Penetration Testing Methodologies Quiz

Questions and Answers

Which of the following methodologies is NOT typically considered a part of penetration testing?

• Vulnerability Assessment
• Software Development (correct)
• Social Engineering
• Exploitation Techniques

What is a key difference between passive and active information gathering in the context of penetration testing?

• Passive information gathering is illegal, while active information gathering is typically legal.
• Active information gathering requires direct interaction with the target system, while passive information gathering does not. (correct)
• Passive information gathering requires direct interaction with the target system, while active information gathering does not.
• Active information gathering is illegal, while passive information gathering is typically legal.

Which of the following is NOT a common vulnerability assessment technique?

• Dynamic Analysis
• Static Code Analysis
• Fuzzing
• Social Engineering (correct)

Which of the following tools are typically used for password cracking?

John the Ripper (B)

What is the primary goal of post-exploitation strategies in penetration testing?

Maintaining access to the target system and escalating privileges. (A)

Which of the following is NOT a legal and ethical consideration in penetration testing?

Using only commercially available hacking tools. (C)

What is the purpose of a penetration testing report?

All of the above. (D)

Which of the following is NOT typically considered a social engineering technique?

Brute-force attack (B)

What motivates some hackers to perform cyber crimes purely for profit?

Financial data theft (D)

Which type of hacker is known for breaking into systems and developing malicious tools?

Black Hats (D)

What often motivates hackers referred to as 'Vandals'?

Anger and frustration (D)

Which type of hacker operates in a 'no-man's land' and may work both as a security professional and as a hacker?

Grey Hats (D)

What is required for ethical hacking before any testing can begin?

Formal permission (B)

Which motivation for hacking involves deriving gratification from the suffering of others?

Sadistic pleasure (D)

What can be a consequence of practicing hacking outside permitted activity?

Legal repercussions (B)

What is a common characteristic of the ethical hacking community?

Identifying security flaws responsibly (A)

Which phase of the Penetration Testing Framework involves determining what the client wants from the test?

Pre-engagement (D)

What is a characteristic of a black-box penetration test?

The client gives no information about the systems. (A)

Which of the following types of penetration testing specifically focuses on vulnerabilities in physical security?

Physical pentest (C)

During which phase of penetration testing is gaining access to a target a primary focus?

Exploitation (B)

What is typically included in the 'scope' of a penetration test?

The target systems and their boundaries (A)

What does the post exploitation phase primarily focus on?

Covering tracks and retaining access (B)

Which type of penetration testing allows for a combination of client-provided details and limited test information?

Grey-box testing (A)

Which of the following is NOT a typical topic discussed during pre-engagement?

Vulnerability Exploitation Techniques (A)

What is the primary purpose of responsible disclosure in cybersecurity?

To allow a company time to address vulnerabilities before they are made public (D)

What is ethical hacking primarily aimed at achieving?

Legally locating and exploiting system weaknesses to improve security (D)

Which of the following statements about confidentiality agreements in cybersecurity is true?

They are often required before testing a system (C)

How long may a company be given to fix a security vulnerability according to responsible disclosure?

From a few days to a few months, depending on the issue (D)

Which of the following acts specifically targets unauthorized access and misuse of computer systems in the UK?

Computer Misuse Act 1990 (A)

What does 'proof of concept' mean in the context of penetration testing?

A practical demonstration of an attack method to validate a vulnerability (B)

Why is studying ethical hacking increasingly important in today's digital landscape?

It helps in developing better offensive security strategies (B)

An ethical hacker must keep what kind of information confidential?

The identities of targeted systems and discovered vulnerabilities (A)

What potential consequences can arise from neglecting pre-engagement activities in penetration testing?

Scope creep and legal troubles (D)

Why is it important to establish when the customer wants the penetration test conducted?

To minimize disruption to the customer's operations (D)

In a web penetration test, which of the following is an important detail to gather about the web applications being assessed?

The number of web applications, login systems, and pages being tested (B)

What information regarding wireless networks should a penetration testing team collect?

The encryption types used and coverage area (A)

Which of the following is NOT typically considered during a physical penetration test?

Types of encryption used in data transmission (C)

What action should be taken if a system is successfully penetrated during a penetration test?

Attempt to obtain the highest privileges on the machine (B)

Why might a client want to perform role-based testing on a web application?

To assess different user access levels and vulnerabilities (D)

Which factor is crucial when assessing physical security during a penetration test?

The operational capabilities of security guards (A)

What is the primary aim of the COMP40741 'Ethical Hacking and Penetration Testing' module?

To equip students with a comprehensive understanding of cybersecurity methods, including ethical hacking and penetration testing. (A)

Which of the following is NOT explicitly mentioned as a learning outcome for the module?

