The tech industry is synonymous with abbreviations, and cyber security is no different.
TLAs (three letter abbreviations), acronyms, other abbreviations and unfamiliar names or terms are the norm.
As a result, in this blog we have collated an A-Z glossary for the world of pentesting. In fact, we’ve split the alphabet to create two blogs, starting with the letters A-M.
So, if you are unsure of command injections, want to know the difference between IDS and JWT or Black Box and White Box testing, then read on.
A – Authentication
Almost every system uses a method of authentication, to maintain data confidentiality. SQL injection can be used to attempt authentication bypass, by convincing a database that a login statement is legitimate.
The most common example is the use of the statement OR 1=1 in a password parameter.
Methods of authentication can include passwords, biometrics, key-based or MFA (multi-factor authentication), all of which have the goal of ensuring that only an authorised person gains access to a resource.
B – Black Box Testing
Most penetration testing can be broken down into either white box or black box testing. These terms are ways of describing how much information a penetration tester has about the target system.
For black box testing, little to no information is provided by a client and a penetration tester is required to test a target in a similar fashion to a cyber criminal.
In the real world, where time costs money, most people opt to conduct white box testing, meaning testers do not have to complete simple actions that take time, but do not offer any real value, for example brute forcing a log in, when it is better to be provided credentials and then test a system.
C – Command Injection
Command injection is typically a web application vulnerability that can include SQL injection, OS injection, LDAP injection.
Ultimately, this vulnerability focusses on an attacker’s ability to submit their own command, which will be executed by the vulnerable service. Most commonly, when referring to Command Injection, people are referring to OS injection, where it is possible to inject commands understood by a server.
Common proof of concepts for this could be a ping request to an attacker-controlled device. Network traffic can then be monitored to see if the victim has attempted to ping the attacker and, if successful, the next step would be to achieve shell access.
D – Data Exfiltration
Data exfiltration is the process of stealing potentially sensitive information from a computer.
The simplest methods to achieve this would be through protocols such as FTP, HTTP or via email.
More advanced techniques can use protocols such as DNS or ICMP to smuggle data out in seemingly legitimate traffic.
E – Encryption
Encryption is the process of converting plain text data into ciphertext, with the goal of protecting it from unauthorised access.
There are two main types of encryption – symmetric and asymmetric:
🔒 Symmetric uses the same key to encrypt and decrypt data
🔒 Asymmetric uses a ‘key-pair’, where there is a public and private key for each person, when sending data:
– the *sender* encrypts to the *recipients* public key
– the *recipient* then decrypts the data with their private key
F – Firewall
A firewall can be a network or host-based system that focusses on incoming and outgoing traffic, and uses specific rules to identify whether it wants to allow it or block it.
Most commonly, firewalls use source and destination ports to understand what traffic is being sent and will act according to its rules.
When hearing the phrase ‘any any’ in the context of a firewall, people are discussing weak rules that are allowing data from any protocol to talk to a computer with any IP address (this is not a good thing, as it means there is no actual filtering happening).
G – GET Request
In web technology, applications will most commonly use POST and GET requests.
GET is an http method that is used to request data from a server. When sending a GET request, parameters will typically be sent via a URL.
This means that it’s not appropriate to send sensitive information via a GET request, as it may be saved in browser history, proxy history, or cached by servers.
H – Hash
A hash is a string of characters created when text has gone through a one-way mathematical algorithm. Once something has been hashed, it cannot be ‘de-hashed’.
Typical uses for hashing are:
🔒 Storing passwords – different operating systems use different hashing algorithms.
🔒 File validation – by creating a hash value of a file, it is possible to provide a method of confirming a file has not been modified (if you download a file and the hash value has changed, then the file has potentially been tampered with).
I – IDS
An IDS – or Intrusion Detection System – is a piece of software that monitors network traffic and will alert a SIEM if it identifies an attack.
It is a passive piece of software that will not stop an attack or protect a company, but will be helpful in starting an incident response process.
If a client has an IDS, it’s not uncommon to whitelist a tester’s IP address during penetration testing, so as not to cause unnecessary alerts and potentially obfuscate a real attack.
J – JWT
A JWT (or JSON Web Token) is a way of providing authentication and authorisation to a web application.
JWTs are made up of three parts:
🔒 Header: defines the type of token and signing algorithm
🔒 Payload: contains the data a pentester would be interested in (username, account privilege etc.)
🔒 Signature: a signature created that will be checked, to make sure that no modifications have happened during transmission.
JWTs can be Base64 decoded to see the information in each of these parts.
K – Key
A key is a piece of data that is used to encrypt or decrypt data.
Instead of using a password, key-based encryption is preferred, as an attacker would need to gain access to the key (which is a file) to be able to decrypt data.
Key-based encryption is commonly used in the SSH protocol, instead of password authentication.
L – Lateral Movement
Lateral movement is the process of moving through a network to gain access to more targets, data, resources.
When a real-world attack occurs, attackers have a ‘breach point’ into a network via their initial attack; however, it is unlikely they will be happy having access to just one device.
Instead, attempts will likely be made to achieve lateral movement, to access servers and domain controllers too.
M – Machine-in-the-Middle
A machine-in-the-middle attack requires an attacker to be able to intercept traffic going between two parties, without either one realising it. This allows the attacker to view all the traffic and potentially see sensitive data. Common MitM attack methods are:
ARP spoofing – where an attacker must be on the same network and uses the ARP protocol to convince a target they are someone else.
DNS spoofing – where an attacker will intercept and redirect DNS requests to a malicious server that will provide fake IP addresses for websites.
Coming soon – part two of our A-Z of pentesting terms.
Why learning from practicing pentesters is the key to success
Cyber security moves fast. Threats evolve at an incredible pace and pentesting techniques change and develop along with them. That’s why your choice of pentesting training provider is an important decision. At North Green Security, we recognise the importance of...
What is Cyber Essentials?
If you are starting to look at cyber protection for your business, then the UK Government backed Cyber Essentials scheme is a great place to start. In fact, these are excellent standards to consider, wherever you are on your journey – at North Green, we go through...
What you need to know about ransomware
The consequences of a ransomware attack can be utterly devastating. The mere thought of a business losing access to its computers, its networks and its data is a nightmare scenario for many – and this fear became a harsh reality for the UK logistics firm KNP Logistics...
Can you spot a phish?
Roughly 8.3 billion emails are sent each day in the UK and nearly half of them are spam or phishing emails. That’s a whole lot of rogue and potentially malicious emails – and a pretty frightening number too! We all know that spam is generally unwanted or irrelevant...