You have engaged in a double-blind pentest contract and get started to conduct testing. To effectively assess vulnerabilities and keep the testing in secret, which of the following should be conducted first?
A. Enumerate services on hosts to discover potential attack vectors
B. Conduct passive testing against the target
C. Exploit vulnerabilities by sending passive payloads
D. Cloak a port scan with decoys to hide your IP address
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Conduct passive testing against the target.
Bind Testing and Double-blind Testing
Blind testing simulates a real hacker. The client provides the pen testing team with limited or no information before the test.
Double-blind testing is an advanced version of blind testing. The main difference lies in that only limited people know the existence of the pen testing project.
Either in the bind testing or double-blind testing, the pen testers have to gather information about the client and the target of evaluation (TOE). Google, social media, job boards, or DNS WHOIS database are typical information sources that don’t need to interact with the client or TOE, also known as passive testing. Active testing, on the contrary, requires interaction with the TOE.
In a bind testing or double-blind testing, active testing (information gathering) is usually conducted before active testing to keep the testing unaware or in secret.
The following is the suggested sequence based on the four options of the question:
- Conduct passive testing against the target (passive information gathering)
- Cloak a port scan with decoys to hide your IP address (active port scanning)
- Enumerate services on hosts to discover potential attack vectors (active enummeration)
- Exploit vulnerabilities by sending passive payloads (active exploitation)