Actually simulating an attack; often contract with a 3rd party to do it
. Just looking for holes that can later be exploited
. Scanning open sources for info on a potential target such as social media site, corporate websites, online forums, dumpster diving, social engineering, etc
. Actually looking to see what holes exist - really same as vulnerability scanning - such as OS scans, service scans, etc.
. First attempts at trying all types of attacks to see what works - throwing mud on the wall to what sticks - but be very careful of doing this during production times
. Repeated attempts, even after vulnerability is patched; attack may even set up user accounts that would allow fake users in
. Once you get a foothold point in, then from there you can move around within the system
. Pentester has no idea about the system and is trying everything from scratch - it's a "blind" test
. Pentester only has a certain amount of information about the system or is only focusing on certain areas
. Pentester has all of the information about the system upfront
.
|