Introduction to Penetration Testing

These flashcards cover the key concepts and phases of penetration testing as outlined in the lecture notes.

What is penetration testing (pentesting)?

Pentesting involves simulating real attacks to assess the risk associated with potential security breaches.

What are the phases of penetration testing?

1. Pre-engagement phase 2. Information-gathering phase 3. Threat-modelling phase 4. Vulnerability analysis phase 5. Exploitation phase 6. Post-exploitation phase 7. Reporting phase.

What is the main goal of the information-gathering phase?

To analyze freely/publicly available sources of information to identify potential ways to connect to a client’s systems.

What is Open Source Intelligence (OSINT)?

OSINT involves gathering information from legal sources rather than covert means.

What is the purpose of the pre-engagement phase?

To ensure that everyone is on the same page about the penetration testing and to understand the client's goals.

What is vulnerability analysis in pentesting?

The phase where pentesters actively discover vulnerabilities and determine how successful exploit strategies might be.

What tools are commonly used in the exploitation phase?

Tools such as Metasploit are commonly used to attempt to access a client's systems.

What is the significance of the reporting phase in pentesting?

It is crucial for conveying findings to the customer in a meaningful way, including what needs improvement and how to fix issues.

What can be included in an executive summary of a pentesting report?

Background, overall posture, risk profile, general findings, recommendation summary, and strategic road map.

What is a SYN scan in Nmap?

A SYN scan is a TCP scan that does not complete the TCP handshake and detects open ports without connecting fully.