In this walk through, we will be going through the Pentesting Fundamentals room from Tryhackme. This room will cover the important ethics and methodologies behind every pentest. So, let’s get started without any delay.
Table of Contents
Task 1 – What is Penetration Testing?
Task 2 – Penetration Testing Ethics
Question 1 – You are given permission to perform a security audit on an organisation; what type of hacker would you be?
White Hat
Question 2 – You attack an organisation and steal their data, what type of hacker would you be?
Black Hat
Question 3 – What document defines how a penetration testing engagement should be carried out?
Rules of Engagement
Task 3 – Penetration Testing Methodologies
Question 1 – What stage of penetration testing involves using publicly available information?
Information Gathering
Question 2 – If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name.
OSSTMM
Question 3 – What framework focuses on the testing of web applications?
OWASP
Task 4 – Black box, White box, Grey box Penetration Testing
Question 1 – You are asked to test an application but are not given access to its source code – what testing process is this?
Black box
Question 2 – You are asked to test a website, and you are given access to the source code – what testing process is this?
White box
Task 5 – Practical: ACME Penetration Test
ACME has approached you for an assignment. They want you to carry out the stages of a penetration test on their infrastructure. View the site (by clicking the green button on this task) and follow the guided instructions to complete this exercise.
Question 1 – Complete the penetration test engagement against ACME’s infrastructure.
THM{PENTEST_COMPLETE}
Also Read: Tryhackme – OWASP Top 10 (2021)
So that was “Pentesting Fundamentals” for you. In this room, we have covered the important ethics and methodologies behind every pentest and much more. This was more of a theory room than a regular hands-on however the concepts are equally important to cover as practicals are. On that note, i will take your leave and will meet you in next one. Till then, “Keep Hacking”.