PenTest
PT0-002
Last updated
PT0-002
Last updated
The CompTIA PenTest+ certification verifies that the successful candidate has the knowledge and skills required to:
Plan and scope a penetration testing engagement
Understand legal and compliance requirements
Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
Produce a written report containing proposed remediation techniques, effectively communicate results to the management team, and provide practical recommendations
1.0 Planning and Scoping
14%
2.0 Information Gathering and Vulnerability Scanning
22%
3.0 Attacks and Exploits
30%
4.0 Reporting and Communication
18%
5.0 Tools and Code Analysis
16%
Planning and Scoping
Reconnaissance
Scanning
Enumeration
Attack
Exploitation
Reporting
Communication
Engagement: A singular penetration testing project planned and scoped by the requesting client and the performing analysts
Penetration Tester: An authorized threat actor who tries to identify the ways an unauthorized intruder could damage a network
Risk: The probability tat a threat will be realized - Cybersecurity analyst minimizes vulnerabilities - Penetration tester finds and exploits vulnerabilities
Inherent Risk: Occurs when risk is identified but no mitigation
Residual Risk: Occurs after applying mitigations and controls
Risk Exception: Created risk due to exemption or failure to comply
Vulnerability: Any weakness in the system design or implementation
Threat: Anything that could cause harm, loss, damage, or compromise
Risk Management: Finds ways to minimize the likelihood of a certain outcome from occurring and to achieve the desired outcomes
Avoidance: Stops a risky activity or chooses less risky alternative
Transfer: Passes risk to third party
Mitigation: Minimizes risk to an acceptable level
Acceptance: Accepts current level of risk
Risk Appetite: The amount of risk an organization is willing to accept in pursuit of its objective, also called risk attitude/risk tolerance
Control Categories:
Compensative: Used in place of a primary access control to mitigate
Corrective: Reduces the effect of an undesirable event i.e. antivirus
Detective: Detects an ongoing attack and notifies personnel i.e. alarms
Deterrent: Discourages any violation of security policies i.e. cameras
Directive: Forces compliance with security policy i.e. AUP
Preventive: Prevents or stops an attack i.e. IPS
Recovery: Recovers a device after an attack i.e. Disaster Recovery Plan
Methodology: A system of methods used in a particular area of study - Pentest: The systematic approach a penetration tester uses before, during, and after an engagement or assessment
NIST Special Publication 800-115: Technical guide to information security testing and assessment
Adversary Emulation: Mimics the tactics, techniques, and procedures of a real-world threat actor in a penetration test
MITRE ATT&CK Framework: A knowledge base that is maintained by the MITRE Corporation for the listing and explaining common adversary tactics and techniques observed in the real world
Open Web Application Security Project (OWASP): Provides community-led software projects, education, and training, and has become the source for securing the web
OWASP Web Security Testing Guide: A comprehensive guide to testing the security of web applications and web services
OWASP Top 10: A standard awareness document for developers and web application security
Open-Source Security Testing Methodology Manual (OSSTMM): Provides a methodology for a thorough security test, open-source and free to use
Information Systems Security Assessment Framework (ISSAF): A comprehensive guide when conducting a penetration test that links individual penetration testing steps with the relevant penetration testing tools (OISSG)
Penetration Testing Execution Standard (PTES): Developed to cover everything related to a penetration test
Pre-engagement Interactions
Intelligence Gathering
Threat Modeling
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
Written Permission: Prevents a penetration tester from going to prison
Statement of Work (SOW): A formal document that details the tasks to be performed during an engagement, contains list of deliverables
Master Service Agreement (MSA): A specialized type of contract that is used to govern future transactions and agreements
Service Level Agreement (SLA): A commitment between a service provider and a client, commonly used for security as a service type of products
Non-Disclosure Agreement (NDA): A legal document that stipulates that the parties will not share confidential information, knowledge, or materials with unauthorized third parties
Confidentiality: The practice of keeping sensitive information private
Health Insurance Portability and Accountability Act (HIPAA): Affects healthcare providers, facilities, insurance companies, and medical data
Health Care and Education Reconciliation Act of 2010: Affects both healthcare and educational organization
Sarbanes-Oxley (SOX): Affects publicly traded U.S. corporations
Gramm-Leach-Bliley Act of 1999 (GLBA): Affects banks, mortgage companies, loan offices, insurance companies, investment companies, and credit card providers
Federal Information Security Management Act of 2002 (FISMA): Affects federal agencies, replaced and strengthened the Computer Security Act
Family Educational Rights and Privacy Act (FERPA): Protects student education records
