KillChain Compendium: PenTest & Security Handbook
Go to file
whackx 74e0c3e76a added Macro exploit 2023-08-04 22:42:09 +02:00
Cryptography
Enumeration linting 2023-07-30 23:58:48 +02:00
Exfiltration Clean up 2023-07-22 22:14:02 +02:00
Exploits added Macro exploit 2023-08-04 22:42:09 +02:00
Forensics
Miscellaneous fixed url 2023-07-25 22:09:46 +02:00
Open Source Intelligence some additions 2023-07-18 21:47:40 +02:00
Persistence clean up 2023-07-22 22:05:04 +02:00
Post Exploitation some additions 2023-07-18 21:47:40 +02:00
Reverse Engineering
Reverse Shells
Steganography
README.md Clean up 2023-07-22 22:14:02 +02:00

README.md

Pentesting

Campaign

  • Checklist

  • vectr.io

  • Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines

  • Operations --> Operators, Known Information, Responsibilities

  • Mission --> Exact commands to run and execution time of the engagement

  • Remediation --> Report, Remediation consultation

Methodology

  • Steps
    • Reconnaissance
    • Enumeration/Scanning
    • Gaining Access
    • Privilege Escalation
    • Covering Tracks
    • Reporting

Reconnaissance

  • Duck / SearX / metacrawler / google
  • Wikipedia
  • Shodan.io
  • PeopleFinder.com
  • who.is
  • sublist3r
  • hunter.io
  • builtwith.com
  • wappalyzer

Enumeration

  • nmap
  • nikto
  • gobuster
  • dirbuster
  • metasploit
  • enum4linux / linpeas / winpeas / linenum

Exploitation

Post Exploitation

  • Pivoting

Privilege Escalation

  • Vertically or horizontally

Covering Tracks

Reporting

  • Includes
    • Vulnerabilities
    • Criticality
    • Description
    • Countermeasures
    • Finding summary

Frameworks