Security+ Objectives 1.4

1.4 Explain penetration testing concepts

• Active reconnaissance — A penetration testing method used to collect information. It send data to systems and analyzes responses to gain information on the target.
• Passive reconnaissance — A penetration testing method used to collect information. It typically uses open-source intelligence.
• Pivot — After escalating privileges, the tester uses additional tools to gain additional information on the exploited computer or on the network.
• Initial exploitation — The first access provided to a machine when attacking.
• Persistence — The act of maintaining control over the target machine. An example of maintaining persistence would be creating a backdoor.
• Escalation of privilege — The act of gaining better privileges on the target machine after initial exploitation.
• Black Box — A type of penetration test in which tester have zero knowledge of the environment prior to starting the test.
• White Box — A type of penetration test in which tester have full knowledge of the environment prior to starting the test.
• Gray Box — A type of penetration test in which testers have some knowledge of the environment before starting the test.
• Penetration testing vs Vulnerability Scanning — Penetration testing is the act of testing targeted systems to determine if vulnerabilities can be exploited. Penetration test are intrusive. A vulnerability scan identifies vulnerabilities, misconfigurations and a lack of security controls. Vulnerability scans are passive tests of security controls.