p3nt35t1ngfundam3ntal5 | CYB3RM3

Pentesting Fundamentals

THM Room https://tryhackme.com/room/pentestingfundamentals

TASK 1 : What is Penetration Testing ?

Read me!

No Answer

TASK 2 : Penetration Testing Ethics

You are given permission to perform a security audit on an organisation; what type of hacker would you be ?

Answer : White Hat

You attack an organisation and steal their data, what type of hacker would you be ?

Answer : Black Hat

What document defines how a penetration testing engagement should be carried out ?

Answer : Rules of Engagement

TASK 3 : Penetration Testing Methodologies

What stage of penetration testing involves using publicly available information ?

Answer : Information Gathering

If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We're looking for the acronym here and not the full name.

Answer : OSSTMM

What framework focuses on the testing of web applications ?

Answer : OWASP

TASK 4 : Black box, White box, Grey box Penetration Testing

You are asked to test an application but are not given access to its source code - what testing process is this?

Answer : Black Box

You are asked to test a website, and you are given access to the source code - what testing process is this?

Answer : White Box

TASK 5 : Practical: ACME Penetration Test

Complete the penetration test engagement against ACME's infrastructure.

Answer : THM{PENTEST_COMPLETE}