Shared Flashcard Set

Details

CompTIA Sec+ 1.4
Explain Penetration Testing Concepts
19
Computer Science
Professional
11/05/2018
Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Computer Science Flashcards

 

 

Cards

Term
Active Reconnaissance
 Definition
A type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities
Term
Passive Reconnaissance
 Definition
An attempt to gain information about targeted computers and networks without actively engaging with the systems. Using Open Source Intelligence, Wayback machine, Social Engineering to learn details about target company.
Term
Pivot
 Definition
A technique that allows lateral movement from a compromised host
-Gain foothold on target system
-Target sustem is leveraged to compromise other normally inaccessible systems.
Term
Initial Exploitation
 Definition
Rules of Engagement
Physical Security Tech Admin COntrols,
Monitoring: Law enforcement
Network Layout Number internal external devices, routers/switches, OS fingerprints, Wireless networks, Mobile Devices
-Map of Internet Presence
Term
Persistence
 Definition
Installing backdoors or methods to maintain access to a host or network
Term
Escalation of Privilege
 Definition
Primary goal when accessing a host
-Enables installation of persistence mechanisms
-Scan for additional exploits, vulnerabilities and misconfigurations
Term
Black Box
 Definition
Penetration Testing which is real world. No prior knowledge of network. Takes longer to do and is more expensive.
Term
White Box
 Definition
Tester has full knowledge of the target. Network config, hosts, source code, protocols, diagrams. This speeds up the penetration testing.
Term
Grey Box
 Definition
Combination of Black and White box. Some knowledge about the target but not detailed. It speeds up the testing process
Term
Penetration Testing vs Vulnerability Scanning
 Definition
Penetration Testing is an active attack to exploit vulnerabilities. It also assesses potential damages that can result and the likelihood the vulnerabilities can be exploited. Vulnerability scans just passively identify vulnerabilities.
Term
Methods of Priv Escalation
 Definition
Hack Local Account
Exploit Vulnerability
Dump SAM and Brute Force
Social Engineering
Term
Red Team
 Definition
Attacking team
Term
Blue Team
 Definition
Defending team.
Term
Nmap
 Definition
Vulnerability Scanner
Term
Wireshark
 Definition
Windows based packet sniffer
Term
Cheops
 Definition
Network mapping tool. Makes a graphical representation of the network.
Term
Performance Monitor
 Definition
Monitors windows performance
Term
Protocol Analyzer
 Definition
Captures network traffic
Term
Tcpdump
 Definition
Unix based packet sniffer
Supporting users have an ad free experience!