Developing a personal portfolio of successful hacking exploits. (B)

According to the provided information, where can students find the module specification?

Available in Learning Room on NOW. (B)

Who is responsible for delivering the module?

Dr. Nemitari Ajienka, the module leader, and Dr. Kwame Assa-Agyei, a member of the teaching team. (B)

What is the intended learning outcome associated with understanding ethical and legal considerations surrounding penetration testing?

To ensure ethical and responsible application of penetration testing techniques. (B)

Which of the following is a potential source of information about the module content?

All of the above. (D)

What is the purpose of the module specification?

To outline the specific objectives and assessments for the module. (D)

Which of the following is NOT a stated aim of the module?

Teach students how to build their own hacking tools and techniques. (C)

Flashcards

Ethical Hacking

The practice of intentionally probing systems to find vulnerabilities, with permission.

Penetration Testing

A simulated cyber attack to identify and exploit vulnerabilities in a system.

Module Aims

Goals set for the module focusing on knowledge and skills in ethical hacking.

Vulnerabilities

Weaknesses in a system that can be exploited by an attacker.

Risk Assessment

The process of identifying and evaluating potential risks in a system.

Ethical Considerations

The moral implications involved in conducting penetration tests.

Penetration Testing Techniques

Specific methods used to find and exploit vulnerabilities in a system.

Learning Outcomes

Expected knowledge and skills students should acquire by the end of the module.

Cybercriminal motivations

Reasons behind a hacker's actions, such as profit or fun.

Black Hats

Hackers who break into systems for malicious purposes.

White Hats

Ethical hackers who help improve security.

Grey Hats

Hackers who mix ethical hacking with illegal activities.

Hacking ethics

Guidelines for ethical hacking practices.

Permission and Privacy

Obtaining consent to conduct hacking activities.

Sadistic hackers

Hackers who enjoy causing pain and suffering.

Malicious software

Programs designed to harm or exploit systems.

Confidential Information

Sensitive data that must be kept private, such as personal details and passwords.

Non-disclosure Agreement (NDA)

A legal contract preventing the disclosure of confidential information.

Responsible Disclosure

Notifying an organization about a security vulnerability before public disclosure.

Exploitation Period

Time allowed for a company to fix a vulnerability before it is publicly known.

Computer Misuse Act 1990

UK legislation addressing unauthorized access and misuse of computer systems.

Proof of Concept

Demonstration that a vulnerability can be exploited to confirm its existence.

Penetration Testing Framework

A structured process to conduct penetration tests, including phases like planning, execution, and reporting.

Pre-engagement

Initial discussions with clients to clarify test objectives and requirements before the penetration test.

Types of Penetration Tests

Three categories: black-box (no info), white-box (full info), grey-box (partial info).

Execution Phase

The phase in penetration testing where actual testing occurs, including information gathering and exploitation.

Vulnerability Assessment

The process of identifying, quantifying, and prioritizing vulnerabilities in a system.

Reporting

The final stage of penetration testing where findings are documented and shared with stakeholders.

Scope Definition

Determining the boundaries and specifics of what will be tested in a penetration test.

Types of Penetration Testing

Categories include Network, Database, Web, Wireless, Social Engineering, and Physical tests.

Scope Creep

Uncontrolled changes or continuous growth in a project's scope.

Pre-engagement Activities

Preparatory steps taken before conducting a penetration test.

Active Testing Phases

Parts of penetration testing that involve scanning, enumeration, and exploitation.

Role-based Testing

Testing that focuses on specific user roles within an application.

Credentialed Scans

Penetration tests performed with valid user credentials to simulate insider threats.

Wireless Network Assessment

Evaluation of the security of wireless networks in a given environment.

Rogue Devices Enumeration

Identifying unauthorized devices connected to a network.

Physical Penetration Test

Assessment of physical locations to identify vulnerabilities in security.

Information Gathering

Collecting data about a target to prepare for an attack.

Exploitation Techniques

Methods used to exploit vulnerabilities in a system.

Legal and Ethical Considerations

Understanding laws and ethics relating to penetration testing.

Social Engineering

Manipulating people into divulging confidential information.

