Differences

This shows you the differences between two versions of the page.

--- method_0_intro [2020/09/25 02:10] – gman
+++ method_0_intro [2022/12/31 00:16] (current) – [Methodology Resources] gman
@@ Line 1: / Line 1: @@
-====== Five Stages of a Hack ======
+====== PenTest Methodology ======
-You go through each of these five stages during ever pentest you do.
+===== Six Stages =====
+**During a PenTest you generally follow these six steps: **
+  - Pre-Engagement: Planning & Scope
+  - Recon: Information Gathering
+  - Scanning
+  - Exploitation
+  - Post-Exploitation
+  - Post-Engagement: Report
+===== Essential =====
+**Most important out of the six: **
+  - Recon (info gathering)
+  - Scanning & Enumeration
+  * If you do those two right and well, you should have no problem getting to where you need to go.
+  * Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration.
+===== Enumeration =====
+All //enumeration// means is "build a list." You enumerate throughout this process; enumeration is essential for a successful hack.
+===== Methodology Resources =====
+Here are some frameworks, methodologies, standards, and examples to use when you build out your own PetTesting process:
+  - [[https://attack.mitre.org/ | The MITRE ATT&CK Framework]]: Adversarial Tactics, Techniques & Common Knowledge
+    * The most comprehensive free database of hacking information (concepts and practices) available.
+    * It is not a pentesting standard or outline. It is a knowledge base of descriptions, definitions, and examples.
+  - [[https://owasp.org/ | OWASP]]: Open Web Application Security Project
+    * Provides pentesting guides for web security, mobile security, and firmware.
+    * Also provides advice on how to use other testing methodologies and standards.
+  - [[http://www.pentest-standard.org/index.php/Main_Page | PTES]]: Penetration Testing Execution Standard
+    * One of the most complete modern and openly available pentesting standards.
+    * Includes pre-engagement interactions (scoping, questions for clients, details on dealing with third parties, etc.).
+    * Provides a full range of pentesting techniques and concepts.
+  - [[https://www.isecom.org/research.html#content5-a0 | OSSTMM]]: Open Source Security Testing Methodology Manual (outdated)
+  - [[https://www.nist.gov/publications/technical-guide-information-security-testing-and-assessment | NIST]]: National Institute of Standards and Technology (outdated)
+  - [[https://untrustednetwork.net/files/issaf0.2.1.pdf | ISSAF]]: Information Systems Security Assessment Framework (outdated)
+----
+====== Practice ======
+===== VulnHub =====
+VulnHub has a lot of practice machines you can download.
+  * VulnHub machines are virtual machines (VMs) and are built for VMWare.
+  * Debian 10 (Buster) runs VMWare Workstation fine. Debian 11 (Bullseye)... not so much.
+List of VulHub machines similar to OSCP:
+  * [[https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms]]
+===== TryHackMe =====
+Cyber security training through short, gamified, real-world labs. Content for complete beginners and seasoned hackers.
+  * [[https://tryhackme.com/ | Site]]
+  * [[prac_app_tryhackme| Write-Ups]]
+===== Hack The Box =====
+A Massive Hacking Playground
+  * [[https://www.hackthebox.com/ | Site]]
+  * [[prac_app_htb| Write-Ups]]
+----
-  - Reconnaissance (active vs. passive)
-    - Active: Actually engage the target
-    - Passive: Googling, etc. (not directly against the target)
-  - Scanning & Enumeration (Nmpa, Nessus, Nikto, etc.)
-  - Exploitation (gaining access)
-  - Maintaining Access
-  - Covering Your Tracks (clean up what you did, create, broke, etc.)
-Lather, rinse, repeat...