Economic Espionage Act of 1996: Affects organizations with trade secrets and anyone who tries to use encryption for criminal activities
Children's Online Privacy Protection Act (COPPA): Imposes certain requirements on websites owner and websites directed to 13 years and younger
General Data Protection Regulation (GDPR): Requirements on how consumer data of European and Britain territories must be protected
Payment Card Industry Data Security Standard (PCI-DSS): Agreement that any organization which uses credit card information must abide by
Security Level 1: More than 6M annual transactions
Security Level 2: 1-6M annual transactions
Security Level 3: 20K to 1M annual transactions
Security Level 4: Less than 20K annual transactions
Qualified Security Assessor (QSA): Designation for authorized independent security organization that are certified to the PCI-DSS standards
Report on Compliance (ROC): Details an organization's security posture, environment, systems, and protection of cardholder data
Since penetration testing is effectively hacking, knowing the laws are important:
Section 1029: Focused on fraud and relevant activity with access devices
Section 1030: Fraud and related activity with computers
Written Permission: Secures permission from target organization
Terminate immediately upon discovering real attack or out of scope
Application Programming Interface (API): A type of software intermediary that allows two applications to talk to each other
Adversary Emulation: A specialized type of penetration testing that involves trying to mimic the tactics, techniques, and procedures of a real threat actor
Threat Actor: Generic term for unauthorized hackers
Script Kiddie: Least skilled, uses freely available tools
Insider Threat: People who have authorized access to an organization
Prevention involves data loss prevention, internal defenses, and SIEM
Competitor: A rogue business that attempts to conduct cyber espionage
Organized Crime: Focused on hacking and fraud for financial gain
Often well-funded and can use sophisticated tools
Hacktivist: A politically motivated hacker who targets governments, corporations, and individuals to advance ideologies or agendas
Nation-State/Advanced Persistent Threat (APT): Group of attackers with exceptional capabilities, funding, and an intent to hack a network
Conducts highly convert attacks over long periods of time
False flag attack used to implicate other nation states
Internal Target: Inside the organization's firewall and requires testers to be on-site, gain access through VPN, or exploit a user's internal computer
External Target: Can be accessed directly from the Internet
First-party and Third-party Hosted Assets: Must be informed if allowed to attack first-party hosted servers only or also assets hosted by a third-party
Scope Creep: Occurs when a client starts asking for more services than what is listed in the statement of work
Wassenaar Arrangement: Outlaws the exportation of a technology that can be used both in a regular commercial setting and as a weapon
Rules of Engagement (ROE): The ground rules that both the organization and penetration tester must abide by - Contains timeline, locations, time restrictions, transparency, boundaries
Assessment Types:
Goal-Based Assessment: Specific goal
Objective-Based Assessment: Tester seeks to ensure that the information remains secure, more like a real attack
Compliance-Based Assessment: Tests the proper following of policies
Premerger Assessment: Before two companies merge with each other
Supply Chain Assessment: Assessment that occurs when a company requires its suppliers to ensure they meet cybersecurity requirements
Red Team Assessment: Executed by internal penetration testers
Unknown Environment: An assessment where the penetration tester has no prior knowledge of the target or their network
Partially-Known Environment: Most common type of assessment which entails partial knowledge of target and its information systems
Known Environment: Given all the details about the organization, network, systems, and the underlying infrastructure
Contractual Documents can include:
Statement of Work (SoW): Project requirements
Master Service Agreement (MSA): Fundamental agreements between parties, basic terms at the outset of a business relationship
Service-Level Agreement (SLA): Expectations between service and client
Non-Disclosure Agreement (NDA): Establishes a confidential relationship
Computer Emergency Response Team (CERT): Maintained by the United States federal government and lists vulnerabilities they have identified in the wild
National Vulnerability Database (NVD): Provided by the National Institute for Standards and Technology which displays latest vulnerabilities and assigns CVE's
Common Vulnerabilities and Exposures (CVE): Common database used worldwide that references known vulnerabilities
Common Weakness Enumeration (CWE): A community developed list of the different types of software weaknesses and the details of those weaknesses
Passive Recon: Attempts to gain information about targeted computers and networks without actively engaging with those systems
Online research
Social Engineering
Dumpster diving
Email harvesting
Open-Source Intelligence (OSINT): The collection and analysis of data gathered from publicly available sources to produce actionable intelligence
Includes social media, blogs, newspapers, government records, academic publications, job listings, metadata, website information, etc.
