Penetration Testing

Question 1

Penetration testing

Answer 1

Exploits weakness

Reconnaissance first step
Active reconnaissance -interacts with the system and network can be seen by attackers

Passive Reconnaissance- using tools not detected by network or hacker

Question 2

Reconnaissance

Answer 2

Topology discovery-discovering devices in the network

Service discovery- determining what services are running on a system

IS fingerprinting determine the operation system

Reviewing log- info whether packets are accepted dropped or denied

Packet capture- establishing a network baseline

Social engineering

Question 3

Pivoting

Answer 3

The ability of an attacker to move thru the network

Question 4

Pivoting exploitation

Answer 4

Exploiting a vulnerability

Commonly performed by pivoting and escalation of privilege

Question 5

Escalation of privilege

Answer 5

Vertical
Elevated permissions
Lower to higher(user to admin)

Horizontal
From oan account in one group to a similar account in another group with out the same privileges

Question 6

Persistence

Answer 6

Creating a back door to evade normal authentications

Apt- advanced persistence threat

Invisibility and persistence

Actors are patient

Question 7

Penetration testing box types

Answer 7

Black box test- test software functionality- no knowledge(zero day)

White box test- testers have detailed knowledge- simulates insider attacks

Gray box test- thought of as a hybrid of black and white testing

Testers have some limited knowledge of software network and systems

Question 8

Blind vs double

Answer 8

Blind-
Attackers have no knowledge of the network defenders do

Double blind test
Neither side knows anything