1.8 Penetration test techniques Flashcards
What is a penetration testing?
A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities
What are the rule of engagement for pentest?
- Define purpose and scope
- Make everyone aware of the test parameters
- Type of testing and schedule (on-site, internal/external test)
- List the rules (IP address ranges, how to handle sensitive info, in scope and out of scope device/applications)
What is a unknown environment pentest?
The pentester knows nothing about the systems under attack. Also called ‘blind test’
What is a known environment pentest?
Full disclosure of information on the target
What is a partially known environment pentest?
Mix of known and unknown, it focuses on certain systems or applications
What a pentester should do prior to exploiting any vulnerability?
- Seek for approval before exploiting because it can cause a DoS, loss of data
- Find the best way to gain access to the system (password brute-force, social engineering, DB injections, buffer overflow
What is the process of pentesting?
- Initial exploitation: get into the network
- Lateral movement: move form system to system, inside the network
- Persistence: once you gain access, you need to make sure there’s a way back in so you can set up a backdoor, build user accounts, change pwd setting
- The pivot: gain access to systems that would normally not be accessible and gain access to other trusted system on the inside
What to do after the pentest is over?
- Cleanup: leave the network in its original state, remove binary or temporary files, remove any backdoor, delete user account created during the test
What is a bug bounty?
A reward for discovering vulnerabilities, you need to document the vulnerability to earn cash
What is the purpose of reconnaissance phase ?
- Collect information before the attack
- Gathering a digital footprint
- Understand the security posture
- Minimize the attack area (focus on key systems)
- Create a network map (identify routers, network devices etc)
What is a passive footprint?
Learn as much as you can from open sources: social media, corporate web site, online forum (reddit), social engineering, dumpster diving
Is OSINT a passive footprint technique ?
Yes, OSINT help gathering information from many open sources (check the OSINT framework)
What is wardriving / warflying?
A passive footprint technique which combine wifi monitoring and a GPS (to seek where a wireless device might be). With this technique, we are gathering info as we drive/fly around the city
What is active footprint?
Gathering information via ping scan, port scans, analyse DNS queries, OS scans, OS fingerprints, service/version scans
Security team involves …
operational security, penetration testing, exploit research, web application hardening etc