[CertMaster]

• Open Source Intelligence (OSINT) uses web search tools, social media, and sites that scan for vulnerabilities in Internet-connected devices and services. It is part of the reconnaissance phase. Involves little physical work to accomplish the task.
• Footprinting uses tools, such as Network Mapper (Nmap), which can scan hosts on a wired or wireless connection. Most of these types of scans require an active network connection with the target(s). means scanning for hosts, IP ranges, and routes between networks to map out the structure of the target network.
• War flying is war driving, but in the air with a drone or unmanned aerial vehicle (UAV). This maps the location and type of wireless networks operated by the target.
  • UAVs can drop infected Universal Serial Bus (USB) media with the expectation that someone on campus will use it. This is a social engineering technique different from war driving or flying.
• black box pen test, the consultant has no privileged info. about the network, its security systems, and its configuration. Black box tests are useful for simulating the behavior of an external threat.
• gray box pen test, the consultant has some information, which resembles the knowledge of junior or non-IT staff, to model types of insider threats. 
• During a white box pen test, the consultant has complete access to information about the network. Sometimes the consultant will conduct this type of test, as a follow-up to a black box test, to fully evaluate flaws discovered during the black box test.
  • ​​​​​​​Ideally, testers should perform pen tests in a sandbox environment that accurately simulates the production environment.
• The purple team members act as facilitators during a purple team exercise. This type of exercise involves collaboration between red and blue teams during breaks throughout the exercise.
• The white team is responsible for setting the rules of engagement and monitors the penetration testing exercise.
• The blue team is one of two competing teams in a penetration testing exercise. The blue team performs the defensive role by operating, monitoring and alerting controls.
• The red team is one of two competing teams in a penetration testing exercise. The red team performs the offensive role to try to infiltrate the targetS

STEP 1: Initial exploitation - an exploit gains access to the target's network, via phishing email and payload, or by obtaining credentials via social engineering. This phase comes before establishing persistence.

STEP 2: Persistence -followed by further reconnaissance (internal), occurs when the pen tester attempts to map out the internal network and discover the services running on it and accounts configured to access it.

STEP 3: Action on objectives is the very last step of a penetration test after establishing a pivot point and escalating privileges. This step is basically data exfiltration.

• pivot point 
• ​​​​​​​
•  

[CLC ]

PENETRATION TESTING CONCEPTS

• Active Vs. Passive Reconnaissance
• Pivot
• initial exploitation
• persistence
• escalation of priviledge
• black vs. gray vs. white box testing 

VULNERABILITY SCANNING CONCEPTS

• Pen testing vs. vulnerability scanning 
• Passively testing security controls 
• identifying vulnerability 
• identifying lack of security controls 
• identifying common misconfigurations 
• intrusive vs. nonintrusive 
• credentialed vs. noncredentialed 
• false positives