Introduction to Penetration Testing Flashcards
(17 cards)
what is penetration testing
Definition: A security exercise where a cybersecurity expert tries to find and exploit weaknesses in a computer system.
Purpose: To identify vulnerabilities that real attackers could exploit.
Method: Can be done manually or using automated tools.
Types of Penetration Tests
Blackbox Testing - testing as attacker
No knowledge of internal systems.
Tests from a user’s or outsider’s view.
Focuses on input/output and functionality.
✅ Good for user-facing issues.
❌ Can miss internal flaws.
Whitebox Testing - testing as developer
Full access to code and system internals.
Tests logic, branches, and internal flow.
✅ Very thorough, finds code-level bugs.
❌ Time-consuming, not realistic for outside attacks.
Greybox Testing - testing as user with some access to data
Partial knowledge of the system.
Mix of blackbox and whitebox.
✅ Balanced, simulates insider threats.
❌ May miss deep internal issues.
white hat hackers, black hat hackers and grey hat hackers
👨💻 White Hat Hackers (Ethical Hackers)
✅ Work legally to help improve security.
🔍 Find vulnerabilities with permission.
💼 Often hired by companies for penetration testing.
🎯 Goal: Protect systems and users.
🕵️ Black Hat Hackers
❌ Illegal activities — break into systems without permission.
🎯 Goal: Steal data, cause damage, or gain unauthorized access.
💰 Often motivated by profit, revenge, or political reasons.
⚖️ Grey Hat Hackers
🤔 Operate in between white and black hats.
🔍 May hack without permission, but don’t have malicious intent.
🛠 Sometimes report flaws to the company — other times publicly expose them.
❗ Can still be breaking the law, even if they mean well.
Computer Misuse Act
- Unauthorised access to computer material
- Unauthorised access with intent to commit or facilitate commission of
further offences - Unauthorised acts with intent to impair, or with recklessness as to
impairing, operation of computer, etc - Unauthorised acts causing, or creating risk of, serious damage
Penetration Testing vs Vulnerability
Assessment
Penetration testing is not the main way to find vulnerabilities.
It is used to verify and improve your vulnerability assessment and management processes.
Think of it like a financial audit:
Your team manages finances daily.
An external audit checks if the process is reliable — just like a pen test checks your security processes.
Bug Bounties vs Pentesting
Penetration Testing (Pentesting):
Conducted by hired security professionals (internal or external).
Scoped and time-limited – targets are clearly defined.
Simulates real-world attacks to find vulnerabilities.
Results in a detailed report with vulnerabilities and fixes.
Scheduled periodically (e.g., annually or after major changes).
🐞 Bug Bounty Programs:
Open to independent ethical hackers (public or private program).
Ongoing – can run continuously.
Hackers are rewarded per valid bug found (bounty).
Encourages diverse perspectives – many hackers, many skills.
Can uncover unexpected vulnerabilities outside typical scope
who conducts pen testing
🔴 Red Team
Acts as the offensive attackers.
Simulates real-world cyber attacks to find vulnerabilities.
Uses various tactics, techniques, and exploits to penetrate defenses.
Goal: Test the effectiveness of security by breaching systems without prior knowledge of defenses.
🔵 Blue Team
Acts as the defensive team.
Responsible for monitoring, detecting, and responding to attacks.
Manages and improves security controls like firewalls, IDS/IPS, and incident response.
Goal: Protect systems and mitigate damage during attacks.
🟣 Purple Team
A collaboration between Red and Blue teams.
Facilitates sharing of knowledge and techniques.
Helps improve the security posture by making defenses stronger and attacks more realistic.
Goal: Maximize effectiveness by combining offensive and defensive skills
Penetration Testing Scenarios
Vulnerability identification in bespoke software:
Helps developers improve coding practices by giving feedback on vulnerabilities found in their custom software.
Scenario-driven testing for vulnerabilities:
Penetration testers simulate specific scenarios to see if they can uncover vulnerabilities.
Scenario-driven testing for detection and response:
Tests how well the organization’s security team can detect and respond to attacks during these scenarios.
cons of penetration testing
Penetration testing is not a full security evaluation; many issues may be missed.
The time available limits how much info can be gathered during the test.
Misunderstanding these limits can lead to a false sense of security for the organization
legal issues with penetration test
- The main thing that separates a penetration tester from an attacker
is permission
Penetration testers have to follow the
law/agreements else they can get in trouble
Stages of Penetration Testing
Planning, discovery, attack back to discovery and then report
Plan of action document
- The technical boundaries of the test
- The types of tests expected
- The timeframe and the amount of effort necessary
- Optionally, the scenarios or specific ‘use cases’ to test
- The penetration testing team’s requirements.
- Compliance or legislative requirements that the
testing must meet
Rules of Engagement (ROE)
- Detailed guidelines and constraints regarding
the execution of information security testing. - The ROE is established before the start of a
security test. - Gives the test team authority to conduct
defined activities without the need for
additional permissions. - Non-Disclosure Agreement (NDA)
- Get Out Of Jail Free Card
Reconnaissance
- Physical environment and access
- Network port and service identification
- Host name and IP address information
- Employee names and contact information
- Analysis of collected data to discover potential vulnerabilities
Vulnerabilities exploited during Pentesting
Misconfigured security settings, especially insecure defaults
Kernel code flaws affecting the system’s security model
Insufficient input validation, leading to attacks like buffer overflows or SQL injection
Race conditions during privileged process execution
Improperly configured descriptors or symbolic links
Social Engineering Attacks
- Phising/Smishing: A message/email pretending to be from someone
the victim knows. The message have a link that when clicked it
would infect the victim’s device. - Baiting: A USB stick labelled as confidential is dropped in the
parking lot If inserted, it installs malware. - Pretexting: A scammer contacts the victim pretending to be IT
support offering technical help citing a problem. - Tailgating: The attacker follows an employee into a building that
normally requires access through a badge.
Penetration Testing Report
- Lists any security issues uncovered
