Penetration testing techniques

Let's now look at the type of techniques that a pen tester may adopt:

  • Initial exploitation: This is where the pen tester will assess the information that he already knows and devises a plan so that he can exploit the company. He will look for the weakest point in the company's security at the initial point of exploitation.
  • Active reconnaissance: Active reconnaissance is where someone actively tries to gain information about the system. This could be running a port scan to see what ports are open and then trying to exploit that port. For example, an attacker finds the username left on one of the corporate desktops; he then rings up the active directory team pretending to be that person and asks for a password ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.