An Approach to Ethical Hacking

12345678910111213141516171819202122
Across
  1. 1. A penetration testing approach that uses partial knowledge of the hospital's systems to simulate an insider threat.
  2. 3. The comprehensive framework consisting of seven phases used for conducting penetration testing.
  3. 5. A security flaw, unpatched software, or weakness in the system that could be exploited by a hacker.
  4. 7. An advanced search engine technique used to find exposed sensitive files or login portals.
  5. 8. Malicious software or implants that might be deployed by an adversary as a method of exploitation.
  6. 11. An external individual who might attempt to exploit vulnerabilities to breach the system.
  7. 12. The acronym for intelligence gathered from publicly available external sources like social media and official records.
  8. 13. Defined in the pre-engagement phase to set the boundaries and limits of the testing to avoid operational disruption.
  9. 16. Post-exploitation might involve the escalation of this to increase user access rights within the network.
  10. 20. Proper permission that must be obtained before conducting any form of penetration testing to remain ethical.
  11. 21. Analyzing traces left by the exploitation process, such as system logs or system configuration changes.
  12. 22. A penetration testing approach that performs an in-depth analysis with full knowledge of the IT infrastructure.
Down
  1. 2. The fifth phase of the PTES process where an attempt is made to actively breach the system.
  2. 4. The technology that many medical devices at the hospital rely on to connect to the network.
  3. 6. A penetration testing approach that simulates an attack from an uninformed external hacker with no prior knowledge.
  4. 9. Electronic records containing sensitive patient information, identified as a critical asset cybercriminals might seek.
  5. 10. Network mapping tools are used to identify this, which includes understanding internal and external servers and firewalls.
  6. 14. Potential adversaries who might target the hospital seeking valuable data.
  7. 15. A social engineering reconnaissance technique used to gather information from employees, often alongside voice phishing.
  8. 17. A social engineering reconnaissance technique also known as voice phishing.
  9. 18. Establishing this allows hackers to maintain long-term access to the network after an initial breach.
  10. 19. The abbreviation for the medical hospital where the cybersecurity penetration testing is taking place.