Study Notes

Module Overview

• Module name: COMP40741: Ethical Hacking and Penetration Testing
• Lecture 1: Module Overview and Introduction to Penetration Testing
• Date: 06/02/2025

Module Outline

• Module overview
• Teaching staff
• Module specification
• Learning outcomes
• Assessment(s)
• Introduction to Ethical Hacking and Penetration Testing

Teaching Staff

• Module Leader: Dr. Nemitari Ajienka
• Title: Senior Lecturer, Certified Security Testing Associate (7Safe, GCHQ Accredited)
• Email: [email protected]
• Office: Mary Ann Evans Building (MAE) 329 (moving to MAE 307)
• Phone: +44 (0) 115 848 8306
• Module Team: Dr. Kwame Assa-Agyei
• Title: Lecturer
• Email: [email protected]

Module Specification

• Available in Learning Room on NOW
• Contains information on module overview and aims, module content, delivery methods and schedule, indicative reading, learning outcomes, and assessment

Module Aims

• Equip students with knowledge, skills and ethical considerations to identify and address vulnerabilities in computer systems
• Develop a comprehensive understanding of essential cybersecurity methods of ethical hacking and penetration testing
• Introduce students to principles, methodologies, and tools of ethical hacking and penetration testing
• Develop practical skills in identifying and exploiting vulnerabilities in computer systems
• Assess ethical and legal considerations surrounding penetration testing
• Understand the importance of risk assessment and mitigation in cybersecurity

Learning Outcomes

• Knowledge and understanding:
  • Demonstrate an understanding of penetration testing methodologies
  • Demonstrate an understanding of ethical hacking principles and methodologies
  • Evaluate the legal and ethical implications of penetration testing
  • Identify, analyse and assess vulnerabilities and threats in computer systems
• Skills, qualities and attributes:
  • Apply penetration testing techniques to identify and exploit vulnerabilities
  • Develop effective strategies for securing computer systems and networks
  • Communicate security findings and recommendations through comprehensive reports
  • Demonstrate critical thinking in risk assessment and mitigation

Assessment

• Online in-class test (Individual, 30%, K1-K3)
• Time-constrained online in-class test to demonstrate understanding of theoretical aspects of penetration testing, ethical hacking and legal and ethical considerations
• Report (Individual, 70%, K1, K4, S1-S4) : Written report based on a hands-on penetration testing project demonstrating ability to identify and exploit vulnerabilities, identify and mitigate risks, provide actionable recommendations, and communicate findings

Provisional Module Content

• Week 1-3: Introduction to Ethical Hacking and Pentesting, Overview of penetration testing methodologies, Information Gathering and Footprinting
• Week 4-5: Vulnerability Assessment, Identifying and assessing software and hardware vulnerabilities, Exploiting vulnerabilities.
• Week 6-8: Exploitation Techniques and tools, Developing and executing exploits, Post-exploitation strategies and privilege escalation
• Week 9: Legal and Ethical considerations in penetration testing, Reporting and documentation standards, Risk Assessment and Mitigation
• Week 10: Social engineering techniques/tactics and Support Sessions

Resources or Reference Texts

• Graham, D. G. (2021). Ethical hacking: a hands-on introduction to break in
• Oriyano, S-P. (2017). Penetration testing essentials.
• Khawaja, G. (2021). Kali Linux penetration testing bible
• Sabih, Z. (2018). Learn ethical hacking from scratch: your stepping stone to penetration testing
• Baloch, R. (2015). Ethical Hacking and Penetration Testing Guide
• Relevant research publications from international conferences and journals

Web-based Resources and Tools

• http://www.cyberedge.uk – Requires Registration
• https://cybermillion.immersivelabs.online/register – Requires Registration
• https://www.digitalcyberacademy.com - Requires Registration
• VMWare / Virtual box - https://www.virtualbox.org
• Kali Linux - https://www.kali.org
• Metasploitable - https://www.vulnhub.com/entry/metasploitable-2,29/
• Seedubuntu - https://seedsecuritylabs.org/Labs_20.04/
• Ubuntu - https://ubuntu.com/tutorials/how-to-run-ubuntu-desktop-on-a-virtual-machine-using-virtualbox#1-overview

Best Security Strategy

• Defensive: Controls, Auditing, Policies, Standards, Guidelines, Designing and implementing secure network architecture
• Offensive: Pen testing, Ethical Hacking, Security Assessment, Risk Assessments, Stress Testing

Unfair Security Challenge

• Internet allows attackers to attack from anywhere in the world, just need to find one vulnerability
• Security analysts need to close every vulnerability

Who is the Enemy? A Hacker?

• 1960s and 1970s: Hacker was a positive term for an expert in programming/operating systems
• 1970s onward: Hacker is a negative term for someone using computers without authorization or to commit crimes.

Other names for the enemy

• Crackers: hackers who commit unlawful acts/mischief
• Script Kiddies: use pre-written scripts to commit mischief without understanding
• Blackhat Hackers: unethical intentions

What is their motivation?

• Profit (ransomware, scareware, data theft)
• Fun/Challenge
• Espionage, fraud for competitive advantage
• Vandalism
• Political/Ideological (Hacktivists)
• Power assurance (restore confidence)
• Anger
• Sadistic (derive gratification from pain)

Goodies or Baddies?

