Offensive Security Flashcards
Name and describe the three main types of penetration testing.
- Black box test: the tester has no knowledge of the system or network being tested
- White box testing: the tester has full knowledge of the system, including its architecture, configuration, and vulnerabilities.
- Gray box testing: the person conducting the test has a limited access to information on the internal workings of the targeted system.
What are the 4 steps in a penetration test?
- Planning: The tester must first gather information about the system being tested, including its architecture, configuration, and vulnerabilities.
- Enumeration: The tester then enumerates the system, which means identifying all of the open ports and services.
- Exploitation: The tester then exploits any vulnerabilities that are found.
- Reporting: The tester then reports on their findings, including any vulnerabilities that were exploited.
What is nmap?
Nmap (Network Mapper) is a free and open-source tool for network discovery and security auditing. It is used to scan IP addresses and ports in a network and to detect installed applications. Nmap allows network admins to find which devices are running on their network, discover open ports and services, and detect vulnerabilities.
What is nessus?
Nessus is a vulnerability scanner developed by Tenable Network Security. It is a commercial product, but there is also a free and open-source version called Nessus Essentials. Nessus is used to scan networks for vulnerabilities in systems, applications, operating systems, and cloud services.
What is metasploit?
Metasploit is an open-source penetration testing framework that allows you to find, exploit, and manage security vulnerabilities. It is a powerful tool that can be used by security professionals to test the security of their networks and systems.
Describe passive and active reconnaissance.
passive reconnaissance is the process of gathering information about a target without interacting with it. This can be done by collecting data from publicly available sources, such as websites, social media, and DNS records. Active reconnaissanceis the process of gathering information about a target by interacting with the target in some way. This can be done by sending packets to the target’s IP address, scanning its ports, or trying to exploit known vulnerabilities.
