Shared Flashcard Set

Details

CompTIA Sec+ 1.4
Explain Penetration Testing Concepts
19
Computer Science
Professional
11/05/2018

Additional Computer Science Flashcards

 


 

Cards

Term
Active Reconnaissance
Definition
A type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities
Term
Passive Reconnaissance
Definition
An attempt to gain information about targeted computers and networks without actively engaging with the systems. Using Open Source Intelligence, Wayback machine, Social Engineering to learn details about target company.
Term
Pivot
Definition
A technique that allows lateral movement from a compromised host
-Gain foothold on target system
-Target sustem is leveraged to compromise other normally inaccessible systems.
Term
Initial Exploitation
Definition
Rules of Engagement
Physical Security Tech Admin COntrols,
Monitoring: Law enforcement
Network Layout Number internal external devices, routers/switches, OS fingerprints, Wireless networks, Mobile Devices
-Map of Internet Presence
Term
Persistence
Definition
Installing backdoors or methods to maintain access to a host or network
Term
Escalation of Privilege
Definition
Primary goal when accessing a host
-Enables installation of persistence mechanisms
-Scan for additional exploits, vulnerabilities and misconfigurations
Term
Black Box
Definition
Penetration Testing which is real world. No prior knowledge of network. Takes longer to do and is more expensive.
Term
White Box
Definition
Tester has full knowledge of the target. Network config, hosts, source code, protocols, diagrams. This speeds up the penetration testing.
Term
Grey Box
Definition
Combination of Black and White box. Some knowledge about the target but not detailed. It speeds up the testing process
Term
Penetration Testing vs Vulnerability Scanning
Definition
Penetration Testing is an active attack to exploit vulnerabilities. It also assesses potential damages that can result and the likelihood the vulnerabilities can be exploited. Vulnerability scans just passively identify vulnerabilities.
Term
Methods of Priv Escalation
Definition
Hack Local Account
Exploit Vulnerability
Dump SAM and Brute Force
Social Engineering
Term
Red Team
Definition
Attacking team
Term
Blue Team
Definition
Defending team.
Term
Nmap
Definition
Vulnerability Scanner
Term
Wireshark
Definition
Windows based packet sniffer
Term
Cheops
Definition
Network mapping tool. Makes a graphical representation of the network.
Term
Performance Monitor
Definition
Monitors windows performance
Term
Protocol Analyzer
Definition
Captures network traffic
Term
Tcpdump
Definition
Unix based packet sniffer
Supporting users have an ad free experience!