2022-08-19 20:28:40 +02:00
# Pentesting
* [Pentesting Execution Standard ](http://www.pentest-standard.org/index.php/Main_Page )
Authorized audit of security systems of computers and networks.
* [Rules of Engagement -- Cheat Sheet ](https://sansorg.egnyte.com/dl/bF4I3yCcnt/? ) and [redteam.guide ROEs ](https://redteam.guide/docs/templates/roe_template/ )
* Permissions
* Engagement --> internal/external pentest or adversary emulation of APTs
* Scope --> networks, IPs, exfilration of data, which stage, downtime, DDoS
* Rules
* NDA
## Campaign
* [Checklist ](https://redteam.guide/docs/checklists/red-team-checklist/ )
* [vectr.io ](https://vectr.io )
* Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines
* Operations --> Operators, Known Information, Responsibilities
* Mission --> Exact commands to run and execution time of the engagement
* Remediation --> Report, Remediation consultation
## Methodology
* Steps
* Reconnaissance
* Enumeration/Scanning
* Gaining Access
* Privilege Escalation
* Covering Tracks
* Reporting
### Reconnaissance
* Duck / SearX / metacrawler / google
* Wikipedia
* [Shodan.io ](http://www.shodan.io )
* PeopleFinder.com
* who.is
* sublist3r
* hunter.io
* builtwith.com
* wappalyzer
### Enumeration
* nmap
* nikto
* gobuster
* dirbuster
* metasploit
* enum4linux / linpeas / winpeas / linenum
### Exploitation
### Post Exploitation
* Pivoting
#### Privilege Escalation
* Vertically or horizontally
#### Covering Tracks
#### Reporting
* Includes
* Vulnerabilities
* Criticality
* Description
* Countermeasures
* Finding summary
## Frameworks
* [OSSTMM3 ](https://www.isecom.org/OSSTMM.3.pdf )
* [NIST ](https://www.nist.gov/cyberframework )
* [CAF ](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance )
## Testing Webapps
* Two methods
1. Every Page and its functions one by one
2. Test by stages
* Authorization
* Authentication
* Injection
* Client Side Controls
* Application Logic