====== PenTest Methodology ======

===== Six Stages =====

**During a PenTest you generally follow these six steps: **
  - Pre-Engagement: Planning & Scope
  - Recon: Information Gathering
  - Scanning
  - Exploitation
  - Post-Exploitation
  - Post-Engagement: Report

===== Essential =====

**Most important out of the six: **
  - Recon (info gathering)
  - Scanning & Enumeration

  * If you do those two right and well, you should have no problem getting to where you need to go.
  * Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration. 

===== Enumeration =====

All //enumeration// means is "build a list." You enumerate throughout this process; enumeration is essential for a successful hack.

===== Methodology Resources =====

Here are some frameworks, methodologies, standards, and examples to use when you build out your own PetTesting process: 

  - [[https://attack.mitre.org/ | The MITRE ATT&CK Framework]]: Adversarial Tactics, Techniques & Common Knowledge
    * The most comprehensive free database of hacking information (concepts and practices) available.
    * It is not a pentesting standard or outline. It is a knowledge base of descriptions, definitions, and examples.
  - [[https://owasp.org/ | OWASP]]: Open Web Application Security Project
    * Provides pentesting guides for web security, mobile security, and firmware.
    * Also provides advice on how to use other testing methodologies and standards.
  - [[http://www.pentest-standard.org/index.php/Main_Page | PTES]]: Penetration Testing Execution Standard
    * One of the most complete modern and openly available pentesting standards.
    * Includes pre-engagement interactions (scoping, questions for clients, details on dealing with third parties, etc.).
    * Provides a full range of pentesting techniques and concepts.
  - [[https://www.isecom.org/research.html#content5-a0 | OSSTMM]]: Open Source Security Testing Methodology Manual (outdated)
  - [[https://www.nist.gov/publications/technical-guide-information-security-testing-and-assessment | NIST]]: National Institute of Standards and Technology (outdated)
  - [[https://untrustednetwork.net/files/issaf0.2.1.pdf | ISSAF]]: Information Systems Security Assessment Framework (outdated)

----

====== Practice ======

===== VulnHub =====

VulnHub has a lot of practice machines you can download.
  * VulnHub machines are virtual machines (VMs) and are built for VMWare.
  * Debian 10 (Buster) runs VMWare Workstation fine. Debian 11 (Bullseye)... not so much.

List of VulHub machines similar to OSCP: 
  * [[https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms]]

===== TryHackMe =====

Cyber security training through short, gamified, real-world labs. Content for complete beginners and seasoned hackers. 
  * [[https://tryhackme.com/ | Site]]
  * [[prac_app_tryhackme| Write-Ups]]

===== Hack The Box =====

A Massive Hacking Playground 
  * [[https://www.hackthebox.com/ | Site]]
  * [[prac_app_htb| Write-Ups]]

----