2.1 Penetration Testing Process and Types

Blue team

A defensive security team that attempts to close vulnerabilities and stop the red team.

Purple team

A mixture of both red and blue teams.

Red team

An offensive security team that attempts to discover vulnerabilities in a network or computer system

Penetration Testing Life Cycle

Another methodology is the penetration testing life cycle. The penetration testing life cycle is almost identical to the ethical hacking process. The steps are: Performing reconnaissance Scanning and enumeration Establishing access Maintaining access Reporting The only difference is the focus on the documentation of the penetration test. A detailed report of the tests performed and everything that was discovered is important.

Open Source Security TestingMethodology Manual (OSSTMM)

Attempts to create one accepted method for a thorough security test.

You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?

Black box

Open Web ApplicationSecurity Project (OWASP)

Describes techniques for testing the most common web applications and web service security issues.

Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?

Ethical hacking

Which of the following is the third step in the ethical hacking methodology?

Gain access

Performing reconnaissance

In this phase, the hacker begins gathering information about the target. This can include gathering publicly available information, using social engineering techniques, or even dumpster diving.

Establishing access

In this phase, the hacker uses all the information gathered through reconnaissance and scanning to exploit any vulnerabilities found and gain access.

National Institute of Standardsand Technology Special Publication800-115 (NIST SP 800-115)

Is a guide to the basic technical aspects of conducting information security assessments.

Penetration Testing Frameworks

Multiple penetration testing frameworks have been developed and are be used in appropriate situations.

Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize?

OWASP

Red Team vs. Blue Team

Offensive security specialists are known as the red team, or ethical hackers. The defensive security specialists are known as the blue team.

Maintaining access

Once the hacker has gained access, he can use backdoors, rootkits, or Trojans to establish permanent access to the system.

Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team?

Performs offensive security tasks to test the network's security.

Ethical hacking

Perpetrating exploits against a system with the intent to find vulnerabilities so that security weaknesses can be addressed and the system can be made more secure.

The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies?

Reporting

Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing?

Scanning and enumeration

Scanning and enumeration

Scanning is a natural extension of reconnaissance. The hacker uses various tools to gather in-depth information about the network, computer systems, live systems, open ports, and other features. Extracting information such as usernames, computer names, network resources, shares, and services is known as enumeration. Enumeration is a part of the scanning step.

Black box

The ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores the insider threats.

Which of the following best describes a gray box penetration test?

The ethical hacker has partial information about the target or network.

White box

The ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.

Gray box

The ethical hacker is given partial information of the target or network, such as IP configurations or emails lists. This test simulates an insider threat.

Clearing tracks

The final step in the hacking process is clearing tracks. The hacker overwrites log files to hide the fact they were ever there.

Penetration testing

The practice of finding vulnerabilities and risks with the purpose of securing the computer or network system.