Chapter 5: Monitoring, Scanning, and Penetration Testing Flashcards
These pen testers work in an unknown environment and are given no info on the company. They will carry out an initial exploitation looking for vulnerabilities.
Black Box
These pen testers work in a partially known environment as they are given limited info.
Gray Box
These pen testers work in a known environment. One of the purposes of these pen testers is to test applications in a sandbox o that when they are released, they do not have any vulnerabilities. They know everything about a system or application as they have access to an application’s source code.
White Box
These are details of the person within the company who has authorized the pen test, also with their contact details, so that they can be updated periodically on the progress of the test. They should agree to a time and date to start the pen test.
Rules of Engagement (ROE)
Client Contact Details
The type of test, whether it is black, gray, or white, and what action is allowed to be taken if a vulnerability has been found.
Rules of Engagement (ROE)
Scope
If this is an announced pen test, we should let the IT team know the IP addresses of the pen testers. This will allow the IT team to differentiate between live attacks and the pen testers.
Rules of Engagement (ROE)
IT Team Notification
The rules of how pen testers will handle PII and sensitive info that they acquire: do they keep copies on their computers, and what levels of encryption should they use for storage.
Rules of Engagement (ROE)
Data Handling
Pen testing on web applications is conducted in a sandbox rather than affect the customer’s potential sales on the production website.
Rules of Engagement (ROE)
Web Applications
Depending on the length of the pen test, regular meetings should be conducted with the client, giving them real-time updates of the progress being made, The client will then inform the pen testers if their IT team has identified any breaches of security.
Rules of Engagement (ROE)
Regular Client Meeting
TIP
A white box pen tester has all the info they need, including the source code.
TIP
This is the process to restore the environment back to the original state. The pen testers may be asked to provide details of vulnerabilities to the IT team so that they can secure their environment.
Rules of Engagement (ROE)
Cleanup
This is the process where corporations or software vendors reward the testers who find vulnerabilities in their environment, especially those affecting the security of their environments. Large corporations should have this in place. The pen tester will be asked to look for the same software vulnerabilities as the ___ ______ program.
Rules of Engagement (ROE)
Bug Bounty
A _____ attack is when an attacker gains access to a desktop computer inside a company, which they use to launch and attack another computer or server.
(Network Exploitation Techniques)
Pivoting
This is where attackers move around your network looking for resources to exploit in an effort to avoid detection. This digs deeper into your network in a search.
(Network Exploitation Techniques)
Lateral Movement
This is an attack over an extended period of time.
(Network Exploitation Techniques)
Persistence
Escalation of privilege is where an attacker exploits a weakness in a system so that they can gain a higher level of privileges on it.
(Network Exploitation Techniques)
Escalation of Privilege
_____ __________ is where someone actively tries to gain information about the system. For example, an attacker finds a username left on one of the corporate desktops; they then ring up the active directory team, pretending to be that person and requests a password reset. This is ______ ___________, as they have carried out an action.
(Network Exploitation Techniques)
Active Reconnaissance
____ ________ is where an attacker is constantly gathering info, without the victim’s knowledge. For example, an attacker is sitting in a coffee shop when they realize that two members of Company A’s security team are having lunch. The attacker listens to every word that is said, and the security team is unaware of the eavesdropping. This is ______ _______.
Passive Reconnaissance
These can be used for passive reconnaissance as they have cameras, including thermal imaging, and can collect useful info. However, they also could be armed and used to cause destruction. In this case, ____ constitute active reconnaissance.
(Reconnaissance Tools)
Drones
This could also use a drone with a laptop or PDA so that they can map out wireless networks, and they could also have Bluetooth and cellular capability. This is passive reconnaissance as it maps out the networks.
(Reconnaissance Tools)
War Flying
This is where someone drives around in a car mapping out wireless access points, including those that could be vulnerable. This is passive reconnaissance.
(Reconnaissance Tools)
War Driving
This is the process that hackers would use to map out all of the connections to a specific computer looking for remote access capabilities, open ports, services, and vulnerabilities.
(Reconnaissance Tools)
Footprinting