Eth H

Question 1

What is an external network pentest?

Answer 1

Looking at an organization’s security from the outside of an organization.

Question 2

What does OSINT stands for?

Answer 2

Open Source Intelligence

Question 3

On what methodology does the external network pentest focuses heavily?

Answer 3

On OSINT Gathering

Question 4

What examples are there of an external network pentest?

Answer 4

Hacking the target server from another country, from another office or a house.

Question 5

What does OSINT Gathering consist in?

Answer 5

On gathering as much intel and data about an organization.
Their employees, their email format.

Have they ever been involved in a breach? If so can we have access to the breached data? Were there any passwords among that data?
Is there any data we can collect to breach a login panel or breach a VPN o r breach any area we otherwise would not be allowed into?

Question 6

What is an internal network pentest?

Answer 6

Assessing the organization´s security from inside of the network.

Question 7

What example could there be for an internal network pentest?

Answer 7

A phishing email or a person who actually had access to the building could leave some unwanted software. This already gives access to the network. And what we test is what else can we breach after that.

Question 8

On what methodology do internal network pentests primarily focus on?

Answer 8

On Active Directory Attacks

Question 9

What is a web application pentest?

Answer 9

Its assessing an organization’s web applications’ security

Question 10

On what methodology do web application pentests primarily focus on?

Answer 10

On web-based attacks and on the OWASP testing guidelines.

Question 11

What does OWASP stands for?

Answer 11

Open Web Applications Security Project

Question 12

What is a Wireless pentest?

Answer 12

Its assesing an organization’s wireless network security.

Question 13

On what factors does the methodology used for a wireless pentest depends on?

Answer 13

On the wireless type being used
(guest vs WPA-PSK vs WPA2 Enterprise)

Question 14

What device do you need to perform wireless pentests?

Answer 14

A wireless network adpater

Question 15

What is a physical pentest?

Answer 15

Assessing an organization’s physical security

Question 16

On what factors does the methodology used for physical pentests depends on?

Answer 16

On tasks and goals set by the client.

Question 17

Mention other types of assesments that a pentester may perform:

Answer 17

Mobile Penetration Testing
IoT Penetration Testing
Red Team Engagements
Purple Tem Engagements

Question 18

What is report writing for?

Answer 18

To communicate findings and recommendations from pentest assessment.

Question 19

How much time is it typically expected for a report writing to be delivered in?

Answer 19

About a week after the engagement ends.

Question 20

What are the 2 types of findings that the report should highlight?

Answer 20

Non-technical (executive) and technical findings.

Question 21

How should the recommendations be in the report writing?

Answer 21

Recommendations for remmediation should be as clear as possible for both, the executive viewpoint and the technical staff viewpoint.

Question 22

How is a debrief performed?

Answer 22

A debrief is basically the walthrough of your report findings. This is done for both technical and non-technical staff.

Debrief must be able to be explained at a high-level and at a low-level depending on an audience.

Question 23

Why is the debrief important?

Answer 23

Because it gives the client an opportunity to ask questions and address any concerns they might have.