Penetration Testing 1.4 Flashcards

1
Q

What is a penetration test?

A

A simulated attack on a system. Its like a vulnerability scan, except attempting to actually exploit vulnerabilities. This is often a mandatory process by a set of rules and regulations. Tests are generally run by a 3rd party and can be very invasive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Rules of Engagement

A

A document that defines the purpose and scope of penetration testing and makes everyone aware of the test parameters such as what systems will be tested and what time the tests will be conducted. Furthermore it will identify the type of test (physical breach, internal, external) Also it will identify:

The IP address ranges
Emergency contacts
How to handle sensitive information
In-scope and Out-of-scope devices or applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Pen testing options

A

There are different ways to approach the test. Some tests will be conducted where the tester knows everything about the environment, or others where they will know nothing about the systems they have to attack. Sometimes it will be a mixture of both.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Expectations of the tester (expectations of testing)

A

Ideally you want the best penetration tester possible who WILL succeed at finding the vulnerabilities so that you can patch the holes. Once the tester has gained access, you want them to see how far laterally they can access different systems. Furthermore you want them to figure out how much potential control they can take of the systems, create backdoors for new ways in, and see if they can get into anything they normally shouldn’t be able to get into.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Penetration aftermath - 601

A

Penetration testing can leave the systems in altered states. You must have a good working backup to restore your systems to their original state because of how many things may have been altered. Files will need to be removed, accounts fixed, temporary files removed etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Bug Bounty - 601

A

A reward given to hackers who submit bugs/vulnerabilities they have found on your system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Passive Reconnaissance

A

Learning as much as you can from open sources such as social media, corporate web sites, online forums, reddit, dumpster diving, other organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Active Reconnaissance

A

Testing the water. Maybe one door is unlocked, don’t go all in just yet until you are fully prepared.

Ping scans
Port scans
Service scans
Version scans
OS scans
OS fingerprinting
DNS queries

You are gathering intel on the bouncers at the door so that you can go all in fully prepared.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Exploiting vulnerabilities

A

After preparation, you attempt an all in break into the system. This is a delicate process because you can actually cause damage due to data loss if you take down the system entirely. This is a penetration test, not an actual hacking. Try many vulnerability types to break in; password brute-force, social engineering, database injections, buffer overflows etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Black Box

A

The pen-tester knows nothing about the system. A “blind” test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

White Box

A

Full disclosure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Grey Box

A

A mix of white and black. A focus on specific systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly