Penetration Testing Concepts Flashcards
The use of tools to send data to systems and then understand responses that is accomplished with various network and vulnerability scanners. This can be incredibly illegal and should not be engaged in without being given proper authorization.
Active reconnaissance
You do not touch any of the target’s equipment though you are going through available information – forums, social media – about company and its employees.
Passive reconnaissance
Using a compromised machine to attack other machines on the same network by gaining access to an area of lower security in order to be more likely to have a successful attack on an area of greater security
Pivot
AKA Island hopping
Usually the hardest part – a vulnerability is taken advantage of to get into the network or system
Initial exploitation
Installing backdoors or methods to keep access to the host or networks.
Persistence
Allows for a user to get a higher-level access than what authentication allows for and can be resolved through patching and updating. This is typically related to a bug or vulnerability.
Escalation of privilege
You have no prior knowledge of a network
Black box
You are given a network map and you have full knowledge of the configurations allowing you to perform specific tests.
White box
Knowledge of the network but not incredibly detailed
Grey box
Active attack on the network to exploit vulnerabilities and can assess potential damages and the potential of the exploits being found – human
Penetration testing
Passively scans and identifies vulnerabilities – automated
Vulnerability scans