
What term describes unmanned aerial vehicles used for reconnaissance or security assessments?
Drones
What is War flying in penetration testing?
War flying in penetration testing is a technique involving the use of drones or aircraft to conduct aerial reconnaissance or scanning of wireless networks, identifying vulnerabilities, misconfigurations, or unauthorized access points from the air.
What term describes the technique of using drones or aircraft for aerial reconnaissance of wireless networks?
War flying
What is War driving in penetration testing?
War driving in penetration testing is a technique involving the use of vehicles equipped with wireless sniffers or scanning tools to detect, map, or analyze wireless networks and access points within a specific geographic area, identifying vulnerabilities or unauthorized access.
What term describes the technique of using vehicles with wireless sniffers to map wireless networks?
War driving
What is Footprinting in penetration testing?
Footprinting in penetration testing refers to the process of gathering information about a target organization, its systems, networks, or employees using publicly available sources, search engines, social media, or other open-source intelligence (OSINT) techniques.
What term describes the process of gathering information about a target organization using publicly available sources?
Footprinting
What is OSINT in penetration testing?
OSINT (Open-source intelligence) in penetration testing refers to the collection and analysis of publicly available information from sources such as the internet, social media, news outlets, or public records to gather intelligence, reconnaissance, or insights about a target organization or individual.
What term describes the collection and analysis of publicly available information for intelligence purposes?
OSINT
What are Exercise types in penetration testing?
Exercise types in penetration testing refer to different approaches or methodologies used for conducting security assessments, including Redteam exercises focused on offensive tactics, Blueteam exercises for defensive strategies, and Whiteteam exercises for collaboration and coordination between teams.
What terms describe different approaches for conducting security assessments, focusing on offense, defense, and collaboration?
Redteam, Blueteam, Whiteteam
What is Redteam in penetration testing?
Redteam in penetration testing refers to a group of security professionals or ethical hackers who simulate real-world cyberattacks on an organization’s systems, networks, or applications to identify vulnerabilities, test defenses, and evaluate the effectiveness of security controls and incident response.
What term describes a group that simulates real-world cyberattacks during security assessments?
Redteam
What is Blueteam in penetration testing?
Blueteam in penetration testing refers to a group of security professionals or defenders responsible for implementing and maintaining security controls, monitoring systems for threats or vulnerabilities, and responding to security incidents or breaches within an organization’s environment.
What term describes a group responsible for implementing and maintaining security controls during security assessments?
Blueteam
What is Whiteteam in penetration testing?
Whiteteam in penetration testing refers to a collaborative approach where multiple teams, including Redteam, Blueteam, and other stakeholders, work together to plan, coordinate, and execute security exercises, share knowledge, and improve overall security posture and incident response capabilities.
What term describes a collaborative approach involving multiple teams working together during security exercises?
Whiteteam
What is Purpleteam in penetration testing?
Purpleteam in penetration testing refers to an integrated and cross-functional team approach that combines offensive (Redteam) and defensive (Blueteam) security professionals to jointly conduct security assessments, identify weaknesses, and improve overall security resilience and preparedness.
What term describes an integrated team approach combining offensive and defensive security professionals?
Purpleteam