1.8 Penetration test techniques Flashcards
What is a penetration testing?
A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities
What are the rule of engagement for pentest?
- Define purpose and scope
- Make everyone aware of the test parameters
- Type of testing and schedule (on-site, internal/external test)
- List the rules (IP address ranges, how to handle sensitive info, in scope and out of scope device/applications)
What is a unknown environment pentest?
The pentester knows nothing about the systems under attack. Also called ‘blind test’
What is a known environment pentest?
Full disclosure of information on the target
What is a partially known environment pentest?
Mix of known and unknown, it focuses on certain systems or applications
What a pentester should do prior to exploiting any vulnerability?
- Seek for approval before exploiting because it can cause a DoS, loss of data
- Find the best way to gain access to the system (password brute-force, social engineering, DB injections, buffer overflow
What is the process of pentesting?
- Initial exploitation: get into the network
- Lateral movement: move form system to system, inside the network
- Persistence: once you gain access, you need to make sure there’s a way back in so you can set up a backdoor, build user accounts, change pwd setting
- The pivot: gain access to systems that would normally not be accessible and gain access to other trusted system on the inside
What to do after the pentest is over?
- Cleanup: leave the network in its original state, remove binary or temporary files, remove any backdoor, delete user account created during the test
What is a bug bounty?
A reward for discovering vulnerabilities, you need to document the vulnerability to earn cash
What is the purpose of reconnaissance phase ?
- Collect information before the attack
- Gathering a digital footprint
- Understand the security posture
- Minimize the attack area (focus on key systems)
- Create a network map (identify routers, network devices etc)
What is a passive footprint?
Learn as much as you can from open sources: social media, corporate web site, online forum (reddit), social engineering, dumpster diving
Is OSINT a passive footprint technique ?
Yes, OSINT help gathering information from many open sources (check the OSINT framework)
What is wardriving / warflying?
A passive footprint technique which combine wifi monitoring and a GPS (to seek where a wireless device might be). With this technique, we are gathering info as we drive/fly around the city
What is active footprint?
Gathering information via ping scan, port scans, analyse DNS queries, OS scans, OS fingerprints, service/version scans
Security team involves …
operational security, penetration testing, exploit research, web application hardening etc
What is a red team?
A red team is a group that plays the role of an adversary to provide security feedback from an antagonist’s perspective: exploit vulnerability, use social engineering, web application scanning
What is a blue team?
Defensive team incharge of the operational security, incident response, threat hunting (update vulnerability, applu patches and updates etc) and digital forensics (data)
What is a purple team?
Red and blue team working together. Both team cooperate, share data, give feedbacks etc
What is a white team?
They manage the interections between red teams and blue teams. It can be the referees in a security exercice: enforce rules, resolves issues, determines the score. They also manage the post-event assessments (lessons learned, results etc)
