pentesting fundamentals Flashcards
what is a penetration test
an authorized audit of a system’s security/defenses as agreed upon by the owners
scope of a pentesting agreement (scope)
the agreed upon tools, techniques, and system to be audited between the owners and pentester
ROE document
rules of engagement doc
*created at initial stages of a pentest engagement
*made up of 3 sections
permission (ROE)
gives explicit permission for pentest to be carried out
*protects individuals/organizations for their activities
test scope (ROE)
annotates specific targets to which the engagement will apply
rules (ROE)
defines the exact rules/techniques to be used during the engagement
methodology
the steps a pentester takes during an engagement
info gathering
collecting as much publicly available info about a target as possible (OSINT/research)
enumeration/scanning
discovering apps/services running on systems
exploitation
leveraging vulnerabilities discovered on a system/app
privelege escalation
gaining access to a system through an exploit (foothold) and expanding access horizontally or vertically
post-exploitation
what other hosts to target?
what additional info to gather from hosts?
covering tracks
reporting
black box testing
high-level process where tester is not given any information about the inner working of the app/service
grey box testing
most popular for pentesting
*tester has limited knowledge of app/service
white box testing
low-level process where tester tests internal components of app/service and ensures its function work correctly
*tester has full knowledge of the app/service
