Penetration Testing Concepts Flash Cards
Define Active Reconnaissance
System information collection for hacking purposes or system penetration testing. A hacker uses system information to gain unauthorized access to protected digital or electronic materials, and may go around routers or even firewalls to get it. Can be used by systems analysts and programmers to test the security of networks and systems and scan for potential vulnerabilities. -techopedia.com
Define Passive Reconnaissance
An attempt to gain information about targeted computers and networks without actively engaging with the systems. -techtarget.com
Define Pivot
A method used by penetration testers that uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines. -wikipedia.org
Define Initial Exploitation
The vulnerability allows attackers (and testers) to remotely access the system and install malware on it. With this knowledge, the testers can use known methods to exploit this vulnerability. This gives the testers full access to the system. -getcertifiedgetahead.com
Define Persistence
Firm or obstinate continuance in a course of action in spite of difficulty or opposition. -Dictionary
Define Escalation of Privilege
The act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. -wikipedia.org
Define White Box
A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Also known as white box testing. -NIST.gov
Define Gray Box
A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Also known as gray box testing. -NIST.gov
Define Penetration Testing
A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of a system. -NIST.gov
Define Vulnerability Scanning
A technique used to identify hosts/host attributes and associated vulnerabilities. -NIST.gov