Social media scraping (LinkedIn, Monster, Indeed, ZipRecruiter, Glassdoor)
Open-source tools collect from websites, "Whois" databases, and DNS servers:
Metagoofil: A Linux based tool that can search the metadata associated with public documents on a target's website
Fingerprinting Organizations with Collected Archives (FOCA): Used to find metadata and hidden info in collected documents from an organization
The Harvester: A program for gathering emails, subdomains, hosts, employee names, email addresses, PGP key entries, open ports, and banners
Recon-ng: Cross-platform web reconnaissance framework using modules
Shodan: A website search engine for web cameras, routers, servers, and other devices that are considered part of the IoT
Censys: A website search engine used for finding hosts and networks across the Internet with data about their configuration
Maltego: Commercial software used for conducting open-source intelligence that visually helps connect found relationships and automates querying
Name Server Lookup (nslookup): Cross-platform tool used to query the DNS to provide the mapping between domain names and IP addresses
Whois: A command line tool on Linux, which is also a website, that is a query and response protocol for Internet resources
Google Hacking is an open-source intelligence technique that uses Google search operators to locate vulnerable web servers and applications
URL Modifier [pws]: Set to 0 to turn off personalization
URL Modifier [filter]: Set to 0 to turn off filters
URL Modifier [tbs]: Used to affect time frame of container of search
Google Hacking Database (GHDB): Database of search strings optimized for locating vulnerable websites and services
HTTP Response Codes
200
Indicates successful GET or POST request
201
Indicates where a PUT request has succeeded
3XX
Indicates that a redirect has happened
4XX
Indicates an error in the client request
5XX
Indicates an error in the server
400 Codes:
400: Request could not be parsed by server
401: Request did not supply authentication credentials
403: Request did not have sufficient permissions
404: Request is for a non-existent resource
500 Codes:
500: Indicates a general error on server-side of application
502: Indicates a bad gateway has occured
503: Indicates an overloading of the service causing unavailability
504: Indicates a gateway timeout
Percent Encoding:
Subject Alternative Name (SAN) Field: Allows the use of digital certificates with other domains in addition to the main domain
Certificate Revocation List (CRL): An online list of digital certificates revoked by the certificate authority
Online Certificate Status Protocol (OCSP): Determines the revocation status of a digital certificate using its serial number
Certificate Pinning: A method of trusting digital certificates that bypass the CA hierarchy and chain of trust, allows to resist impersonation attacks
Certificate Stapling: Allows a web server to perform certificate status check, eliminates need for additional connection at time of the request
HTTP Strict Transport Security (HSTS): Allows a web server to notify web browsers to only request using HTTPS
Scanning: Actively connecting to a system and getting a response to identify hosts, open ports, services, users, domain names, and URLs
Discovery scans use (1) ping scan to identify what hosts are online and (2) port scan to identify the ports on those hosts
Enumeration digs deep into target systems and links identified components to known vulnerabilities
Nmap (CLI) / Zenmap (GUI) features numerous scanning techniques including ping scans, quick scans, and intense scans
Fingerprinting: The identification of an operating system, a service, or a specific software version that is in use by a host, system, or network
Banner Grabbing: Using a program like "netcat", "wget", or "telnet" to connect to a given port that is running a service
WINDOWS CMDS
net: A suite of tools that can be used to perform operations on groups, users, account policies, network shares, and more
net user: Lists all the user on a machine
net groups: Lists the groups on a machine
arp: Used when enumerating a Windows hosts, provides a list of all the other machine's MAC addresses that the host has communicated with
ipconfig: Determines the IP address of the machine in use, tag /displaydns will display any DNS names that have recently been resolved
PS > Get-NetDomain: Lists the current logged in user's domain
PS > Get-NetLoggedon: Lists all users who are logged into a computer
PS > GetNetGroupMember: Lists the domain members belonging to a group
BASH CMDS
finger: Used to view a user's home directory, their login, and idle time
uname -a: Shows the OS's name, version, and details
env: Gives a list of all the environment variables
Website Crawling (Forced Browsing): The process of systematically attempting to find every page on a given website - robots.txt used to tell crawlers which paths are allowed and which should be ignored, should enable directory permissions with robots.txt
Web Scraping/Harvesting/Data Extraction: A technique used for extracting data from websites performed using automation or through manual work
Custom Word List Generator (CeWL): A ruby app that can crawl a URL up to a specified depth and return a list of words for use with a password cracker
