🦹Pentesting Fundamentals

Learn the important ethics and methodologies behind every pentest

Room Attributes

Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Task 1 What is Penetration Testing?

Read me!

No answer needed

Task 2 Penetration Testing Ethics

You are given permission to perform a security audit on an organisation; what type of hacker would you be?

HINT: Look at the hat categories in this task.

Reveal Flag 🚩

🚩White Hat

You attack an organisation and steal their data, what type of hacker would you be?

Reveal Flag 🚩

🚩Black Hat

What document defines how a penetration testing engagement should be carried out?

Reveal Flag 🚩

🚩Rules of Engagement

Task 3 Penetration Testing Methodologies

What stage of penetration testing involves using publicly available information?

Reveal Flag 🚩

🚩Information Gathering

If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We're looking for the acronym here and not the full name.

Reveal Flag 🚩

🚩OSSTMM

What framework focuses on the testing of web applications?

Reveal Flag 🚩

🚩OWASP

Task 4 Black box, White box, Grey box Penetration Testing

You are asked to test an application but are not given access to its source code - what testing process is this?

Reveal Flag 🚩

🚩Black Box

You are asked to test a website, and you are given access to the source code - what testing process is this?

Reveal Flag 🚩

🚩White Box

Task 5 Practical: ACME Penetration Test

Complete the penetration test engagement against ACME's infrastructure.

Reveal Flag 🚩

🚩THM{PENTEST_COMPLETE}

PreviousIntro to Offensive Security NextCVE Walkthroughs

Last updated 3 years ago

hashtagTask 1 What is Penetration Testing?

hashtagRead me!

hashtagTask 2 Penetration Testing Ethics

hashtagYou are given permission to perform a security audit on an organisation; what type of hacker would you be?

hashtagYou attack an organisation and steal their data, what type of hacker would you be?

hashtagWhat document defines how a penetration testing engagement should be carried out?

hashtagTask 3 Penetration Testing Methodologies

hashtagWhat stage of penetration testing involves using publicly available information?

hashtagIf you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We're looking for the acronym here and not the full name.

hashtagWhat framework focuses on the testing of web applications?

hashtagTask 4 Black box, White box, Grey box Penetration Testing

hashtagYou are asked to test an application but are not given access to its source code - what testing process is this?

hashtagYou are asked to test a website, and you are given access to the source code - what testing process is this?

hashtagTask 5 Practical: ACME Penetration Test

hashtagComplete the penetration test engagement against ACME's infrastructure.

Task 1 What is Penetration Testing?

Read me!

Task 2 Penetration Testing Ethics

You are given permission to perform a security audit on an organisation; what type of hacker would you be?

You attack an organisation and steal their data, what type of hacker would you be?

What document defines how a penetration testing engagement should be carried out?

Task 3 Penetration Testing Methodologies

What stage of penetration testing involves using publicly available information?

If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We're looking for the acronym here and not the full name.

What framework focuses on the testing of web applications?

Task 4 Black box, White box, Grey box Penetration Testing

You are asked to test an application but are not given access to its source code - what testing process is this?

You are asked to test a website, and you are given access to the source code - what testing process is this?

Task 5 Practical: ACME Penetration Test

Complete the penetration test engagement against ACME's infrastructure.