Penetration testing: Discovering vulnerabilities Flashcards
What is an exploit?
An event that weaponizes vulnerabilities in a system to make the system act in a way it was not intended to
What are the steps taken during a penetration test
- Preparation: Set up a test plan and do all the prep work (have permission, have authorization)
- Customer interview
- Define scope/targets
- Define rules of engagement
- Complete liability waiver, NDA, permissions, memo
- Creating testing team and set rules - Testing: Begins and ends on onside test
- Conclusion
- Measure findings against business assets or concerns and threats
- Deliver report and recommendations
What should customer interviews contain?
Why do they want the penetration test?
What do they need to protect?
Do they have threat data or threat report (logs, errors, …)
What is their goal of the test?
Why is it important to define the scope?
-To know what type of test should be carried out.
-Avoid scope creep.
-What is on- and off limits.
-Make sure you have authorization to test from all targets - 3rd party software needs additional explicit authorization (cloud infrastructure, etc.).
-Are we testing the test- or the production environment (test environment may have different setups/config/networks, prod tests may crash the running services)
What are some different types of penetration tests?
Network service vulnerability test
Web app and site
Internal client and database test
social engineering
DoS
Red team
What does ROE define? (Rules Of Engagement)
Testing times
Test type (Blue team / Red team)
- Red team will be more
Points of contact
Testing schedule, briefings, reporting
Problem solving
What is target reconnaissance?
Information gathering
Learning as much as possible about the target using regular means (using non-technical ways)
- Parent organization
- People
- Policies
- network and systems
- hostname, domain, IP, technologies being used
Recon tools
nslookup, google advanced search, DoH/DoT, private DNS
