1.8 Explain the techniques used in penetration testing Flashcards
What is Penetration testing?
Penetration testing is a proactive security assessment technique that involves simulating real-world cyberattacks on an organization’s systems, networks, or applications to identify vulnerabilities, assess security controls, and evaluate the effectiveness of defense mechanisms.
What term describes the proactive simulation of cyberattacks to identify vulnerabilities?
Penetration testing
What is a Known environment in penetration testing?
A Known environment in penetration testing refers to a scenario where the tester has comprehensive knowledge about the target systems, networks, or applications, including access credentials, configuration details, and architecture, allowing for focused testing and analysis of known vulnerabilities.
What term describes a penetration testing scenario where the tester has comprehensive knowledge about the target environment?
Known environment
What is an Unknown environment in penetration testing?
An Unknown environment in penetration testing refers to a scenario where the tester has limited or no prior knowledge about the target systems, networks, or applications, requiring extensive reconnaissance, scanning, and enumeration to discover vulnerabilities and assess security posture.
What term describes a penetration testing scenario where the tester has limited prior knowledge about the target environment?
Unknown environment
What is a Partially known environment in penetration testing?
A Partially known environment in penetration testing refers to a scenario where the tester has some information or understanding about the target systems, networks, or applications, but not comprehensive knowledge, requiring a combination of reconnaissance and testing techniques to identify vulnerabilities.
What term describes a penetration testing scenario where the tester has limited but not comprehensive knowledge about the target environment?
Partially known environment
What are Rules of engagement in penetration testing?
Rules of engagement in penetration testing are guidelines or agreements established between the tester and the client that outline the scope, objectives, limitations, and permissible actions for conducting the test, ensuring alignment with organizational goals, legal requirements, and ethical standards.
What term describes guidelines or agreements for conducting penetration tests?
Rules of engagement
What is Lateral movement in penetration testing?
Lateral movement in penetration testing refers to the technique of traversing or moving horizontally across a network or system from one compromised endpoint to another, typically to escalate privileges, access sensitive data, or pivot to additional targets, simulating the tactics used by real-world attackers.
What term describes the technique of moving horizontally across a network in penetration testing?
Lateral movement
What is Privilege escalation in penetration testing?
Privilege escalation in penetration testing refers to the process of gaining higher levels of access or permissions within a system, network, or application beyond what was initially granted, often by exploiting vulnerabilities, misconfigurations, or insecure design to elevate privileges and access sensitive resources.
What term describes the process of gaining higher levels of access within a system or network?
Privilege escalation
What is Persistence in penetration testing?
Persistence in penetration testing refers to the ability of an attacker to maintain unauthorized access or control over a compromised system, network, or application even after initial exploitation or detection, often achieved by installing backdoors, creating user accounts, or establishing covert communication channels.
What term describes the ability of an attacker to maintain access or control after initial exploitation?
Persistence
What is Cleanup in penetration testing?
Cleanup in penetration testing refers to the process of removing or mitigating the traces, artifacts, or backdoors left behind by the penetration tester during testing activities to restore the target environment to its original state and ensure no residual impact or vulnerabilities remain.