Chapter 8 Penetration Testing Flashcards
What is Penetration Testing?
Simulating an attack from a malicious outsider probing your network and systems for a way in
What is the most recognized penetration test methodologie?
Open Source Security Testing Methodology Manual (OSSTMM)
What is the test mythology for web applications?
Open Web Application Security Project (OWASP)
What is SP 800-115?
The technical guide to information security testing assessment
What is a known environment (white box) testing?
Tests the internal structures and processing within an application for bugs, and vulnerabilities
What is Unknown environment (black box) testing?
Software testing technique that consists of finding implementation bugs using malformed/semi-malformed data injection in an automated fashion
What is a partially known environment (gray box) testing?
The testers have some knowledge of the software, network, or systems they are testing
What is Lateral movement?
Sometimes referred to as network lateral movement, refers to the process used by attackers to move deeper into a network to get the target data
What is Privilege Escalation?
The process of gaining increased privileges for an account
What are some pathways an attacker can take to achieve privilege escalation?
Getting local admin account
Stealing credentials to an account that has admin rights
Exploitation of a vulnerability that results in privilege escalation
What are the two types of privilege escalation?
Horizontal and Vertical
What is Horizontal privilege escalation?
The attacker expands their privileges by taking over another account and misusing the legitimate privileges granted to the other user
What is Vertical privilege escalation?
The attacker attempts to gain more permissions or access with an existing account they have already compromised
What is persistence?
The ability to exist beyond a machine reboot or after disconnection
What is Advanced Persistent Threat (APT)?
A methodology that is focused first and foremost about maintaining persistence