killchain-compendium/README.md

KillChain Compendium - A Concise Security Handbook

The "KillChain Compendium" is a steadily growing, organized collection of in-depth resources, insights, and practical guidance, structured within the framework of the Kill Chain methodology. It serves as a comprehensive reference manual, offering knowledge and strategies for navigating the world of hacking, penetration testing, and cybersecurity. Whether you're an aspiring hacker, a seasoned security professional, or anyone seeking to delve into the intricacies of securing digital systems, the "KillChain Compendium" provides insights into each stage of the cyber kill chain while offering notes, actionable advice and real-world examples to bolster your knowledge and capabilities in this complex field.

Penetration Testing

Penetration testing, often referred to as pen testing, is a systematic and controlled process of evaluating the security of computer systems, networks, applications, and environments. The primary objective of penetration testing is to identify vulnerabilities and weaknesses that could potentially be exploited by malicious actors.

Pentetration Testing Standards

• Pentesting Execution Standard Authorized audit of security systems of computers and networks.
• Rules of Engagement -- Cheat Sheet and redteam.guide ROEs
  • Permissions
  • Engagement --> internal/external pentest or adversary emulation of APTs
  • Scope --> networks, IPs, exfilration of data, which stage, downtime, DDoS
  • Rules
• NDA

Pen Testi Campaign

• Checklist

• vectr.io

• Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines

• Operations --> Operators, Known Information, Responsibilities

• Mission --> Exact commands to run and execution time of the engagement

• Remediation --> Report, Remediation consultation

Methodology

• Steps
  • Reconnaissance
  • Enumeration/Scanning
  • Gaining Access
  • Privilege Escalation
  • Covering Tracks
  • Reporting

Reconnaissance

• Duck / SearX / metacrawler / google
• Wikipedia
• Shodan.io
• PeopleFinder.com
• who.is
• sublist3r
• hunter.io
• builtwith.com
• wappalyzer

Enumeration

• nmap
• nikto
• gobuster
• dirbuster
• metasploit
• enum4linux / linpeas / winpeas / linenum

Exploitation

Post Exploitation

• Pivoting

Privilege Escalation

• Vertically or horizontally

Covering Tracks

Reporting

• Includes
  • Vulnerabilities
  • Criticality
  • Description
  • Countermeasures
  • Finding summary

Frameworks

• OSSTMM3
• NIST
• CAF
• Atomic Red Team as a practical approach