Load Balancer: A core networking solution that distributes traffic across multiple servers inside a server farm - can throw off scan results with false reports
Firewall: A type of network security device that monitors and filters traffic
Relies on a set of rules known as an access control list (ACL)
traceroute can detect if firewall is being used
Firewalk: Tool that tries to determine protocols that can bypass a firewall
Web Application Firewall (WAF): Utilizes specific rule sets to prevent common attacks against web applications, such as cross-site scripting and SQL injections
Antivirus: Software used to prevent, scan, detect, and delete viruses or malware
Bypass methods can include (1) metamorphic virus, (2) signature obfuscation, (3) fileless malware, (4) encryption
Pack Crafting: A technique that allows for the generation of a network packet - can be done with command line, GUI tools, or scripting such as Scapy
Hping (Command Line): An open source spoofing tool that provides the ability to craft network packets to exploit vulnerable firewalls and IDS/IPS
hping3 -S -p80 -c1 $IP: Send 1 SYN packet to port 80
hping3 -A -p80 -c1 $IP: Send 1 ACK packet to port 80
Scapy: Powerful, interactive packet manipulation tool for Python - packet generator, network scanner, network discovery, packet sniffer
Eavesdropping: Act of secretly listening to a private conversation without consent
Packet Sniffing: Involves capturing all the data packets sent over a network
Wireshark: A graphical user interface used to capture packets, analyze those packets, and identify desired information if it was unencrypted when sent
tcpdump: Command line tool used to analyze network traffic
Protocol Analyzer: Specialized type of software that collects raw packets from the network, can help or disprove statements made by administrators
Packet capture is easier on wireless networks since they operate like a hub
Flow Analysis: Identifies which resources and servers are communicating with which type of devices or locations
Wardriving: Driving near a facility to detect vulnerable wireless networking
Warwalking can also be used on campuses and outside buildings
Wigle.net: Maps and indexes all open access points
Unknown (Zero-Day) Vulnerability: Any unpublished vulnerability somebody has discovered and has not yet made known to the manufacturer
Vulnerability Scanning: A specialized type of automated scan for hosts, systems, and networks to determine the vulnerabilities that exist on a system
Discovery Scan > Least intrusive like ping sweep
Full Scan > Easily detected by network defenders
Stealth Scan > Conducted with SYN packets and analyzing responses
Compliance Scan > To identify vulns that may affect compliance (PCI-DSS)
Types of Scanners:
Nmap: CLI tool for mapping out the network, finding open ports, running services, and the basic versioning of each service - Nmap Scripting Engine (NSE) used to conduct basic vulnerability scanning
Nessus: Proprietary scanner used to scan target networks and then create a report of vulnerabilities, missing patches, and misconfigurations
Nexpose: A vulnerability scanner by Rapid7
QualysGuard: A commercially available scanner
OpenVAS: An open source vulnerability scanner
Nikto: Can assess custom web applications that a company may have coded
Query Throttling: Reduces the number of queries launched by the scanner
Discovery Switches:
List Scan (-sL): Lists the IP addresses from the supplied target range and perform a reverse-DNS query to discover hostnames
TCP SYN ping (-PS $PORTLIST): Probes ports using a TCP SYN packet instead of an ICMP packet to conduct ping
Sparse Scanning (--scan-delay $TIME): Issues probes with significant delays to become stealthier and avoid detection
Scan Timing (-Tn): Issues probes with using a timing pattern with n being the pattern to utilize (0 is slowest and 5 is fastest while 3 is the default)
TCP Idle Scan (-sl): Makes it appear that another machine (zombie) started the scan to hide identity of the scanning machine
Output Switches:
Normal (-oN) to file
XML (-oX) to file
Grepable (-oG) to file
Port Scan Switches:
TCP SYN (-sS): Half-open scan by sending a SYN packet to identify the port state without sending an ACK packet afterwards
TCP Connect (-sT): 3-way handshake scan by sending a SYN packet to identify port state, and then an ACK packet on receive of a SYN-ACK
Null Scan (-sN): Scans by sending a packet with a 0 header bit
FIN Scan (-sF): Scans by sending an unexpected FIN packet
Xmas Scan (-sX): Scans with packet with active FIN, PSH, and URG flags
UDP Scan (-sU): Sends UDP packets to target for a response or timeout
Port Range (-p): Range of ports (default is 1000 most used ports)
Nmap Fingerprinting: A technique to get a list of resources on the network, host, or system as a whole to identify potential targets for further attack
Version Detection (-sV): Enables version detection
OS Detection (-O): Enables OS detection
Nmap Scripting Engine (NSE): Library of scripts written in Lua that can be used to carry out detailed probes such as platform enumeration, Windows user account discovery, basic vulnerability detection, geolocation to traceroute probes, etc.
