2.0 KiB
2.0 KiB
Pentesting
- Pentesting Execution Standard Authorized audit of security systems of computers and networks.
- Rules of Engagement -- Cheat Sheet and redteam.guide ROEs
- Permissions
- Engagement --> internal/external pentest or adversary emulation of APTs
- Scope --> networks, IPs, exfilration of data, which stage, downtime, DDoS
- Rules
- NDA
Campaign
-
Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines
-
Operations --> Operators, Known Information, Responsibilities
-
Mission --> Exact commands to run and execution time of the engagement
-
Remediation --> Report, Remediation consultation
Methodology
- Steps
- Reconnaissance
- Enumeration/Scanning
- Gaining Access
- Privilege Escalation
- Covering Tracks
- Reporting
Reconnaissance
- Duck / SearX / metacrawler / google
- Wikipedia
- Shodan.io
- PeopleFinder.com
- who.is
- sublist3r
- hunter.io
- builtwith.com
- wappalyzer
Enumeration
- nmap
- nikto
- gobuster
- dirbuster
- metasploit
- enum4linux / linpeas / winpeas / linenum
Exploitation
Post Exploitation
- Pivoting
Privilege Escalation
- Vertically or horizontally
Covering Tracks
Reporting
- Includes
- Vulnerabilities
- Criticality
- Description
- Countermeasures
- Finding summary
Frameworks
Testing Webapps
- Two methods
- Every Page and its functions one by one
- Test by stages
- Authorization
- Authentication
- Injection
- Client Side Controls
- Application Logic