IB Computer Science P3 Vocab

Vocabulary for IB Computer Science Paper 3 M26 & N26

What is PTES/PenTES?

Penetration Testing Execution Standard

What is PenTES for?

A framework for conducting penetration testing; a structured approach to testing and reporting results

How many phases in PenTES?

7 phases

Phase 1 is…?

Pre-engagement interactions

What happens in phase 1?

Preperation, getting document approvals, putting together needed tools

Why is phase 1 important?

Needed so that testing aligns with security needs and operational requirements of system

Aspects of Phase 1

1.1 Goal setting and identifying targets

1.2 Defining scope and rules of engagement

1.3 Testing approaches

1.1 Goal setting and identifying targets

Objectives established after finding key concerns; specific targets and high risk areas identified

1.1 Examples of key concerns

Patient data integrity

Uninterrupted service delivery

Compliance with health sector regulations

1.1 Examples of high risk areas

Patient record databases

IoT enabled medical devices

1.2 Defining scope and rules of engagement

Confirms which parts of the system are being tested to avoid disruption; rules of engagement agreed upon by team and client to understand methods and extent of PenTES

1.3 Testing approaches

Black box testing

White box testing

Grey box testing

Black box testing

Attack simulated from perspective of an uninformed external hacker, looks at surface level issues

White box testing

Analysis with full in-depth information of client’s system, requires access to network diagrams, system configurations, and known issues

Grey box testing

Mixture of black and white testing, uses partial knowledge of systems. Simulates inside threat or external attack with partial insider info

Phase 2 is…?

Intelligence gathering

What happens in phase 2?

Team collects data from outside sources like social media or official records to be then analysed. Categorised as OSINT.

What is OSINT?

Open-Source Intelligence (Phase 2)

Aspects of Phase 2

2.1 OSINT Techniques

2.2 Other Techniques

2.1 OSINT Techniques

Utilisation of tools and sources like search engines, social media, forums, internet-facing resources

2.1 Examples of info gathered with OSINT Techniques

Employee details - Found through employee social media, specifically IT/Admin staff

Technology usage - Insight into client software and hardware, through forums

Security policies - Looks at publicly available security policy amd procedures

2.2 Other Techniques

Targeted information

Network Scanning + Mapping

Social Engineering reconnaissance

2.2 Targeted Information

Uses advanced search techniques (search engine dorking) to find exposed sensitive files or login portals

Search engine dorking

Technique using complex search queries to find information not easily accessible with normal searches

2.2 Network Scanning + Mapping

Using advanced network mapping to learn network topologies (servers, firewalls, other devices). IP addresses of all devices on network catalogued to understand scope of network.

2.2 Examples of key network scanning and mapping activities

Port scanning - technique to identify open ports and services on target network device

OS detection - Remote scanning of target host that sends back details of the OS if there is a match

Network topology mapping - Graphing a network’s topology with all its nodes and links

2.2 Social engineering reconnaissance

Uses vishing (voice phishing) or pretexting (uses a pretext to get sensitive info) to get information from employees

Phase 3 is…?

Threat modelling

What happens in phase 3?

Potential threats and/or vulnerabilities are identified, strategies to stop them are developed; a detailed threat analysis is conducted

Aspects of Phase 3

3.1 Identifying potential adversaries

3.2 Assessing hacker capabilities and intentions

3.3 Methods of exploitation

3.4 Valuable asset evaluation

3.5 Prioritization of security efforts

3.1 Identifying potential adversaries

Determines who might target the network; e.g. cybercriminals seeking patient data or insiders with network access

3.2 Assessing hacker capabilities and intentions

Analyse what potential hackers are capable of and how they might use accessed data.

3.3 Methods of exploitation

Document how hackers might exploit system weaknesses; e.g. malware deployment, social engineering attacks, network attacks

3.4 Valuable asset exploitation

Determine which assets are most critical and look at potential impact of compromise; e.g. EHRs

3.5 Prioritization of security efforts

Use prior analysis to guide the focus of PenTES; most valuable and vulnerable areas get the most attention.

Phase 4 is…?

Vulnerability analysis

What happens in phase 4?