Social Engineering: Any attempt to manipulate users to reveal confidential information or perform actions detrimental to a system's security
Authority: People are more willing to comply with a request when they think it is coming from someone in authority - use of recognizable brand names
Urgency: People are usually in a rush these days and urgency takes advantage
Social Proof: People are more likely to click on a link through social media or based on seeing others have already clicked on it
Scarcity: Technique that relies on the fear of missing out on a good deal that is offered in limited quantities or a limited time
Likeness: Attacker finds common ground and shared interests
Fear: The use of threats or demands to intimidate someone into helping
Phishing: A social engineering attack where the malicious actor communicates with the victim from a supposedly reputable source to lure the victim
Spearphishing: Uses more targeted version, often used during penetration tests
Whaling: Focused on key executives within an organization or other key leaders
Smishing: Occurs when the phishing is done through text messaging
Vishing: Occurs when phishing is done through voice functions of a telephone
Business Email Compromise (BEC): Occurs when an attacker takes over a high level executive's email account and orders employees to conduct tasks
Pharming: Tricks users by redirecting a victim to a malicious website
USB Drop Key: Using human curiosity to bait rubber duckies, specialized type of software that is installed on a USB drive and runs commands once plugged in
Watering Hole Attack: Malware is placed on a website that will be visited by targets
Typosquatting / URL Hijacking: A social engineering attack that deliberately uses misspelled domains for malicious purposes and is often used with watering holes
Impersonation: The act of pretending to be someone else in order to gain access
Elicitation: The ability to draw, bring forth, evoke, or induce information from a victim
Physical Attacks:
Tailgating: Entering a secure location by following an authorized person into an area without their consent or knowledge
Piggybacking: Occurs when an attacker attempts to enter a restricted area by following an authorized employee with their consent or knowledge
Shoulder Surfing: Occurs when an attacker attempts to observe a target's behavior without them knowing
Eavesdropping: Listening to conversations without being detected
Dumpster Diving: Attacker searches inside trash for confidential information
Badge Cloning: Act of copying authentication data from an authorized user's badge - easiest way is to clone RFID or NFC tags with proximity devices
Social Engineering Toolkit (SET): A Python-based collection of tools and scripts that are used to conduct social engineering during a penetration test
Browser Exploitation Framework (BeEF): Used to assess security posture of a target using cross-site attack vectors, great for testing browsers and associated web servers
Call Spoofing: Hide identity and conduct impersonation attack through voice calls
Wireless networks are inherently less secure than a wired network
Pre-Shared Key: Used when the access point and the client need to use the same encryption key to encrypt and decrypt the data
Wired Equivalent Privacy (WEP): Original 802.11 wireless security standard, designed to use static 40-bit pre-shared encryption key with RC4 encryption cipher - Weakness is 24-bit Initialization Vector (IV)
Method: (1) Monitor (2) Capture (3) Deauthenticate (4) Crack
Airomon-NG: Used to monitor wireless frequencies to identify access points
Airodump-NG: Used to capture network traffic and save it to a PCAP file
Wi-Fi Protected Access (WPA): Replacement for WEP which uses TKIP, Message Integrity Check (MIC), and RC4 encryption, replaced by WPA2
Wi-Fi Protected Access Version 2 (WPA2): 802.11i standard that provides better wireless security featuring AES with a 128 bit key, CCMP, and integrity checking - Can be operated in either personal or enterprise mode
Method: (1) Promiscuous Mode (2) Discover WPA/WPA2 (3) Capture traffic (3) Deauthetication to generate handshakes (4) Dictionary attack for PSK
Airomon-NG: Places network adapter into monitor or promiscuous mode
