Pentesting

• Pentesting Execution Standard Authorized audit of security systems of computers and networks.
• Rules of Engagement -- Cheat Sheet and redteam.guide ROEs
  • Permissions
  • Engagement --> internal/external pentest or adversary emulation of APTs
  • Scope --> networks, IPs, exfilration of data, which stage, downtime, DDoS
  • Rules
• NDA

Campaign

• Checklist

• vectr.io

• Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines

• Operations --> Operators, Known Information, Responsibilities

• Mission --> Exact commands to run and execution time of the engagement

• Remediation --> Report, Remediation consultation

Methodology

• Steps
  • Reconnaissance
  • Enumeration/Scanning
  • Gaining Access
  • Privilege Escalation
  • Covering Tracks
  • Reporting

Reconnaissance

• Duck / SearX / metacrawler / google
• Wikipedia
• Shodan.io
• PeopleFinder.com
• who.is
• sublist3r
• hunter.io
• builtwith.com
• wappalyzer

Enumeration

• nmap
• nikto
• gobuster
• dirbuster
• metasploit
• enum4linux / linpeas / winpeas / linenum

Exploitation

Post Exploitation

• Pivoting

Privilege Escalation

• Vertically or horizontally

Covering Tracks

Reporting

• Includes
  • Vulnerabilities
  • Criticality
  • Description
  • Countermeasures
  • Finding summary

Frameworks

• OSSTMM3
• NIST
• CAF
• Atomic Red Team as a practical approach