Vulnerabilities that could be used by a hacker are identified and confirmed through manual and automated tools; guides next steps of PenTES

Aspects of Phase 4

4.1 Scanning

4.2 Manual examination

4.3 Assessment of weaknesses

4.4 Prioritisation

4.1 Scanning

Team uses automated tools to quickly find known vulnerabilities; e.g. unpatched software or insecure configurations

4.2 Manual examination

Combines automation with manual checks to detect subtler flaws and vulnerabilities that need expert analysis

4.3 Assessment of weaknesses

Evaluates vulnerabilities found to see potential impact of hacker exploitation

4.4 Prioritisation

Determines which flaws are most important based on factors like ease of exploitation and potential damages

Phase 5 is…?

Exploitation

What happens in phase 5?

Attempts are made to breach the system with vulnerabilities from phase 4.

Aspects of Phase 5

5.1 Targeted Breaching Attempts

5.2 Exploit development

5.3 Employing various techniques

5.4 Assessing impact

5.1 Targeted Breaching Attempts

Team uses specific techniques to exploit known vulnerabilitie, test defenses

5.2 Exploit development

Team crafts custom scripts/tools tailored to specific known vulnerabilities

5.3 Employing various techniques

Team will use some or all of the listed techniques depending on known vulnerabilities; SQL injection, cross-site scripting (X-SS), buffer overflow attacks, password cracking tools.

5.4 Assessing the impact

Now, team tries to understand the potential damages or access that can be caused by successful exploitation

Phase 6 is…?

Post-exploitation

What happens in phase 6?

If access is gained from phase 5, the focus is now on keeping control of the system and getting data from it; let's team to comprehend full scope and scale of a breach

Aspects of Phase 6

6.1 Data Access and analysis

6.2 Privilege escalation

6.3 Establishing persistence

6.4 Operational impact assessment

6.5 System forensics and malware analysis

6.1 Data access and analysis

Investigated the types of sensitive data available after a breach; e.g. patient records, admin data, confidential information

6.2 Privilege escalation

Examines how escalating user privileges can increase access within the network

6.3 Establishing persistence

Evaluated ways a hacker could maintain access to the network long term; evaluates possible severity of breach

6.4 Operational impact assessment

Assess potential impact of breach on hospital services and patient safety

6.5 System forensics and malware analysis

Analyse any traces left by exploitation process by looking at system logs or looking at changes made to system configurations (system forensics): also through detecting malware implants

Phase 7 is…?

Reporting

What happens in phase 7?

Everything prior is documented and presented to the client in a report.

Aspects of Phase 7

7.1 Vulnerability and exploitation details

7.2 Actionable recommendations

7.3 Security posture assessment

7.1 Vulnerability and exploitation details

Part of the report that gives an overview of vulnerabilities found, methods used to exploit them, and possible impact

7.2 Actionable recommendations

Provides suggestions prioritised for mitigating security risks and strengthening network defenses

7.3 Security posture assessment

Holistic analysis of overall strengths and weaknesses, offering future focus and areas for improvement

Outcome of Phase 7

Allows team to develop response plan (includes incident detection, response strategies, recovery processes); guides clients efforts in improving cybersecurity and responses to hackers

Ethical considerations

When doing any PenTES, ethics are vital especially in healthcare. This includes:

• proper authorisation

• data confidentiality and integrity

• non-disruption of services

• reporting and responsiveness

Malware

Software designed to disrupt, damage, or provide unauthorised access to a system.

Uninterrupted service delivery

No downtime, no interruptions, minimal lag when accessing patient information

Hacker

Person who breaks into computer systems

Security posture assessment

(Outcome of Phase 2) In-depth analysis of a system’s internal and external defenses to evaluate overall effectiveness of security measures.

SQL Injection

A code injection technique used to attack data-driven applications; can cause damages and even destroy a database (Phase 5)

Cross-site scripting (X-SS)

Injecting malicious scripts in applications or websites trusted by a target user (Phase 5)

Buffer overflow attacks

Exploitation of a coding error (buffer overflow), using malinformed inputs to overwrite memory of an application (Phase 5)

Password cracking tools

Tools/code that are used to guess passwords (Phase 5)

Other sensitive information present in hospitals (Beyond EHRs)

• Patient profiles —> can contain info connected to other agencies based on their conditions and personal life (i.e. social worker intervention) that can implicate other agencies in a data breach