CompTIA Pentest+Study Guide 2021/2022

CompTIA Pentest+ Methodology - __ is a system of methods used in a particular area of study or activity. Pentest Methodology - __: 1. Planning & Scoping 2. Info Gathering & Vulnerability ID 3. Attacks & Exploits 4. Reporting & Communication NIST SP 800-115 Methodology - __: 1. Planning 2. Discovery 3. Attack 4. Reporting Planning a Penetration Test - __, Questions to ask: ▪ Why Is Planning Important? ▪ Who is the Target Audience? ▪ Budgeting ▪ Resources and Requirements ▪ Communication Paths ▪ What is the End State? ▪ Technical Constraints ▪ Disclaimers Planning a Penetration Test - Budgeting - __: ▪ Controls many factors in a test ▪ If you have a large budget, you can perform a more in-depth test __● Increased timeline for testing __● Increased scope __● Increased resources (people, tech, etc.) Planning a Penetration Test - Resources and Requirements - __: ▪ What resources will the assessment require? ▪ What requirements will be met in the testing? __● Confidentiality of findings __● Known vs. unknown vulnerabilities __● Compliance-based assessment Planning a Penetration Test - Communication Paths - __: ▪ Who do we communicate with about the test? ▪ What info will be communicated and when? ▪ Who is a trusted agent if testing goes wrong? Planning a Penetration Test - What is the End State? - __: ▪ What kind of report will be provided after test? ▪ Will you provide an estimate of how long remediations would take? Planning a Penetration Test - Technical Constraints - __: ▪ What constraints limited your ability to test? ▪ Provide the status in your report __● Tested __● Not Tested __● Can't Be Tested Planning a Penetration Test - Disclaimers - __: ▪ Point-in-Time Assessment __● Results were accurate when the pentest occurred ▪ Comprehensiveness __● How complete was the test? __● Did you test the entire organization or only specific objectives? Rules of Engagement (RoE) - __ are detailed guidelines and constraints regarding the execution of information security testing. The __ is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions. Rules of Engagement (RoE) Overview - __: ▪ Timeline ▪ Locations ▪ Time restrictions ▪ Transparency ▪ Test boundaries RoE: Timeline - __: ▪ How long will the test be conducted? _● A week, a month, a year ▪ What tasks will be performed and how long will each be planned for? RoE: Locations - __: ▪ Where will the testers be located? _● On-site or remote location ▪ Does organization have numerous locations? ▪ Does it cross international borders? RoE: Time Restrictions - __: ▪ Are there certain times that aren't authorized? ▪ What about days of the week? ▪ What about holidays? RoE: Transparency - __: ▪ Who will know about the pentest? ▪ Will the organization provide resources to the testers (white box test)? RoE: Boundaries - __: ▪ What will be tested? ▪ Is social engineering allowed to be used? ▪ What about physical security testing? ▪ How invasive can the pentest be? Legal Concepts (1) - __ are laws and regulations regarding cyber-crime vary from country to country, check the local laws before conducting an assessment. Legal Concepts (2) - __ refers to consulting your attorney before performing any penetration testing work to ensure you are within the legal bounds for the countries laws where you are operating. Crimes and Criminal Procedure - __: ▪ Hacking is covered under United States Code, Title 18, Chapter 47, Sections 1029 and 1030 § 1029 Fraud & related activity w/ access devices - __: ▪ Prosecute those who knowingly and with intent to defraud produce, use, or traffic in one or more counterfeit access devices. ▪ Access devices can be an application or hardware that is created specifically to generate any type of access credentials § 1030 Fraud and related activity with computers - __: ▪ Covers just about any computer or device connected to a network ▪ Mandates penalties for anyone who accesses a computer in an unauthorized manner or exceeds one's access rights ▪ Can be used to prosecute employees using capability and accesses provided by their company to conduct fraudulent activity Obtain Written Authorization - __: ▪ White hat hackers always get permission ▪ This is your get out of jail free card... ▪ Penetration tests can expose confidential information so permission must be granted ▪ Third-party authorization when necessary __● Ex: from a Cloud service provider Third-Party Authorization - __: ▪ If servers and services are hosted in the cloud, you must request permission from the provider prior to conducting a penetration test __● Ex: from a Cloud service provider Pentest Contracts - __: ▪ Statement of Work (SOW) ▪ Master Service Agreement (MSA) ▪ Non-Disclosure Agreement (NDA) Statement of Work (SOW) - __ is a formal document stating scope of what will be performed during a penetration test. ▪ Clearly states what tasks are to be accomplished during an engagement Master Service Agreement (MSA) - __ is a contract where parties agree to most of the terms that will govern future actions. ▪ High level contract between a service provider and a client that specifies details of the business arrangement Non-Disclosure Agreement (NDA) - __ is a legal contract outlining confidential material or information that will be shared during the assessment and what restrictions are placed on it. ▪ Agreement that defines confidential material and restrictions on use and sharing sensitive information with other parties Corporate Policies - __: ▪ What do corporate policies allow you to do? ▪ Have employees waived their privacy? ▪ What policies should be tested? __●Password strength/reuse __● Bring Your Own Device (BYOD) __● Encryption __● Update frequency Export Restrictions - __: ▪ Wassenaar Agreement precludes the transfer of technologies considered "dual-use" ▪ Strong encryption falls under this restriction ▪ Penetration testing tools could be considered surveillance tools and fall under these rules Penetration Testing Strategies - __: ▪ Black Box ▪ Gray Box ▪ White Box Black Box (No Knowledge Test) - __: ▪ No prior knowledge of target or network ▪ Simulates an outsider attack ▪ Only focuses on what external attacks see and ignores the insider threat ▪ Takes more time and is much more expensive White Box (Full Knowledge Test) - __: ▪ Full knowledge of network, systems, and the infrastructure ▪ Spend more time probing vulnerabilities and less time gathering information ▪ Tester is given support resources from the organization