Airodump-NG: Used to identify transceivers, capture traffic, and save to PCAP
Aireplay-NG: Used to conduct deauthentication
Airocrack-NG: Used to conduct protocol and password cracking
Wi-Fi Protected Access Version 3 (WPA3): Designed to strengthen flaws and weakness that can be exploited in WPA2 - WPA3 Enterprise > 256 bit AES with SHA-384 - WPA3 Personal > 128 bit AES with CCMP - Best improvement is removal of Pre-Shared Key (PSK) exchange
Simultaneous Authentication of Equals (SAE): Uses a secure password-based authentication and a password authenticated, key agreement methodology
Perfect Forward Secrecy: Feature of key agreement protocol that provides assurance that session keys will not be compromised even if long-term secrets are compromised
AP and the client use a public key system to generate a pair of long term keys
AP and the client exchange a one time use session key
AP sends client messages and encrypts them using the session key
Client decrypts them using the one time use session key
Process repeats for each message being sent, starting at [step 2]
Wi-Fi Protected Setup (WPS): Designed to make setting up new wireless devices easier for consumers and end users, relies on an 8-digit PIN code for authentication - Vulnerable to attacks and should be disabled
WPS Pin Attack: Uses brute force to guess 2 sections of 10^4 options or ~10K unique PINs, WPS is enabled by default in many environments
MAC Filtering: Defines a list of devices and only allows those on your Wi-Fi network
Promiscuous Mode: A type of computer networking operational mode in which all data packets can be accessed and viewed by all network adapters
Deauthentication: Used to boot a victim wireless client off an access point to force reauthentication, used in conjecture with other attacks like replay attacks
Aireplay-ng: Most common tool for deauthentication attack
Jamming: Disrupts a Wi-Fi signal by broadcasting on the same frequency as the target access point to block signals that a wireless transceiver attempts
Wi-FI Jammer: A Python script capable of disrupting wireless signals in an area
Evil Twin: A fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications
Karma Attack: Exploits the behavior of Wi-Fi devices due to a lack of access point authentication protocols being implemented
Preferred Network List (PNL): List of the SSIDs of access points the device has previously connected to and will automatically connect to when they're in range
Captive Portal: A web page that the use of a public access network is obliged to view and interact with before access is granted
ESPortalV2: Sets up a captive portal and redirect all Wi-Fi devices that connect
Wifiphisher: Sets up a regular evil twin without a captive portal
Wi-Fi Pineapple: Used to automate Wi-Fi auditing and create vuln reports
On-Path Attack (Man-in-the-Middle Attack): Occurs when an attacker puts themself between the victim and the intended destination
Relay Attack: Captures, modifies, and sends data i.e. evil twin attack
Extensible Authentication Protocol (EAP): Creates an encrypted tunnel between the supplicant and the authentication server
Bluetooth Attacks:
Bluejacking: Sending unsolicited messages to a Bluetooth device
Bluesnarfing: Making an unauthorized access to a device via Bluetooth, aims to read sensitive data from a victim device
BlueBorne: Allows the attacker to gain control over a device without connecting
Bluetooth Low Energy (BLE): Bluetooth variation that uses less energy and communicates wirelessly over shorter distances, popular in IOT devices
Bluetooth Tools:
HCICONFIG: Configures Bluetooth interface
HCITOOL: Scans and discovers devices in range
BLEAH: Enumerates Bluetooth devices
GATTTOOL/BETTERCAP/BLUEPY: Interacts and communicates with Bluetooth
Spooftooph: Automates the spoofing or cloning of a Bluetooth device's name, class, and address
Radio Frequency Identification (RFID): A form of radio frequency transmission for use in authentication systems, using a tag and a reader, newer have encryption
Near Field Communication (NFC): Uses radio frequency to send electromagnetic charge containing the transaction data over a short distance
[81]
