1.2 KiB
1.2 KiB
Pentesting
- Pentesting Execution Standard Authorized audit of security systems of computers and networks.
- Rules of Engagement -- Cheat Sheet
- Permissions
- Scope
- Rules
Methodology
- Steps
- Reconnaissance
- Enumeration/Scanning
- Gaining Access
- Privilege Escalation
- Covering Tracks
- Reporting
Reconnaissance
- Duck / SearX / metacrawler / google
- Wikipedia
- Shodan.io
- PeopleFinder.com
- who.is
- sublist3r
- hunter.io
- builtwith.com
- wappalyzer
Enumeration
- nmap
- nikto
- gobuster
- dirbuster
- metasploit
- enum4linux / linpeas / winpeas / linenum
Exploitation
Post Exploitation
- Pivoting
Privilege Escalation
- Vertically or horizontally
Covering Tracks
Reporting
- Includes
- Vulnerabilities
- Criticality
- Description
- Countermeasures
- Finding summary