1.8 Pen Testing Techniques

Question 1

This document is used to define the purpose and scope of the pentest, type of testing, the schedule, and the rules of the test.

Answer 1

Rules of engagement

Question 2

What is the difference between a “blind” pentest and a “full disclosure”?

Answer 2

How much the tester knows about your environment

Question 3

Why is it important for a pentester to take care in exploiting vulnerabilities during a test?

Answer 3

Exploits can cause a loss of data or a DoS

Question 4

This portion of the pentest involves trying to gain access to the network.

Answer 4

Initial exploitation

Question 5

The second step in the pentest, the tester will try to move from system to system within the network

Answer 5

Lateral movement

Question 6

This portion of the test is step 3, and involves ensuring the tester has a way back through the system. Often involves creating backdoors, user accounts, or changing default admin passwords.

Answer 6

Persistence

Question 7

This is the final step in the process, the tester will attempt to set up a “jumping off” point where they can access other systems that would normally not be accessible.

Answer 7

The Pivot

Question 8

What must take place once the pentest is complete?

Answer 8

Cleanup and collection of bug bounty

Question 9

A reward that can be collected by pentesters for discovering and documenting vulnerabilities

Answer 9

Bug Bounty

Question 10

This is the process of gathering information prior to carrying out a pentest.

Answer 10

Reconnaissance

Question 11

This reconnaissance method involves gathering info from open sources such as social media, corporate sites, forums, social engineering, and dumpster diving.

Answer 11

Passive footprinting

Question 12

Reconnaissance method that involves searching for unsecured networks via wifi and GPS by driving around in a car, flying in a plane, or even via drones. Can result in large amounts of data in a short period of time.

Answer 12

Wardriving or warflying

Question 13

This reconnaissance method involves information gathering tactics such as trying physical doors, running ping, port, OS, and service scans, as well as DNS queries and OS fingerprinting.

Answer 13

Active footprinting

Question 14

Security team:

• Offensive security team - The hired attackers
• Ethical hacking - Find security holes
• Exploit vulnerabilities -Gain access
• Social engineering - Constant vigilance
• Web application scanning - Test and test again

Answer 14

Red Team

Question 15

Security Team:

• Defensive security - Protecting the data
• Operational security - Daily security tasks
• Incident response - Damage control
• Threat hunting - Find and fix the holes
• Digital forensics - Find data everywhere

Answer 15

Blue Team

Question 16

Security Team:

• Red and blue teams working together
• Cooperation is often more useful than competition
• Everybody is on the same page

Answer 16

Purple Team

Question 17

Security Team:

– Manages the interactions between red teams and blue teams
• The referees in a security exercise
– Enforces the rules
– Resolves any issues
– Determines the score
• Manages the post-event assessments

Answer 17

White Team