Pen Testing Flashcards
White box vs black box
White-box testing, also known as clear-box testing or structural testing, examines the internal structure and logic of the software being tested. Testers have access to the source code, design documents, and architecture diagrams, allowing them to design test cases that target specific paths, conditions, and branches within the code. White-box testing focuses on verifying the correctness of individual components, modules, or functions of the software, as well as the interactions between them. This approach is effective at uncovering logic errors, boundary conditions, and performance bottlenecks within the software.
On the other hand, black-box testing focuses on evaluating the functionality of the software without knowledge of its internal structure or implementation details. Testers interact with the software as an end user would, providing inputs and observing outputs to ensure that the software behaves as expected. Black-box testing is useful for validating the software’s behavior against its specifications, requirements, or user expectations. It helps uncover defects related to usability, functionality, and compatibility, regardless of how the software is implemented.
Passive reconnaissance
In penetration testing, passive reconnaissance refers to the initial phase of gathering information about the target network, systems, and infrastructure without directly interacting with them or triggering security alerts. This phase aims to collect publicly available data, such as domain names, IP addresses, email addresses, employee names, and organizational information, through methods like open-source intelligence (OSINT) gathering, internet searches, and social engineering.
Passive reconnaissance helps testers understand the target’s attack surface, identify potential entry points, and assess the level of security awareness and visibility of the target organization. The information gathered during passive reconnaissance serves as a foundation for planning and executing subsequent phases of the penetration test, such as active scanning and vulnerability analysis, to identify and exploit security vulnerabilities effectively.
Active reconnaissance
In penetration testing, active reconnaissance constitutes a critical phase wherein testers actively engage with the target network, systems, and infrastructure to gather insightful information and unearth potential vulnerabilities. Unlike passive reconnaissance, which involves discreetly collecting publicly available data, active reconnaissance involves direct interaction with the target environment. Techniques like port scanning, network enumeration, and service fingerprinting are employed to probe the target, identifying open ports, active services, and potential entry points for exploitation. This phase is crucial as it provides testers with a deeper understanding of the target’s security posture, allowing them to simulate real-world attack scenarios and identify weaknesses that malicious actors could exploit.
The information gleaned from active reconnaissance serves as the foundation for subsequent phases of the penetration test, enabling testers to prioritize attack vectors and tailor their approach accordingly. By identifying vulnerabilities such as misconfigurations, outdated software, or known security flaws, penetration testers can effectively simulate cyber attacks and provide actionable recommendations to enhance the target organization’s security defenses. Active reconnaissance thus plays a pivotal role in penetration testing, helping organizations proactively identify and mitigate potential security risks before they can be exploited by malicious actors.
War chalking
War chalking is a practice that emerged in the early 2000s as a way for individuals to mark public locations where wireless internet access, particularly Wi-Fi networks, could be found. Participants would use chalk or other easily removable markers to draw symbols or codes on sidewalks, buildings, or other surfaces near wireless access points to indicate their presence and share information with others. These symbols typically included variations of the Wi-Fi logo or alphanumeric codes representing network characteristics such as network name (SSID), signal strength, and security measures.
The purpose of war chalking was to create a community-driven map of available wireless networks, allowing individuals to locate and access Wi-Fi connections in public spaces. However, the practice has largely declined in popularity with the widespread adoption of smartphones and the proliferation of wireless networks, as well as increased security concerns regarding unauthorized access to private networks. While war chalking is largely obsolete today, it remains a notable phenomenon in the history of wireless networking and the early days of the internet’s integration into public spaces.
Spoofing
Spoofing is a malicious technique used to deceive or trick computer systems, networks, or users by falsifying information or impersonating a legitimate entity. This can involve various forms of manipulation, such as forging IP addresses, email headers, or website URLs, to appear as if they originate from a trusted source.
One common type of spoofing is IP spoofing, where attackers alter the source IP address of packets to disguise their identity or bypass access controls. Email spoofing involves forging the sender’s email address to impersonate a known contact or organization, often used in phishing attacks to trick recipients into divulging sensitive information or downloading malware. Similarly, website spoofing entails creating fake websites that mimic legitimate ones to deceive users into providing login credentials or financial data.
Spoofing attacks can have serious consequences, including unauthorized access to systems, theft of sensitive information, or financial fraud. To mitigate the risk of spoofing, organizations implement security measures such as email authentication protocols, network intrusion detection systems, and cryptographic techniques to verify the authenticity of communications and detect fraudulent activity.
war driving
War driving is a technique used to discover and map wireless networks, particularly Wi-Fi networks, by driving around in a vehicle equipped with a laptop or mobile device capable of detecting and logging nearby access points. This practice involves scanning for wireless signals and capturing information such as network names (SSIDs), signal strengths, and encryption settings.
The term “war driving” originated from the idea of conducting reconnaissance similar to war dialing, a technique used to find unprotected modem connections by dialing a large range of phone numbers. War driving has been popularized as a way to create maps of wireless networks’ locations and coverage areas, allowing individuals to identify available Wi-Fi connections for various purposes, such as internet access or security testing.
insider threat
An insider threat refers to the risk posed to an organization’s security and confidentiality by individuals within the organization, such as employees, contractors, or partners, who misuse their authorized access to data, systems, or resources for malicious purposes or inadvertently compromise security due to negligence or ignorance.
These threats can manifest in various forms, including:
Malicious insiders: Individuals who intentionally abuse their access privileges to steal sensitive information, commit fraud, sabotage systems, or disrupt operations for personal gain, revenge, or ideological reasons.
Negligent insiders: Individuals who inadvertently compromise security through careless or uninformed actions, such as clicking on phishing emails, mishandling sensitive data, or failing to follow security policies and procedures.
Compromised insiders: Individuals whose credentials or access privileges are compromised by external attackers through techniques like phishing, social engineering, or malware, allowing attackers to exploit their trusted status to carry out attacks from within the organization’s network.
Which of the following statements does not apply to the concept of OSINT?
Gaining advantage over competitors
Passive reconnaissance in penetration testing
Preparation before launching a cyberattack
Active reconnaissance in penetration testing
The concept of OSINT (Open Source Intelligence) primarily involves gathering information from publicly available sources to obtain insights and intelligence about individuals, organizations, or systems.
While the other options are related to OSINT:
Passive reconnaissance in penetration testing involves collecting publicly available data about a target network or system without directly interacting with it, which aligns with the principles of OSINT.
Preparation before launching a cyberattack may involve using OSINT to gather information about potential targets, such as identifying vulnerabilities or understanding the target’s infrastructure and defenses.
Gaining advantage over competitors is a strategic use of OSINT in business intelligence, where organizations may gather publicly available information about competitors to gain insights into their strategies, market position, or product offerings.
However, active reconnaissance in penetration testing typically involves actively probing and scanning the target network or system to gather information, which goes beyond the scope of OSINT. Active reconnaissance may include techniques such as port scanning, network enumeration, and service fingerprinting, which involve direct interaction with the target and may trigger security alerts or defensive measures. Therefore, the statement “Active reconnaissance in penetration testing” does not apply to the concept of OSINT.
