Return to Pentesting by OS, Windows Security, Windows Server Security, macOS Pentesting, Pentesting, Windows, Windows Testing Bibliography, Windows Testing, Windows DevSecOps - WinOps, Windows Internals, Linux Pentesting, Pentesting Glossary, Awesome Pentesting, Pentesting GitHub, Pentesting Topics
A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses (or vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.
The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal. A penetration test target may be a white box (about which background and system information are provided in advance to the tester) or a black box (about which only basic information other than the company name is provided). A gray box penetration test is a combination of the two (where limited knowledge of the target is shared with the auditor). A penetration test can help identify a system's vulnerabilities to attack and estimate how vulnerable it is.
Security issues that the penetration test uncovers should be reported to the system owner. Penetration test reports may also assess potential impacts to the organization and suggest countermeasures to reduce the risk.
The UK National Cyber Security Center describes penetration testing as: "A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system's security, using the same tools and techniques as an adversary might."
The goals of a penetration test vary depending on the type of approved activity for any given engagement, with the primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor, and informing the client of those vulnerabilities along with recommended mitigation strategies.
Penetration tests are a component of a full security audit. For example, the Payment Card Industry Data Security Standard requires penetration testing on a regular schedule, and after system changes. Penetration testing also can support risk assessments as outlined in the NIST Risk Management Framework SP 800-53.
Several standard frameworks and methodologies exist for conducting penetration tests. These include the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), the NIST Special Publication 800-115, the Information System Security Assessment Framework (ISSAF) and the OWASP Testing Guide. CREST, a not for profit professional body for the technical cyber security industry, provides its CREST Defensible Penetration Test standard that provides the industry with guidance for commercially reasonable assurance activity when carrying out penetration tests.
Flaw hypothesis methodology is a systems analysis and penetration prediction technique where a list of hypothesized flaws in a software system are compiled through analysis of the specifications and documentation for the system. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists, and on the ease of exploiting it to the extent of control or compromise. The prioritized list is used to direct the actual testing of the system.
There are different types of penetration testing, depending upon the goal of the organization which include: Network (external and internal), Wireless, Web Application, Social Engineering, and Remediation Verification.
Even more recently a common pen testing tool called a flipper was used to hack the MGM casinos in 2023 by a group called Scattered Spiders showing the versatility and power of some of the tools of the trade.
Pentesting: Pentesting Kubernetes - Pentesting Docker - Pentesting Podman - Pentesting Containers, Pentesting Java, Pentesting Spring Boot, Vulnerability Assessment, Penetration Testing Frameworks, Ethical Hacking, Social Engineering Attacks, Network Penetration Testing, Web Application Penetration Testing, Wireless Network Penetration Testing, Physical Security Penetration Testing, Social Engineering Techniques, Phishing Techniques, Password Cracking Techniques, SQL Injection Attacks, Cross-Site Scripting (XSS) Attacks, Cross-Site Request Forgery (CSRF) Attacks, Security Misconfiguration Issues, Sensitive Data Exposure, Broken Authentication and Session Management, Insecure Direct Object References, Components with Known Vulnerabilities, Insufficient Logging and Monitoring, Mobile Application Penetration Testing, Cloud Security Penetration Testing, IoT Device Penetration Testing, API Penetration Testing, Encryption Flaws, Buffer Overflow Attacks, Denial of Service (DoS) Attacks, Distributed Denial of Service (DDoS) Attacks, Man-in-the-Middle (MitM) Attacks, Port Scanning Techniques, Firewall Evasion Techniques, Intrusion Detection System (IDS) Evasion Techniques, Penetration Testing Tools, Automated Penetration Testing Software, Manual Penetration Testing Techniques, Post-Exploitation Techniques, Privilege Escalation Techniques, Persistence Techniques, Security Patches and Updates Testing, Compliance Testing, Red Team Exercises, Blue Team Strategies, Purple Teaming, Threat Modeling, Risk Analysis, Vulnerability Scanning Tools, Exploit Development, Reverse Engineering, Malware Analysis, Digital Forensics in Penetration Testing
