The 7 Phases of PTES
This initial phase involves defining goals, the scope of the test, and the rules of engagement.
What is Pre-engagement Interactions?
This type of testing involves assessing a system with absolutely no prior knowledge of its internal workings.
What is Black box testing?
This type of attack involves exceeding the capacity of a fixed-size data chunk to overwrite adjacent memory.
What is a Buffer overflow attack?
MTPH relies heavily on IoT medical devices and these digital patient files, which could be compromised in an attack.
What are Electronic Health Records (EHRs)?
This acronym refers to the practice of gathering public information during the Intelligence Gathering phase.
What is OSINT (Open-Source Intelligence)?
During this active phase, ethical hackers use techniques like SQL injection and cross-site scripting (XSS) to compromise systems.
What is the Exploitation phase?
This testing approach simulates an attacker who has full knowledge of the target system.
What is White box testing?
This tool is used during the exploitation phase to uncover passwords and gain unauthorized access.
What is a Password cracking tool?
This specific type of social engineering is also commonly referred to as "voice phishing".
What is Vishing?
This specific type of social engineering is also commonly referred to as "voice phishing".
What is Vishing?
This phase involves assessing access to sensitive data and examining privilege escalation and persistence.
What is Post-exploitation?
This approach provides testers with partial knowledge, often simulating an insider threat.
What is Grey box testing?
Threat modeling helps identify potential methods of attack, including social engineering and this broad category of malicious software.
What is Malware?
This reconnaissance technique utilizes advanced search operators to uncover hidden information online.
What is Search engine dorking?
This reconnaissance technique utilizes advanced search operators to uncover hidden information online.
What is Search engine dorking?
In this phase, security teams evaluate and prioritize weaknesses based on risk after manually assessing the network.
What is Vulnerability Analysis?
This is the overarching term for the structured and ethical process used to uncover network and system vulnerabilities.
What is Penetration testing?
This type of vulnerability, typically targeting web applications, is abbreviated as XSS.
What is Cross-site scripting?
This social engineering technique involves creating a fabricated scenario to manipulate someone into providing sensitive information.
What is Pretexting?
The post-exploitation process of examining system logs and other traces left by an attack is known by this term.
What is System forensics?
The final phase where testers provide a full security posture assessment and help MTPH create an effective response plan.
What is Reporting?
Evaluating the main difference in this specific requirement between black box and white box testing is a key challenge for students.
What is required system knowledge?
This exploitation technique involves inserting malicious code into database queries to access or manipulate data.
What are Network scanning and mapping?
These two related intelligence gathering techniques are used to uncover the layout, devices, and active services of a target network.
What are Network scanning and mapping?
A major challenge for the security team is helping MTPH develop a robust one of these to ensure service continuity in the event of a real breach.
What is a Cybersecurity response plan?