🦹Pentesting Fundamentals

Learn the important ethics and methodologies behind every pentest

TryHackMe | Pentesting FundamentalsTryHackMe

https://tryhackme.com/room/pentestingfundamentals

Room Attributes	Value
Subscription Required	False [Free]
Type	Walkthrough
Difficulty	Info
Tags	Cybersecurity, Framework, Penetration Testing, Ethics

Task 1 What is Penetration Testing?

Read me!

No answer needed

Task 2 Penetration Testing Ethics

You are given permission to perform a security audit on an organisation; what type of hacker would you be?

HINT: Look at the hat categories in this task.

Reveal Flag 🚩

🚩White Hat

You attack an organisation and steal their data, what type of hacker would you be?

Reveal Flag 🚩

🚩Black Hat

What document defines how a penetration testing engagement should be carried out?

Reveal Flag 🚩

🚩Rules of Engagement

Task 3 Penetration Testing Methodologies

What stage of penetration testing involves using publicly available information?

Reveal Flag 🚩

🚩Information Gathering

If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We're looking for the acronym here and not the full name.

Reveal Flag 🚩

🚩OSSTMM

What framework focuses on the testing of web applications?

Reveal Flag 🚩

🚩OWASP

Task 4 Black box, White box, Grey box Penetration Testing

You are asked to test an application but are not given access to its source code - what testing process is this?

Reveal Flag 🚩

🚩Black Box

You are asked to test a website, and you are given access to the source code - what testing process is this?

Reveal Flag 🚩

🚩White Box

Task 5 Practical: ACME Penetration Test

Complete the penetration test engagement against ACME's infrastructure.

Reveal Flag 🚩

🚩THM{PENTEST_COMPLETE}