Penetration Testing

Question 1

Definition of Pen Testing?

Answer 1

Try to exploit vulnerability and gain access.

Question 2

Passive reconnaissance

Answer 2

Information gathering phase, from sources that are available. Other ways is dumpster diving, social engineering, cooperate sites, forums, social media.

Question 3

Active reconnaissance

Answer 3

Done by performing a vulnerability scan. Ping scans, Port scans, DNS Queries. Perform OS Fingerprinting to find out more info about the OS. Perform Service/Version scans to see what type of services are running on the OS identified.

Question 4

Exploiting the vulnerability by carrying out what types of attacks?

Answer 4

Carry out brute force attack, db injection, buffer overflow.

Question 5

The Process:

Answer 5

Initial exploitation = attacker gets into the system. Persistance = Attacker sets up a backdoor. The pivot = Foothold point, once an attacker is inside the network, they can move laterally across accessing files and systems within the environment.

Question 6

Black Box

Answer 6

Pen test team doesn’t know the system, has to figure it out themselves.

Question 7

White Box

Answer 7

Pen test is given info about OS, network, system

Question 8

Grey Box

Answer 8

Focus on subset of network or services. Provided little information about systems, have to gather more themselves.

Question 9

Vulnerability Scanning

Answer 9

VS are not invasive. Port scans to identify services. Vulnerability scanning doesn’t perform exploits.

Question 10

Scan Types

Answer 10

Non Intrusive Scan, packet capture process. Gather info about what we are seeing on the network.

Question 11

Intrusive

Answer 11

Checking to see if the vulnerability exists

Question 12

Non Credential Scan

Answer 12

don’t have username/password, try to get in without any creds. Or, provide scanner creds, tool tries to get around existing security once entered the environment.