Mitre Framework, Common Vulnerabilities and Exposures (CVE), Pentesting by Programming Language (Angular Pentesting, Bash Pentesting, C Pentesting, C Plus Plus Pentesting | C++ Pentesting, C Sharp Pentesting | Pentesting, Clojure Pentesting, COBOL Pentesting, Dart Pentesting, Fortran Pentesting, Golang Pentesting, Java Pentesting, JavaScript Pentesting, Kotlin Pentesting, Python Pentesting, PowerShell Pentesting, React Pentesting, Ruby Pentesting, Rust Pentesting, Scala Pentesting, Spring Pentesting, Swift Pentesting - iOS Pentesting - macOS Pentesting, TypeScript Pentesting),
Pentesting by Cloud Provider, Pentesting GitHub - Pentesting GitHub Repositories, Pentesting by OS, Pentesting by Company, Awesome Pentesting, Pentesting Bibliography, Pentesting GitHub, Pentesting topics, Cybersecurity topics, Dictionary attack, Passwords, Hacking (Ethical hacking, White hat, Black hat, Grey hat), Pentesting, Rainbow table, Cybersecurity certifications (CEH), Awesome pentesting. (navbar_pentesting. See also navbar_passwords, navbar_passkeys, navbar_mfa, navbar_security, navbar_encryption, navbar_iam, navbar_devsecops)
Windows Server related ONLY: Give me a 250 term vocabulary list sorted by popularity in usage (by commonly used / frequency of use in codebases). That means 250 terms, not 250 words. DO NOT REPEAT YOURSELF. Acronyms related to Windows Server technology are allowed but they must be expanded. e.g. RAII (Resource Acquisition Is Initialization). The terms should have to do ONLY with and SPECIFICALLY with Windows Server, can NOT include generic operating system terms, generic IT terms, or computing terms. No definitions. Just the words. Each word should be surrounded by double brackets and separated by a comma and on the same lines. e.g. robots, robotics. Etc.
Windows Server, Active Directory, Group Policy, PowerShell, Windows Deployment Services, WDS (Windows Deployment Services), Domain Controller, FSMO (Flexible Single Master Operations), DNS Server, DHCP Server, Hyper-V, Failover Clustering, Remote Desktop Services, RDS (Remote Desktop Services), Terminal Services, File Server Resource Manager, FSRM (File Server Resource Manager), Windows Admin Center, Storage Spaces Direct, SSO (Single Sign-On), Kerberos Authentication, NTFS (New Technology File System), BitLocker, Distributed File System, DFS (Distributed File System), DFS Namespaces, DFS Replication, Read-Only Domain Controller, RODC (Read-Only Domain Controller), Dynamic Access Control, DAC (Dynamic Access Control), Active Directory Federation Services, ADFS (Active Directory Federation Services), Active Directory Certificate Services, ADCS (Active Directory Certificate Services), Active Directory Rights Management Services, ADRMS (Active Directory Rights Management Services), Active Directory Lightweight Directory Tools, ADLDS (Active Directory Lightweight Directory Services), Windows Update Services, WSUS (Windows Server Update Services), Windows Server Backup, SMB (Server Message Block), Storage Replica, BranchCache, Print Management, Windows Time Service, W32Time (Windows Time Service), System Center Configuration Manager, SCCM (System Center Configuration Manager), System Center Operations Manager, SCOM (System Center Operations Manager), Cluster-Aware Updating, CAU (Cluster-Aware Updating), Remote Desktop Gateway, RD Gateway (Remote Desktop Gateway), NPS (Network Policy Server), DirectAccess, IP Address Management, IPAM (IP Address Management), Network Load Balancing, NLB (Network Load Balancing), Shared Virtual Hard Disk, Storage Migration Service, Data Deduplication, Volume Shadow Copy Service, VSS (Volume Shadow Copy Service), Hyper-V Replica, Server Core, Nano Server, Windows Server Essentials, Server Message Block Multichannel, SMB Multichannel, Dynamic DNS, DNS Scavenging, DHCP Failover, Authorization Manager, Windows Firewall with Advanced Security, Credential Guard, Device Guard, Just Enough Administration, JEA (Just Enough Administration), Just-in-Time Administration, JIT (Just-in-Time Administration), Logon Scripts, Trust Relationships, Kerberos Constrained Delegation, KCD (Kerberos Constrained Delegation), Group Managed Service Accounts, gMSA (Group Managed Service Accounts), Service Principal Name, SPN (Service Principal Name), System State Backup, Windows Deployment Toolkit, MDT (Microsoft