Security+ 1.4 Explain penetration testing concepts
Escalation of privilege
A hole created when code is executed with higher privileges than those of the user running it.
Vulnerability scanning
Allows you to identify specific vulnerabilities in your network, and most penetration testers will start with this procedure so that they can identify likely targets to attack.
Active reconnaissance
Directly focuses on the system (port scans, traceroute information, network mapping, and so forth) to identify weaknesses that could be used to launch an attack.
Black box
Has absolutely no knowledge of the system and is functioning in the same manner as an outside attacker.
Gray box
Is a method for software debugging in which the tester has limited knowledge of the internal details of the program.
White box
Is a method of testing software that tests internal structures or workings of an application.
Initial exploitation
Is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software.
Penetration testing
Is a process in which security personnel attempt to penetrate a network to locate vulnerabilities.
Passive reconnaissance
Is an attempt to gain information about targeted computers and networks without actively engaging with the systems.
Persistence
The compromise is introduced at a different time than the attack, so it involves this.
Pivot
When it is possible to attack a system using another, compromised system.