site_logo

Previous


  1. Security+ Practice Tests
  2. Security+ Cram Notes
  3. Network+ Practice Tests

Systems and Security : Attacks, Threats, and Vulnerabilities

1.6 Penetration testing

Penetration testing, also known as "pen testing," is a simulated cyber attack on a computer system, network, or web application to evaluate the security of the system. The purpose of pen testing is to identify vulnerabilities, assess the effectiveness of security measures, and provide recommendations for improving security. Pen testing can be performed by an internal IT team or by an external security consultant and may involve manual and automated testing techniques, including social engineering, network scanning, and application-layer attacks. The goal is to find and exploit weaknesses in the system and determine the impact that a successful attack would have on the organization.

Pen testing Variables

Penetration testing, often referred to as pen testing, is a method of evaluating the security of a computer system, network, or web application by simulating a cyber attack. The goal of pen testing is to identify security weaknesses and vulnerabilities that can be exploited by attackers to compromise the target system.

Pen testing can be performed in different environments:

1. Known environment: The tester is given complete information about the target system and is aware of all of its configurations and components.

2. Unknown environment: The tester has little to no information about the target system and must perform reconnaissance and information gathering activities to identify and understand its components.

3. Partially known environment: The tester is given some information about the target system but must still perform reconnaissance activities to gather more information.

4. Rules of engagement are a set of guidelines that define the scope, objectives, and limitations of the pen testing engagement. They typically specify the systems and applications that are in scope for the test, the types of testing activities that are permitted, and any restrictions or limitations that must be followed.

5. Lateral movement refers to the process of moving from one compromised system to another within a target network to gain access to additional resources.

6. Privilege escalation refers to the process of gaining higher-level privileges on a target system. This can be achieved by exploiting vulnerabilities or misconfigurations in the target system or by using valid credentials obtained through other means.

7. Persistence refers to the ability of an attacker to maintain access to a target system even after a reboot or other actions that would normally disrupt the attacker's access.

8. Cleanup refers to the process of removing any evidence of the pen testing activities from the target system and restoring it to its pre-test state.

9. Bug bounty programs are incentives offered by organizations to reward individuals for reporting security vulnerabilities in their systems and applications.

10. Pivoting refers to the process of using a compromised system as a jumping-off point to reach other systems on the target network. This allows an attacker to move laterally through the target network and gain access to additional resources.

Passive and active reconnaissance

Drones
War flying
War driving
Footprinting
OSINT

Passive and active reconnaissance are two types of information gathering techniques used in security assessments, including penetration testing.

Passive reconnaissance refers to gathering information about a target system or network without interacting directly with it. This can include techniques like open-source intelligence (OSINT) gathering, reviewing public information about the target, and analyzing network or system metadata.

Active reconnaissance, on the other hand, involves actively interacting with the target system or network to gather information. This can include techniques like war flying (flying a drone over the target), war driving (driving around with a wireless-enabled device to gather information about wireless networks), footprinting (gathering information about a target network or system using tools like port scans, whois, and nslookup), and other similar techniques. The goal of active reconnaissance is to gather as much information as possible about the target system or network, including identifying open ports and services, operating systems, and other relevant details.

Exercise types - Red-team - Blue-team - White-team - Purple-team

Exercise types refer to the various simulations that can be conducted to test an organization's security posture.

1. Red-team: This is a simulation of an adversarial attack, where a team of security experts act as attackers and attempt to penetrate the organization's systems, networks, and processes to identify vulnerabilities.

2. Blue-team: This is a simulation of the organization's defense mechanism, where a team of security experts act as defenders and monitor and respond to potential threats.

3. White-team: This is a simulation that is independent and objective, where a team of security experts evaluate the organization's security posture and provide recommendations for improvement.

4. Purple-team: This is a combined simulation of red and blue teams, where both teams work together to test the organization's security posture, identify vulnerabilities, and improve the organization's defense mechanisms.

Previous




simulationexams.com ad

certexams.com ad