1.8 - Penetration Testing Flashcards
Define Penetration Test.
A test that simulates an attack. It is similar to vulnerability scanning, except the point is to exploit the vulnerabilities.
Define the Rules of Engagement for pentesting.
An important document that defines the purpose and scope, the type of testing and the schedule, and the rules for the test.
What is the typical process of a pentest?
1) Initial Exploitation (Entry)
2) Lateral movement (Move from system to system
internally as the inside is relatively unprotected)
3) Persistence (Make sure there is a way back in)
- Set up a backdoor
- Build user accounts
-Change or verify default passwords
4) The pivot (gain access to systems that would
normally not be accessible and use a vulnerable
system as a proxy or relay)
What is the typical process of a pentest aftermath?
1) Cleanup (remove vulnerabilities, backdoors, and
user accounts/ Leave the network in its original
state
2) Bug bounty (if applicable)
Define Reconnaissance in pentesting.
Gathering information before the actual pentest. This can include: creating a network map, finding the attack area, understanding the security posture, etc.
Define Passive Footprinting.
Using sources outside the network to gather information on the network that you plan to pentest. This can include: Social Media, Dumpster Diving, Social Engineering, Online Forums, Corporate Web Site, or rival business organizations.
What is OSINT and how is it applicable?
Open Source Intelligence
It can be used in Passive Footprinting to gather information on exploits that is commonly known.
Define Wardriving and Warflying.
Using drones or your vehicle to drive around and gather as much information on a WiFi network as you can. This can include the SSID, encryption method, strength, etc. This can be used in Passive Footprinting.
Define Active Footprinting.
Scanning the exterior security measures in a network to determine weaknesses beforehand. This can include: what network traffic and logs are visible, ping scans and port scans, DNS queries, OS scans and OS fingerprinting, or Service scans and version scans. These reconnaissance tasks are visible in contrary to Passive Footprinting.
List out the different security teams.
1) Red Team
2) Blue Team
3) Purple Team
4) White Team
What role does the red team play?
They are the team that is doing the pentest (offensive security team). They are the ones who will be exploiting vulnerabilities that they find via social engineering, web application scanning, etc.
What role does the blue team play?
They are team defending from the pentest. They are in charge of keeping the network up to date and secure.
What role does the purple team play?
A team that combines both red and blue teams. The red team fills the blue team in on any vulnerabilities that they find.
What role does the White Team play?
They act as referees between the red team and the blue team. They enforce rules, resolve issues, and determine the score. They manage the post-event assessments.