# Pentesting * [Pentesting Execution Standard](http://www.pentest-standard.org/index.php/Main_Page) Authorized audit of security systems of computers and networks. * [Rules of Engagement -- Cheat Sheet](https://sansorg.egnyte.com/dl/bF4I3yCcnt/?) and [redteam.guide ROEs](https://redteam.guide/docs/templates/roe_template/) * Permissions * Engagement --> internal/external pentest or adversary emulation of APTs * Scope --> networks, IPs, exfilration of data, which stage, downtime, DDoS * Rules * NDA ## Campaign * [Checklist](https://redteam.guide/docs/checklists/red-team-checklist/) * [vectr.io](https://vectr.io) * Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines * Operations --> Operators, Known Information, Responsibilities * Mission --> Exact commands to run and execution time of the engagement * Remediation --> Report, Remediation consultation ## Methodology * Steps * Reconnaissance * Enumeration/Scanning * Gaining Access * Privilege Escalation * Covering Tracks * Reporting ### Reconnaissance * Duck / SearX / metacrawler / google * Wikipedia * [Shodan.io](http://www.shodan.io) * PeopleFinder.com * who.is * sublist3r * hunter.io * builtwith.com * wappalyzer ### Enumeration * nmap * nikto * gobuster * dirbuster * metasploit * enum4linux / linpeas / winpeas / linenum ### Exploitation ### Post Exploitation * Pivoting #### Privilege Escalation * Vertically or horizontally #### Covering Tracks #### Reporting * Includes * Vulnerabilities * Criticality * Description * Countermeasures * Finding summary ## Frameworks * [OSSTMM3](https://www.isecom.org/OSSTMM.3.pdf) * [NIST](https://www.nist.gov/cyberframework) * [CAF](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance) * [Atomic Red Team](https://github.com/redcanaryco/atomic-red-team) as a practical approach