Chapter 8 Penetration Testing

Question 1

What is Penetration Testing?

Answer 1

Simulating an attack from a malicious outsider probing your network and systems for a way in

Question 2

What is the most recognized penetration test methodologie?

Answer 2

Open Source Security Testing Methodology Manual (OSSTMM)

Question 3

What is the test mythology for web applications?

Answer 3

Open Web Application Security Project (OWASP)

Question 4

What is SP 800-115?

Answer 4

The technical guide to information security testing assessment

Question 5

What is a known environment (white box) testing?

Answer 5

Tests the internal structures and processing within an application for bugs, and vulnerabilities

Question 6

What is Unknown environment (black box) testing?

Answer 6

Software testing technique that consists of finding implementation bugs using malformed/semi-malformed data injection in an automated fashion

Question 7

What is a partially known environment (gray box) testing?

Answer 7

The testers have some knowledge of the software, network, or systems they are testing

Question 8

What is Lateral movement?

Answer 8

Sometimes referred to as network lateral movement, refers to the process used by attackers to move deeper into a network to get the target data

Question 9

What is Privilege Escalation?

Answer 9

The process of gaining increased privileges for an account

Question 10

What are some pathways an attacker can take to achieve privilege escalation?

Answer 10

Getting local admin account
Stealing credentials to an account that has admin rights
Exploitation of a vulnerability that results in privilege escalation

Question 11

What are the two types of privilege escalation?

Answer 11

Horizontal and Vertical

Question 12

What is Horizontal privilege escalation?

Answer 12

The attacker expands their privileges by taking over another account and misusing the legitimate privileges granted to the other user

Question 13

What is Vertical privilege escalation?

Answer 13

The attacker attempts to gain more permissions or access with an existing account they have already compromised

Question 14

What is persistence?

Answer 14

The ability to exist beyond a machine reboot or after disconnection

Question 15

What is Advanced Persistent Threat (APT)?

Answer 15

A methodology that is focused first and foremost about maintaining persistence

Question 16

What is Cleanup?

Answer 16

Covering ones tracks

Question 17

What are some examples of Cleanup?

Answer 17

• Clearing logs,
• blocking remote logging,
• messing with system history
• Using reverse shells and ICMP tunnels

Question 18

What is Pivoting?

Answer 18

An attacker moves to a new location in a network and begins the attack process over again

Question 19

What is the purpose of lateral movement?

Answer 19

To go to where the data is

Question 20

What is the purpose of pivoting?

Answer 20

To learn where to move next

Question 21

What is passive reconnaissance?

Answer 21

To gain info about targeted computers and networks without actively engaging with the target systems and thus avoiding detection

Question 22

What is active reconnaissance?

Answer 22

The attacker engages with the target systems

Question 23

What is war flying?

Answer 23

Using drones to capture network traffic

Question 24

What is War Driving?

Answer 24

Using a car to drive past the points of access

Question 25

What is Footprinting?

Answer 25

Also called reconnaissance. The first step in gaining active info on a network

Question 26

What is a Red Team?

Answer 26

A team of members who are focused on offense. They use their skills to mimic real-world threat environment and provide a test of a firms defensive capabilities

Question 27

What is a Blue team?

Answer 27

The defense team that focus primarily on defending against malicious hackers on a network

Question 28

What is a purple team?

Answer 28

A hybrid team of Red and blue teams