Domain 1.4 - Explain penetration testing concepts. Flashcards
Pivot
an attacker targets a lower security host, where less security is in place, which in turn enables him or her use the access to the lower security host to exploit the access privileges granted to that host to attack a higher security host with better probability of success
Passive Reconnaissance
Acquiring information without directly interacting with the target.
This is the point when a particular exploit is successfully applied
Initial Exploitation
Involves a user gaining more privileges than they should have.
Escalation of Privilege
Black Box
The tester has absolutely no knowledge of the system and is functioning in the same manner as an outside attacker
White Box
The tester has significant knowledge of the system. This simulates an attack from an insider—a rogue employee
Gray Box
This is a middle ground between the first two types of testing. In gray box testing, the tester has some limited knowledge of the target system.
Difference between pen testing and vulnerability scanning
Vulnerability Scanning is passive.
Pen Testing is you actively trying to brake into a system (within the RoE)
RoE
Rules of engagement
Rules of Engagement
Contains a scope document outlining the extent of the testing that is to be done, an permission from an administrator who can authorize such testing—in writing—to be conducted
Reconnaissance is also called?
Footprinting
______ is nothing more that the steps taken to gather evidence and information about your target.
Reconnaissance
take the information you have gathered in recon and actively apply tools and techniques to gather more in depth information. such as what ports are open.
Scanning and enumeration
Banner grabbing
if footprinting fails you can do foot printing to get IP addresses and OS information.
In this phase true attacks are leveled against the target.
Gaining access