Deployment Toolkit), Remote Server Administration Tools, RSAT (Remote Server Administration Tools), User State Migration Tool, USMT (User State Migration Tool), Virtual Desktop Infrastructure, VDI (Virtual Desktop Infrastructure), Virtual Switch Manager, Enhanced Session Mode, Live Migration, Cluster Shared Volumes, CSV (Cluster Shared Volumes), Server Manager, Failover Manager, Performance Monitor, Resource Monitor, Event Viewer, Local Security Policy, Security Configuration Wizard, System Insights, Windows Remote Management, WinRM (Windows Remote Management), Task Scheduler, Advanced Threat Analytics, ATA (Advanced Threat Analytics), Enterprise Certificate Authority, Server Authentication, Kerberos Realm Trust, Certificate Revocation List, CRL (Certificate Revocation List), Smart Card Authentication, NTLM (NT LAN Manager), Windows Internal Database, WID (Windows Internal Database), System File Checker, SFC (System File Checker), Distributed Transaction Coordinator, MSDTC (Microsoft Distributed Transaction Coordinator), Remote Desktop Protocol, RDP (Remote Desktop Protocol), Server Core App Compatibility Feature, Windows Process Activation Service, WPAS (Windows Process Activation Service), Internet Information Services, IIS (Internet Information Services), Web Application Proxy, WAP (Web Application Proxy), Remote Desktop Web Access, RD Web Access (Remote Desktop Web Access), Virtualization-based Security, VBS (Virtualization-based Security), Windows Defender Credential Guard, Secure Boot, UEFI Secure Boot, Windows Event Forwarding, WEF (Windows Event Forwarding), File Classification Infrastructure, FCI (File Classification Infrastructure), Quota Management, Kerberos Ticket Lifetime, Golden Ticket Attack, SID Filtering, Syskey, Audit Policies, Dynamic Host Configuration Protocol, Teredo Tunneling, Branch Office Direct Printing, Health Registration Authority, HRA (Health Registration Authority), Network Device Enrollment Service, NDES (Network Device Enrollment Service), Application Initialization, WebSocket Protocol, Shared Content Store Mode, Server Fault Tolerance, RD Licensing, RemoteFX, Volume Activation, Windows Process Monitor, Access-Based Enumeration, ABE (Access-Based Enumeration), Enhanced Storage Devices, iSCSI Target Server, Multipath I/O, MPIO (Multipath I/O), Offline Domain Join, Active Directory Migration Tool, ADMT (Active Directory Migration Tool), Forest Functional Levels, Domain Functional Levels, Schema Master, RID Master (Relative Identifier Master), Infrastructure Master, Global Catalog, Backup Exec, Primary Domain Controller, PDC Emulator, LDAP (Lightweight Directory Access Protocol), NTDS Settings, Sysvol Share, NETLOGON Share, Backup and Restore Center, Event Subscription, Feature on Demand, Server for NFS, Subsystem for UNIX-based Applications, SUA (Subsystem for UNIX-based Applications), Server Message Block Signing, Dynamic Memory, Hyper-V Integration Services, Nested Virtualization, Guest Isolation, High Availability Mode, Witness Disk, Witness File Share, Resource-Optimized Failover, VM Monitoring, Affinity Rules, Anti-Affinity Rules, Persistent Memory, ReFS (Resilient File System), Storage QoS, Work Folders, WS-Man (Web Services-Management Protocol), Failover Cluster Instance, FCI (Failover Cluster Instance), Unattended Installations, Sysprep (System Preparation Tool), Preboot Execution Environment, PXE (Preboot Execution Environment).
navbar_windows_server - see also navbar_rhel
Microsoft Windows: Windows Sucks!!!, Windows Fundamentals, Windows Inventor: Microsoft, Windows Server Fundamentals, WinOps-Windows DevOps-PowerShell Core - Windows PowerShell, Windows Server in the Cloud, Windows Server (Windows Server 2022-Windows Server 2019-Windows Server 2016-Windows Server 2012-Windows Server 2008-Windows Server 2003), Windows Development, Windows Developer, Windows SDK, Windows History, Windows Virtualization (Azure Virtual Desktop- Windows 365-Windows as a Service-Microsoft 365), Windows Desktop - Windows Versions (Windows 11-Windows 10-Windows 8-Windows 7-Windows Vista-Windows XP-Windows 2000-Windows ME-Windows 98-Windows 95-Windows NT-Windows for Workgroups-Windows 3.x-Windows 2.x), Windows Networking, Windows Storage-Windows File System, Windows Security, Windows Registry, Microsoft PowerToys, Windows Glossary - Glossaire de Windows - French. (navbar_windows - see also navbar_windows_server, navbar_windows11, navbar_windows_development, navbar_windows_registry)
Cloud Monk is Retired ( for now). Buddha with you. © 2025 and Beginningless Time - Present Moment - Three Times: The Buddhas or Fair Use. Disclaimers
SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.