1.8 Pen Testing Techniques Flashcards
This document is used to define the purpose and scope of the pentest, type of testing, the schedule, and the rules of the test.
Rules of engagement
What is the difference between a “blind” pentest and a “full disclosure”?
How much the tester knows about your environment
Why is it important for a pentester to take care in exploiting vulnerabilities during a test?
Exploits can cause a loss of data or a DoS
This portion of the pentest involves trying to gain access to the network.
Initial exploitation
The second step in the pentest, the tester will try to move from system to system within the network
Lateral movement
This portion of the test is step 3, and involves ensuring the tester has a way back through the system. Often involves creating backdoors, user accounts, or changing default admin passwords.
Persistence
This is the final step in the process, the tester will attempt to set up a “jumping off” point where they can access other systems that would normally not be accessible.
The Pivot
What must take place once the pentest is complete?
Cleanup and collection of bug bounty
A reward that can be collected by pentesters for discovering and documenting vulnerabilities
Bug Bounty
This is the process of gathering information prior to carrying out a pentest.
Reconnaissance
This reconnaissance method involves gathering info from open sources such as social media, corporate sites, forums, social engineering, and dumpster diving.
Passive footprinting
Reconnaissance method that involves searching for unsecured networks via wifi and GPS by driving around in a car, flying in a plane, or even via drones. Can result in large amounts of data in a short period of time.
Wardriving or warflying
This reconnaissance method involves information gathering tactics such as trying physical doors, running ping, port, OS, and service scans, as well as DNS queries and OS fingerprinting.
Active footprinting
Security team:
- Offensive security team - The hired attackers
- Ethical hacking - Find security holes
- Exploit vulnerabilities -Gain access
- Social engineering - Constant vigilance
- Web application scanning - Test and test again
Red Team
Security Team:
- Defensive security - Protecting the data
- Operational security - Daily security tasks
- Incident response - Damage control
- Threat hunting - Find and fix the holes
- Digital forensics - Find data everywhere
Blue Team