Penetration Testing 1.4 Flashcards
What is a penetration test?
A simulated attack on a system. Its like a vulnerability scan, except attempting to actually exploit vulnerabilities. This is often a mandatory process by a set of rules and regulations. Tests are generally run by a 3rd party and can be very invasive.
Rules of Engagement
A document that defines the purpose and scope of penetration testing and makes everyone aware of the test parameters such as what systems will be tested and what time the tests will be conducted. Furthermore it will identify the type of test (physical breach, internal, external) Also it will identify:
The IP address ranges
Emergency contacts
How to handle sensitive information
In-scope and Out-of-scope devices or applications.
Pen testing options
There are different ways to approach the test. Some tests will be conducted where the tester knows everything about the environment, or others where they will know nothing about the systems they have to attack. Sometimes it will be a mixture of both.
Expectations of the tester (expectations of testing)
Ideally you want the best penetration tester possible who WILL succeed at finding the vulnerabilities so that you can patch the holes. Once the tester has gained access, you want them to see how far laterally they can access different systems. Furthermore you want them to figure out how much potential control they can take of the systems, create backdoors for new ways in, and see if they can get into anything they normally shouldn’t be able to get into.
Penetration aftermath - 601
Penetration testing can leave the systems in altered states. You must have a good working backup to restore your systems to their original state because of how many things may have been altered. Files will need to be removed, accounts fixed, temporary files removed etc.
Bug Bounty - 601
A reward given to hackers who submit bugs/vulnerabilities they have found on your system.
Passive Reconnaissance
Learning as much as you can from open sources such as social media, corporate web sites, online forums, reddit, dumpster diving, other organizations.
Active Reconnaissance
Testing the water. Maybe one door is unlocked, don’t go all in just yet until you are fully prepared.
Ping scans Port scans Service scans Version scans OS scans OS fingerprinting DNS queries
You are gathering intel on the bouncers at the door so that you can go all in fully prepared.
Exploiting vulnerabilities
After preparation, you attempt an all in break into the system. This is a delicate process because you can actually cause damage due to data loss if you take down the system entirely. This is a penetration test, not an actual hacking. Try many vulnerability types to break in; password brute-force, social engineering, database injections, buffer overflows etc.
Black Box
The pen-tester knows nothing about the system. A “blind” test
White Box
Full disclosure
Grey Box
A mix of white and black. A focus on specific systems.