Learn the important ethics and methodologies behind every pentest. THM Room https://tryhackme.com/room/pentestingfundamentals
TASK 1 : What is Penetration Testing ?
Read me!
No Answer
TASK 2 : Penetration Testing Ethics
You are given permission to perform a security audit on an organisation; what type of hacker would you be ?
Answer : White Hat
You attack an organisation and steal their data, what type of hacker would you be ?
Answer : Black Hat
What document defines how a penetration testing engagement should be carried out ?
Answer : Rules of Engagement
TASK 3 : Penetration Testing Methodologies
What stage of penetration testing involves using publicly available information ?
Answer : Information Gathering
If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name.
Answer : OSSTMM
What framework focuses on the testing of web applications ?
Answer : OWASP
TASK 4 : Black box, White box, Grey box Penetration Testing
You are asked to test an application but are not given access to its source code - what testing process is this?
Answer : Black Box
You are asked to test a website, and you are given access to the source code - what testing process is this?
Answer : White Box
TASK 5 : Practical: ACME Penetration Test
Complete the penetration test engagement against ACME’s infrastructure.
Answer : THM{PENTEST_COMPLETE}