1.8 Penetration test techniques Flashcards

1
Q

What is a penetration testing?

A

A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the rule of engagement for pentest?

A
  • Define purpose and scope
  • Make everyone aware of the test parameters
  • Type of testing and schedule (on-site, internal/external test)
  • List the rules (IP address ranges, how to handle sensitive info, in scope and out of scope device/applications)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a unknown environment pentest?

A

The pentester knows nothing about the systems under attack. Also called ‘blind test’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a known environment pentest?

A

Full disclosure of information on the target

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a partially known environment pentest?

A

Mix of known and unknown, it focuses on certain systems or applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What a pentester should do prior to exploiting any vulnerability?

A
  • Seek for approval before exploiting because it can cause a DoS, loss of data
  • Find the best way to gain access to the system (password brute-force, social engineering, DB injections, buffer overflow
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the process of pentesting?

A
  • Initial exploitation: get into the network
  • Lateral movement: move form system to system, inside the network
  • Persistence: once you gain access, you need to make sure there’s a way back in so you can set up a backdoor, build user accounts, change pwd setting
  • The pivot: gain access to systems that would normally not be accessible and gain access to other trusted system on the inside
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What to do after the pentest is over?

A
  • Cleanup: leave the network in its original state, remove binary or temporary files, remove any backdoor, delete user account created during the test
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a bug bounty?

A

A reward for discovering vulnerabilities, you need to document the vulnerability to earn cash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of reconnaissance phase ?

A
  • Collect information before the attack
  • Gathering a digital footprint
  • Understand the security posture
  • Minimize the attack area (focus on key systems)
  • Create a network map (identify routers, network devices etc)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a passive footprint?

A

Learn as much as you can from open sources: social media, corporate web site, online forum (reddit), social engineering, dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Is OSINT a passive footprint technique ?

A

Yes, OSINT help gathering information from many open sources (check the OSINT framework)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is wardriving / warflying?

A

A passive footprint technique which combine wifi monitoring and a GPS (to seek where a wireless device might be). With this technique, we are gathering info as we drive/fly around the city

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is active footprint?

A

Gathering information via ping scan, port scans, analyse DNS queries, OS scans, OS fingerprints, service/version scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security team involves …

A

operational security, penetration testing, exploit research, web application hardening etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a red team?

A

A red team is a group that plays the role of an adversary to provide security feedback from an antagonist’s perspective: exploit vulnerability, use social engineering, web application scanning

17
Q

What is a blue team?

A

Defensive team incharge of the operational security, incident response, threat hunting (update vulnerability, applu patches and updates etc) and digital forensics (data)

18
Q

What is a purple team?

A

Red and blue team working together. Both team cooperate, share data, give feedbacks etc

19
Q

What is a white team?

A

They manage the interections between red teams and blue teams. It can be the referees in a security exercice: enforce rules, resolves issues, determines the score. They also manage the post-event assessments (lessons learned, results etc)