Question

1. An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?

1. Run a protocol analyzer to determine what traffic is flowing in and out of the server, and look for ways to alter the data stream that will result in information leakage or a system
2. Send out spear-phishing emails against users who are known to have access to the network-based application, so the red team can go on-site with valid credentials and use the software.
3. Examine the application using a port scanner, then run a vulnerability scanner against open ports looking for known, exploitable weaknesses the application and related services may have.
4. Ask for more details regarding the engagement using social engineering tactics in an attempt to get the organization to disclose more information about the network application to make attacks easier.

Answer 1

The correct option for the above problem would be:

1. Run a protocol analyzer to determine what traffic is flowing in and out of the server, and look for ways to alter the data stream that will result in information leakage or a system

Because as the red team is acting as the remote thus they cannot enter in the system but they can find the information from the leaked information using protocol analyzer with which they can check for the places where traffic is flowing and hence can penetrate into the system.

The second one would be incorrect because we need to penetrate into the system but sending the phishing emails would be the part of social engineering only which we don't want to do as the attacker as of now.

The third one would be incorrect because for the port scanner we need to be inside the network which is not the case here.

The Fourth one would be incorrect because we are penetrating into the system, not after aplying social engineering.

Hence option 1 is the correct answer.

Thanks

Answer 2

Answer C is correct for me

Conducting Discovery (source Comptia CYSA Study guide)
The technical work of the penetration test begins during the
discovery phase when attackers conduct reconnaissance and gather
as much information as possible about the targeted network,
systems, users, and applications. This may include conducting
reviews of publicly available material, performing port scans of
systems, using network vulnerability scanners and web application
testers to probe for vulnerabilities, and performing other
information gathering.

Answer 3

Because you are acting like remote attackers, and instructs the team to use black-box approach.. can not use a protocol analyzer(because you are remote).. or a port scanner(because you dont know any IP's - black-box).. answer is D:  Ask for more details reguarding the engagement using social engineering tactics in an attempt to get the organization to disclose more information about the network application to make attacks easier..