Penetration Testing Concepts Flash Cards

Define Active Reconnaissance

System information collection for hacking purposes or system penetration testing. A hacker uses system information to gain unauthorized access to protected digital or electronic materials, and may go around routers or even firewalls to get it. Can be used by systems analysts and programmers to test the security of networks and systems and scan for potential vulnerabilities. -techopedia.com

Define Passive Reconnaissance

An attempt to gain information about targeted computers and networks without actively engaging with the systems. -techtarget.com

Define Pivot

A method used by penetration testers that uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines. -wikipedia.org

Define Initial Exploitation

The vulnerability allows attackers (and testers) to remotely access the system and install malware on it. With this knowledge, the testers can use known methods to exploit this vulnerability. This gives the testers full access to the system. -getcertifiedgetahead.com

Define Persistence

Firm or obstinate continuance in a course of action in spite of difficulty or opposition. -Dictionary

Define Escalation of Privilege

The act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. -wikipedia.org

Define Black Box

A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. Also known as black box testing. -NIST.gov

Define White Box

A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Also known as white box testing. -NIST.gov

Define Gray Box

A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Also known as gray box testing. -NIST.gov

Define Penetration Testing

A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of a system. -NIST.gov

Define Vulnerability Scanning

A technique used to identify hosts/host attributes and associated vulnerabilities. -NIST.gov