1.8 techniques used in penetration testing Flashcards
Known environment
Also known as white box tests, are tests performed with full knowledge of the underlying tech, configs and settings that make up the target
Unknown environment
Also known as black box tests, tests intended to replicate what an attacker would encounter. Testers are not provided much info on what they are testing.
Partially known environment
This is a blend of black and white boxes. They provide some information on the environment but not full access
rules of engagement
These are scoping agreements that define what will be tested as well as problem handling and resolution.
lateral movement
This is also considered pivoting, this occurs as the attacker uses the initial system compromise to gain access to other systems on the target network.
privilege escalation
This uses hacking techniques to shift from the initial access gained by the attacker to more advanced privileges
persistence
This allows attackers to regain access to the network
cleanup
This is restoring systems to normal working order and removing traces of their activity
bug bounty
These are programs put in place by organizations to use outside talent to conduct security testing of an organizations public services.
pivoting
Same as lateral movement
drones
Testers use drones to eavesdrop on facilities and connect to the network
war flying
Testers using drones and unmanned aerial vehicles to access networks at facilities.
war driving
Testers driving by facilities in a car equipped with high-end antennas and attempt to eavesdrop or connect wireless networks
footprinting
This identifies the operating systems and applications in use
OSINT
