1. Penetration Testing
   1. Penetration Testing:
      1. Security experts attempt to exploit known vulnerabilities, and find unknown vulnerabilities, with the consent of an organization.
      2. Requires advanced skills.
      3. The goal of penetration testing is to direct an organization's security policy.
      4. Requires both automatic and manual tools.
      5. Security experts may also be called:
         1. White Hat Hackers
         2. Ethical Hackers
         3. Pen Testers
   2. List common methodologies used to perform penetration testing:
      1. Open Source Security Testing Methodology Manual (OSSTMM):
         1. Freely obtained from ISECOM
      2. NIST Penetration Testing:
         1. Discussed in NIST SP800-115.
         2. Less thorough than OSSTMM.
         3. Many organizations find it satisfactory because it was created by the US government.
         4. It sometimes refers to the OSSTMM rather than providing more detail.
2. Reconnaissance
   1. Passive Reconnaissance:
      1. Gaining information about a target system without engaging the system.
      2. Basic Port Scans
   2. Active Reconnaissance:
      1. Gaining information about a target system using active, engaging techniques.
      2. Using information gathered from a basic port scan to exploit vulnerabilities associated with those ports
3. Techniques
   1. Race Condition:
      1. A system or application is performing two tasks dependent on the same parameters, and the time between them can be exploited.
      2. Also known as:
         1. Time-of-Check-to-Time-of-Use (TOCTOU) Attacks
   2. Pivot:
      1. A technique used to gain access to other systems or other parts of the network after an initial system has been exploited.
   3. Chaining:
      1. Pen testers may try to exploit a single vulnerability, or get full control of the system by chaining multiple vulnerabilities, security gaps, and misconfigurations together.
   4. Persistence
      1. When performing a penetration test for an employer, persistence is the practice of returning to a vulnerability at a later date in the testing process to ensure that the target system, with new security measures in place, is able to withstand new means of attack.
      2. Describe ways to make your system resilient to persistent threats:
         1. To develop systems that are resilient to persistent threats, configure a master image for all systems within your organization, utilize snapshots, or revert to known secure states after a potential security event.
   5. Escalation of Privilege
      1. Exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would’ve been protected from an application or user.
      2. This results in a user gaining additional privileges, more than were originally intended by the developer of the application
4. Test Types
   1. Black Box:
      1. The tester has little or no knowledge of the computer, infrastructure, or environment that is being tested.
      2. This simulates an attack from a person who is unfamiliar with the system.
   2. White Box:
      1. The tester is provided with complete knowledge of the computer, user credentials, infrastructure, or environment to be tested.
   3. Gray Box:
      1. The tester is given limited inside knowledge of the system or network.