Security+ 1.4 Explain penetration testing concepts

Escalation of privilege

A hole created when code is executed with higher privileges than those of the user running it.

Vulnerability scanning

Allows you to identify specific vulnerabilities in your network, and most penetration testers will start with this procedure so that they can identify likely targets to attack.

Active reconnaissance

Directly focuses on the system (port scans, traceroute information, network mapping, and so forth) to identify weaknesses that could be used to launch an attack.

Black box

Has absolutely no knowledge of the system and is functioning in the same manner as an outside attacker.

Gray box

Is a method for software debugging in which the tester has limited knowledge of the internal details of the program.

White box

Is a method of testing software that tests internal structures or workings of an application.

Initial exploitation

Is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software.

Penetration testing

Is a process in which security personnel attempt to penetrate a network to locate vulnerabilities.

Passive reconnaissance

Is an attempt to gain information about targeted computers and networks without actively engaging with the systems.

Persistence

The compromise is introduced at a different time than the attack, so it involves this.

Pivot

When it is possible to attack a system using another, compromised system.