1.8 Penetration Testing Flashcards
Penetration Testing: 3 levels of testing relevant to knowledge of the environment
- Unknown (black box)
- Known (white box)
- Partial (gray box)
Define penetration testing: rules of engagement
Defining the scope, what systems, when, who, etc.., of a penetration test prior to executing it so that everyone knows about since it may risk bringing systems down
Define penetration testing: lateral movement
Once access is breached, testing to see how many internal devices can be breached
Define penetration testing: persistence
Creating a back-door allowing one to return for access at a later time
Define penetration testing: cleanup
After completion of a penetration test all systems and accounts need to returned to their previous state
Define Bug Bounty
Rewards offered by companies to those to identify bugs or vulnerabilities in their systems/software
Define Pivoting
Breaching a system and then using that system to launch further attacks or breach other systems
How is passive/active reconnaissance relevant to penetration testing? (2)
- Prior to a penetration test, information is gathered (reconnaissance) to identify potential vulnerabilities to test
- Passive reconnaissance is not detectable by the organization but active reconnaissance, such as port scans, is detectable
How are drones used for reconnaissance?
A drone can be used for war flying to gather information about available wireless networks
Define footprinting
Gathering information to use for an attack, can be active or passive
Define war driving
Driving around and identifying available WiFi networks
Define war flying
Using a drone to fly around and scan for available wireless networks
Define OSINT
Open-Source Intelligence, openly available information that attackers can use to craft an attack. Common sources include social media and company websites
Define the “Red Team” in penetration testing
The attacking team
Define the “Blue Team” in penetration testing
The defensive team, handles day-to-day security, responds to threats, maintains patches, recovers data/systems from attacks