Penetration Testing Overview

Questions and Answers

What is the primary purpose of reconnaissance in penetration testing?

To evaluate the effectiveness of security measures

To gain unauthorized access to network devices

To define the scope and gather information about the target (correct)

To conceal evidence of an attack

Which phase of penetration testing checks if access can be maintained on the target device?

Gaining Access

Covering Tracks

Scanning

Maintaining Access (correct)

What is a key benefit of using VAPT tools?

They can eliminate the need for a vulnerability assessment

They operate independently of organizational policy compliance

They combine vulnerability assessment and penetration testing functionalities (correct)

They only assess physical security threats

How does red team operations differ from standard vulnerability assessments?

It simulates real-life adversarial techniques to test defenses comprehensively

Which of the following tools is specifically known for network mapping?

Nmap

What does a vulnerability assessment primarily focus on?

Identifying and classifying security risks

What is the final stage of the penetration testing process?

Covering Tracks & Analysis

The results of which tool help organizations comply with standards like PCI-DSS and GDPR?

VAPT Tools

What is the primary function of Wireshark?

To capture and analyze network traffic

Which tool is specifically designed to help exploit vulnerabilities found in browsers?

BeEF

What type of reconnaissance involves directly interacting with a computer system?

Active reconnaissance

Which of the following tools is designed to evaluate wireless network security?

Aircrack-ng

SQLMap is primarily focused on which type of security issue?

SQL injection

What is a key characteristic of passive reconnaissance?

It gathers information without direct interaction

Which of the following is a purpose of the Burp Suite Pro?

Web application security testing

What does Google dorking facilitate in terms of information retrieval?

Locating difficult-to-find information using advanced search techniques

What is the purpose of the 'filetype:' search operator?

To restrict search results to a specific file type or extension.

What does the 'inurl:' operator do in search queries?

Retrieves web pages with a specific character string in the URL.

How would you search for exact matches of the phrase 'data breach' using quotes?

"data breach"

Which command would you use to perform a basic Nmap scan against an IP address?

nmap 192.168.1.1

What does the 'imagesize:' operator restrict in image searches?

The resolution or dimensions of the images.

When using 'weather:' in a search, what information can you obtain?

The current weather of a specified location.

What is the function of the 'link:' operator in a search query?

To discover sites that link to a particular webpage.

Which of the following commands would scan a range of IP addresses from 8.8.8.1 to 8.8.8.14?

nmap 8.8.8.1-14

What is the primary objective of the reconnaissance phase in the cyber kill chain?

To gather intelligence about the target's weaknesses

During which phase do attackers create or modify malware to exploit a target's vulnerabilities?

Weaponization

What is the primary purpose of the command and control phase in a cyber attack?

To enable remote tracking and guidance of cyberweapons

Which tactic is primarily used during the delivery phase of the cyber kill chain?

Using social engineering tools like phishing emails

What occurs during the exploitation phase of the cyber kill chain?

Attackers further infiltrate the network and identify additional vulnerabilities

Which of the following best describes obfuscation in cybersecurity?

Making it appear that no threat is present

What is a common end goal of a strategic cyberattack?

Data exfiltration

Which of the following is NOT a tactic used during the installation phase?

Using automated scanners for reconnaissance

What is the main goal of the installation phase in the cyber kill chain?

To escalate privileges and gain control over systems

Which type of testing does penetration testing fall under?

Vulnerability Assessment and Penetration Testing (VAPT)

What does denial of service (DoS) typically involve?

Distracting security teams from the main attack objective

Which technique is commonly employed during the weaponization phase?

Modifying existing programs to exploit vulnerabilities

At what stage do attackers typically begin to look for unprotected security credentials?

Installation

Which type of penetration testing focuses solely on internal network vulnerabilities?

Internal infrastructure testing

What is a characteristic of white box penetration testing?

The tester has complete knowledge of the system being tested

Which method is NOT typically included in penetration testing?

Employee performance evaluation

What command is used to scan all ports from 1 to 65535 on the localhost?

nmap -p 1-65535 localhost

Which nmap command will save scan results in XML format?

nmap -oX output.xml securitytrails.com

Which command allows the detection of service versions on a host?

nmap -sV localhost

What option should be added to an nmap scan for detecting malware infections?

--script=http-malware-host

If you want to scan using UDP protocol, which command would you use?

nmap -sU localhost

Study Notes

The Cyber Kill Chain

• The Cyber Kill Chain is a framework describing the stages of a cyberattack.
• It involves seven stages, each building upon the previous one.

1. Reconnaissance

• This is the initial research phase.
• Attackers identify target vulnerabilities and potential entry points.
• Methods range from simple public data gathering to advanced automated scanning.
• Success depends on the amount of intelligence gathered.

2. Weaponization

• Attackers strategize to exploit target weaknesses.
• Malware or malicious payloads are designed.
• Techniques include creating new malware or modifying existing programs.

3. Delivery

• Cybercriminals infiltrate the target network.
• Malware is deployed using phishing emails or other social engineering methods.

4. Exploitation

• Following successful delivery, attackers exploit network vulnerabilities.
• Lateral movement is common, spreading across the network.

5. Installation

• Also known as the privilege escalation phase.
• Attackers install malware and deploy other cyberweapons.
• This allows them increased control over systems.

6. Command and Control

• Attackers establish a command and control (C2) channel.
• They remotely control deployed cyberweapons and tools.
• Two common methods used are obfuscation (hiding threat) and denial-of-service (disrupting operations) attacks.

7. Action

• Cybercriminals execute the attack's objective.
• Common end goals include supply chain attacks, data exfiltration, data encryption, and data compression.

Description

This quiz covers essential topics related to penetration testing, including reconnaissance, vulnerability assessments, and the tools used in these processes. Test your knowledge on the stages of penetration testing and the differences between red team operations and standard assessments.