• Black Hats: break into systems, share vulnerabilities
• Grey Hats: work as security professionals during the day, "hack" by night.
• White Hats: part of the security community, find flaws and share with vendors

Ethics Discussion

• Educational course for ethical purposes only.
• Lab exercises only on provided testbed systems.

Permission and Privacy

• Ethical hackers must get permission and understand what's allowed
• Permission doesn't mean a free license
• Sensitive information (encryption keys, passwords) must be kept confidential

Responsible Disclosure

• Process of notifying a company about a security vulnerability
• Allows a period for patching before publicly disclosing details
• Minimizes risk of exploitation

Legislations

• Computer Misuse Act 1990 (UK)
• Computer Fraud And Abuse Act 1986 (USA)
• Criminal Code Act Division 477-478 (AUS)

What is Ethical Hacking/Penetration Testing?

• Legal and authorized attempt to locate and successfully exploit vulnerabilities in computer systems to make them more secure
• Probing for vulnerabilities
• "Proof of concept" attacks
• Specific recommendations for addressing and fixing issues
• Finds weaknesses by using tools/techniques used by attackers

Importance of Studying Ethical Hacking/ Penetration Testing?

• EC-Council Cyber Career Paths
• Vulnerability Assessment and Penetration Testing (VAPT) Career Path

Penetration Testing Framework

• Pre-engagement interactions (scope, documentation, engagement rules, third-party environments, past threats)
• Information Gathering (Active/Passive Reconnaissance, OSINT)
• Vulnerability Analysis
• Exploitation (Weakness Exploitation)
• Post-exploitation (Gaining access, privilege escalation, exploits)
• Reporting

Types of Penetration Testing

• Network/Infrastructure
• Database
• Web
• Wireless
• Social Engineering
• Physical

Types of Penetration Tests

• Black-box: client provides no information
• White-box: client provides full details
• Grey-box: client provides partial details

Pre-engagement

• Conversation with client to understand needs
• Different penetration test levels (simple IP addresses, single application, full attack simulation)
• Written and signed permission document required

Topics for Pre-engagement

• Scope
• Documentation
• Rules of Engagement
• Third-Party-Hosted/Cloud Environments
• Success Criteria
• Review of Prior Threats and Vulnerabilities
• Avoiding scan interference

Defining Scope

• Crucial component often overlooked
• Prevents scope creep, customer dissatisfaction, and legal issues
• Defines what is to be tested

Questions – Network Penetration Test

• Purpose of the test? Compliance?
• When should the test happen?
• How many IP addresses are involved?
• Impacting devices (firewall, IDS/IPS, WAF, load balancer)?
• Post-penetration procedures (privilege escalation, tools)

Questions – Web Penetration Test

• Number of web applications/login/static/dynamic pages?
• Source code availability?
• Documentation needed?
• Role-based testing required?
• Credentialed scans needed?

Questions – Wireless Penetration Test

• Number of wireless networks?
• Guest network/authentication?
• Encryption type?
• Coverage area?
• Rogue device enumeration?
• Client attacks?
• Approximate number of clients?

Questions – Physical Penetration Test

• Locations assessed?
• Shared facilities? Scope of floor/area?
• Security guards (bypass, 3rd party, armed, use of force)?
• Entrances? Access to vulnerabilities (locks, keys)?
• Purpose (compliance, audit)?
• Square footage?
• Physical security measures?
• Cameras being used/client-owned?
• Camera data access?
• Alarm systems (present)?

Questions – Social Engineering Testing

• Email addresses for social engineering attacks?
• Phone numbers for social engineering attacks?
• Physical access approval?
• Number of people targeted?

Scope Creep

• Effectively puts penetration testing firms out of business
• Specify start and end dates, IP ranges, domains, validate ranges
• Dealing with third parties
• Permission not always a guarantee on third-party providers
• Testing cloud services can cause problems due to data from multiple organizations stored on a single medium. Lax security between data domains.

ISP

• Verify ISP terms of service, specific provisions for testing.
• Notify Managed Security Service Providers (MSSPs) of testing, specifically systems/services.
• Determining MSSP response time not helpful to testing metrics.
• Important to know the countries hosting servers

This Week's Lab

• Introductory material (Command Line, etc.)
• Creating ImmersiveLabs account
• Exploring penetration testing framework (locally or VMs).
• Complete Command line tutorials/examples
• Complete Google Dorks lab
• Download VM files/setup virtual environment

Reading List

• Penetration Testing Cheat Sheet (https://github.com/ivan-sincek/penetration-testing-cheat-sheet)

Next Week

• Information Gathering and Footprinting: Reconnaissance techniques, Passive and Active information gathering, Open-source intelligence (OSINT) gathering

Questions?