Hello and welcome back to Sai Berries. 2019 Comp Tier Security Plus Certification Preparation course.
This is a continuation off marginal one,
and the topic discussion is domain one. Threats, attacks and vulnerabilities.
We have a brand new objective, which encompasses this particular main,
which is titled 1.4 explained Pantries and Testing Concepts.
Let's not turn a teacher what this pre assessment quiz and the question is as follows active economists was, someone actively tries to gain information about the system.
Is that true or false?
If you said that you you're absolutely correct,
continue on in this particular video, we have again the title or other words. The objective is explained penetration testing concepts here again on the topics which actually encompasses this particular objective, ranging from active reconnaissance,
passive reconnaissance, pivot,
persistent and escalation of privileges.
Some of this objectives Black box, white box, gray box as well. It's penetration testing and verses vulnerably scanning
so we look it active versus passive reconnaissance. Obviously, there are some differences when you look at it, too.
So would active with Connor, since it's what someone actually tries to gain information about the system.
Then we have passive reconnaissance
is a former top of the information data collection that takes place where you in an individual personal data, such as passwords stolen without the target individuals knowledge,
Basically, this refers to a method used by penetration testers that uses a compromise system to attack other system on the same network to avoid prescriptions. Such a firewall configuration, which may prohibit direct access to all machines,
now force the terms in terms of the phases of the Pinterest intestine were actually seven phase. At first we have the pre engagement
number two record is a three threat modelling for exportation.
Five post exportation.
Then we have reporting on number six and number seven. We have retesting
menace brings us to our initial again part where attacker who are cheesed initial
would give their trying explore again your systems orderly. Six. To establish persistence in the network, they come and do so via what we call privilege escalation,
finding to run keys or getting into scripts
in terms of persistent, it says. Still, T computer network attack and with the personal group, gains unauthorised access to your network and remains undetected for an extended period of time
escalation privileges is, in fact, the act of exploring a book, a design flaw or configuration oversight in operates system or suffer application at your insensitive to gain elevated access to your resource is that our normal protected from an application or user,
now forced their number different types of tests that we used to run penetrates intestine. We have the black box. Now. This is a software testing method in which the internal structure design implementation of the item being test is not known to the tester.
Then we have the white box. In this case is a software testing method in which Dean tonal structure, the design implantation of the item being tested, is known to the tester.
Now the white box pain. Tessa knows everything about the system,
the white boss testing with interior knowledge of the software and, well, it's internal programming. The test has full knowledge of internal working of the application,
basically there. In other words, they they're suited for algorithm tested. So again, these are some of things that want to highlight regarding the white box.
Then we have the good old gray box, which is a strategy for software debugging in this case in which the test I had limit knowledge off the external details of the program.
This next slide shows the differences or illustrates it differently in the Black Mouse testing,
as opposed to your great box test and annual white box test. Let's take a look at this so we're not actually look at each and every one of here. That's Mr here in this particular slide, but we're actually going to go over one. Let's take a look at the black box tested. The internal workings of the application are not required to be known. In other words, you tell my black box testing
we're great box tests and some
somewhat knowledge of the internal network or no.
Then we look at a white box, says the test. I have full knowledge of the internal workings of the application
Now for us, when you look at Pinterest and test and versus vulnerably Skinny may say, is that one in the same type when you're looking from a definition perspective?
Well, in fact, that's not true. Let's take a look at what exactly what penetration test is all about
now. Pinterest intestinal intended to export weakness in your architecture off your I T network and determine the degree to which a malicious attacker can gain another unauthorized access to your assets.
Then we have the vitamins scam, which had gained the text and classified system with Mrs and your computers, your network and communication equipped and predicts the effectiveness of the counter manages.
And it's boring time. We have our post assessment question
and the question is follows. And which of the following does the tester have significant knowledge of the system and simulates attack from an insider? Is a gray box
red box? See white box or D black box?
If you said you see you're absolutely correct because with a white box testing, the tester has significant not into the system and simulates an attack from an insider. Other words, a rope employees.
At this point in time, we have our key takeaways for this particular video.
First of all, we learned that passive reconnaissance, other words is a form of target information data collection that takes place when an individual personal data, such as a password, was stolen without the target individuals knowledge.
Then we have a pivot attack in which attack against access to your desktop inside a company that they being used to attack another computer or server.
An advanced, persistent threat is attacking which in an authorized user gangs access to a system or network and remains there for extended period of time without being detected. The words advanced, Persistent Threat or a P T
ah black box pin test are given no information on the company.
The white box test that knows everything about the system
A great box is strategic for software debugging and wishes. Tester has limited knowledge of the internal details of the program.
Some additional key takeaways.
We learned that penetration tests, also called pen intestinal ethical hacking, is the practice of testing. Computer system network or Web application defines security vulnerabilities that attacker could perhaps explored.
When you look at Venables Scam alert, it's an inspection of potential points of export on a computer or network to identify your security holes
and our upcoming presentations. In particular, look at a brand new learning objective, which is 1.5 Explain Vulnerable is scanning concepts again. I look for to seeing the very next video