Penetration Testing
Passive Reconnaissance
one is not interacting directly with the target and as such, the target has no way of knowing, recording, or logging activity.
Known environment
(White box)- tester is given a map of target systems and networks. They go into the test with substantial/ full information of the target systems and networks.
Unknown environment
(black box)- tester knows nothing about target systems and networks, They go into the test completely blind and build out the database of everything they find as they go.
Blue Team
(defense)- the internal security team that defends against both real attackers and Red Teams.
Partially known environment
(grey box)- limited information is shared with the tester, sometimes in the form of login credentials. Simulate the level of knowledge that a hacker with long-term access to a system would achieve through research and system foot printing
White team
(judge/ referee)- responsible for overseeing an engagement/ competition between a Red Team of mock attackers and a Blue team of actual defenders.
Red Team
(offense)internal or external entities dedicated to testing the effectiveness of a security program by emulating the tools and techniques of likely attackers in the most realist way possible.
Purple team
(process improvement)- exist to ensure and maximize the effectiveness of the Red and Blue teams.
Passive Footprinting
Browsing target website, google search (google hacking), Performing WHOIS lookup, visiting social media profiles.
War driving
Deliberately searching for Wi-Fi signals while driving by in a vehicle
Active foortprinting
Ping sweep, Tracert analysis, Nmap, Extracting DNS information
Bug bounty
a monetary reward given to ethical hackers for successfully discovering and reporting a vulnerability or bug to the application's developer. Programs allow companies to leverage the hacker community to improve their system' security posture over time continuously.
Privilege escalation
a security hole created when code is executed with higher privileges than those of the user running it. Generally, a higher level account, but in some cases, it is a horizontal privilege escalation where a user gains access to another user's resources.
Pivoting
also known as island hopping, a compromised system is used to attack another system on the same network following the initial exploitation. If the compromise is introduced at a different time than the attack, then it is said to involve persistence.
Drones
can be leveraged in multiple ways for passive reconnaissance, from assessing physical security to gathering wireless network information
War flying
combines war driving with a drone and simply float above all of these organizations to gather wireless details. Enables accumulation of information like SSID or wireless network names, and encryption status of these networks.
Rules of engagement
define the purpose of the test and what the scope will be for the people who are performing this test on the network. They ensure everyone will be aware of what systems will be considered, date and time, and any constraints all should be aware of.
Lateral movement
gaining access to an initial system and then moving to other devices on the inside of the network.
Footprinting
includes active and passive methods- an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, infrastructure and networks to identify opportunities to penetrate them.
Active Reconnaissance
interacts directly with the target in some way and as such, the target may discover, record, or log these activities.
OSINT
much of this information in the open source can be categorized as open-source intelligence. The data that you can gather through these open sources is extensive.
Persistence
refers to the testers ability to achieve a persistent presence in the exploited system, long enough for a bad actor to gain in-depth access. Enabling the ability to reconnect to the compromised host and use it as a remote access tool.
Cleanup
the final stage of a penetration test, in which all work done during the testing process is cleaned up/ removed.
