killchain-compendium/pentesting.md

# Pentesting
* [Pentesting Execution Standard](http://www.pentest-standard.org/index.php/Main_Page)
Authorized audit of security systems of computers and networks.
* [Rules of Engagement -- Cheat Sheet](https://sansorg.egnyte.com/dl/bF4I3yCcnt/?) and [redteam.guide ROEs](https://redteam.guide/docs/templates/roe_template/)
    * Permissions
    * Engagement --> internal/external pentest or adversary emulation of APTs
    * Scope --> networks, IPs, exfilration of data, which stage, downtime, DDoS
    * Rules
* NDA

## Campaign
* [Checklist](https://redteam.guide/docs/checklists/red-team-checklist/)
* [vectr.io](https://vectr.io)

* Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines
* Operations --> Operators, Known Information, Responsibilities
* Mission --> Exact commands to run and execution time of the engagement
* Remediation --> Report, Remediation consultation

## Methodology

* Steps
    * Reconnaissance
    * Enumeration/Scanning
    * Gaining Access
    * Privilege Escalation
    * Covering Tracks
    * Reporting

### Reconnaissance
* Duck / SearX / metacrawler / google
* Wikipedia
* [Shodan.io](http://www.shodan.io)
* PeopleFinder.com
* who.is
* sublist3r
* hunter.io
* builtwith.com
* wappalyzer

### Enumeration
* nmap
* nikto
* gobuster
* dirbuster
* metasploit
* enum4linux / linpeas / winpeas / linenum

### Exploitation

### Post Exploitation
* Pivoting
#### Privilege Escalation
* Vertically or horizontally

#### Covering Tracks

#### Reporting
* Includes
    * Vulnerabilities
    * Criticality
    * Description
    * Countermeasures 
    * Finding summary

## Frameworks
* [OSSTMM3](https://www.isecom.org/OSSTMM.3.pdf)
* [NIST](https://www.nist.gov/cyberframework)
* [CAF](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance)

## Testing Webapps

* Two methods
1. Every Page and its functions one by one
2. Test by stages 
    * Authorization
    * Authentication
    * Injection
    * Client Side Controls
    * Application Logic
bump 2021-09-11 02:55:17 +02:00			`# Pentesting`
bump 2021-09-27 00:48:14 +02:00			`* [Pentesting Execution Standard](http://www.pentest-standard.org/index.php/Main_Page)`
bump 2021-09-11 02:55:17 +02:00			`Authorized audit of security systems of computers and networks.`
bump 2022-02-23 23:55:12 +01:00			`* [Rules of Engagement -- Cheat Sheet](https://sansorg.egnyte.com/dl/bF4I3yCcnt/?) and [redteam.guide ROEs](https://redteam.guide/docs/templates/roe_template/)`
bump 2021-09-11 02:55:17 +02:00			`* Permissions`
bump 2022-02-23 23:55:12 +01:00			`* Engagement --> internal/external pentest or adversary emulation of APTs`
			`* Scope --> networks, IPs, exfilration of data, which stage, downtime, DDoS`
bump 2021-09-11 02:55:17 +02:00			`* Rules`
bump 2022-02-23 23:55:12 +01:00			`* NDA`

			`## Campaign`
			`* [Checklist](https://redteam.guide/docs/checklists/red-team-checklist/)`
			`* [vectr.io](https://vectr.io)`

			`* Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines`
			`* Operations --> Operators, Known Information, Responsibilities`
			`* Mission --> Exact commands to run and execution time of the engagement`
			`* Remediation --> Report, Remediation consultation`
bump 2021-09-11 02:55:17 +02:00
			`## Methodology`
second commit 2021-08-23 01:13:54 +02:00
			`* Steps`
			`* Reconnaissance`
			`* Enumeration/Scanning`
			`* Gaining Access`
			`* Privilege Escalation`
			`* Covering Tracks`
			`* Reporting`

bump 2021-09-11 02:55:17 +02:00			`### Reconnaissance`
second commit 2021-08-23 01:13:54 +02:00			`* Duck / SearX / metacrawler / google`
			`* Wikipedia`
			`* [Shodan.io](http://www.shodan.io)`
			`* PeopleFinder.com`
			`* who.is`
			`* sublist3r`
			`* hunter.io`
			`* builtwith.com`
			`* wappalyzer`

bump 2021-09-11 02:55:17 +02:00			`### Enumeration`
second commit 2021-08-23 01:13:54 +02:00			`* nmap`
			`* nikto`
			`* gobuster`
			`* dirbuster`
			`* metasploit`
			`* enum4linux / linpeas / winpeas / linenum`

bump 2021-09-11 02:55:17 +02:00			`### Exploitation`
second commit 2021-08-23 01:13:54 +02:00
bump 2021-09-11 02:55:17 +02:00			`### Post Exploitation`
			`* Pivoting`
			`#### Privilege Escalation`
			`* Vertically or horizontally`
second commit 2021-08-23 01:13:54 +02:00
bump 2021-09-11 02:55:17 +02:00			`#### Covering Tracks`
second commit 2021-08-23 01:13:54 +02:00
bump 2021-09-11 02:55:17 +02:00			`#### Reporting`
second commit 2021-08-23 01:13:54 +02:00			`* Includes`
			`* Vulnerabilities`
			`* Criticality`
			`* Description`
			`* Countermeasures`
			`* Finding summary`
bump 2021-09-11 02:55:17 +02:00
			`## Frameworks`
			`* [OSSTMM3](https://www.isecom.org/OSSTMM.3.pdf)`
			`* [NIST](https://www.nist.gov/cyberframework)`
			`* [CAF](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance)`
added password stuff 2021-11-18 18:05:21 +01:00
			`## Testing Webapps`

			`* Two methods`
			`1. Every Page and its functions one by one`
			`2. Test by stages`
			`* Authorization`
			`* Authentication`
			`* Injection`
			`* Client Side Controls`
			`* Application Logic`