Differences

This shows you the differences between two versions of the page.

--- method_0_intro [2022/09/24 14:55] – [PenTest Methodology] gman
+++ method_0_intro [2022/12/31 00:16] (current) – [Methodology Resources] gman
@@ Line 1: / Line 1: @@
 ====== PenTest Methodology ======
-During a PenTest you generally follow these six steps:
+===== Six Stages =====
+**During a PenTest you generally follow these six steps: **
   - Pre-Engagement: Planning & Scope
   - Recon: Information Gathering
@@ Line 8: / Line 10: @@
   - Post-Exploitation
   - Post-Engagement: Report
+===== Essential =====
 **Most important out of the six: **
@@ Line 16: / Line 20: @@
   * Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration.
-**Enumeration:** All //enumeration// means is "build a list." You enumerate throughout this process, and it is essential for a successful hack.
+===== Enumeration =====
+All //enumeration// means is "build a list." You enumerate throughout this process; enumeration is essential for a successful hack.
+===== Methodology Resources =====
+Here are some frameworks, methodologies, standards, and examples to use when you build out your own PetTesting process:
+  - [[https://attack.mitre.org/ | The MITRE ATT&CK Framework]]: Adversarial Tactics, Techniques & Common Knowledge
+    * The most comprehensive free database of hacking information (concepts and practices) available.
+    * It is not a pentesting standard or outline. It is a knowledge base of descriptions, definitions, and examples.
+  - [[https://owasp.org/ | OWASP]]: Open Web Application Security Project
+    * Provides pentesting guides for web security, mobile security, and firmware.
+    * Also provides advice on how to use other testing methodologies and standards.
+  - [[http://www.pentest-standard.org/index.php/Main_Page | PTES]]: Penetration Testing Execution Standard
+    * One of the most complete modern and openly available pentesting standards.
+    * Includes pre-engagement interactions (scoping, questions for clients, details on dealing with third parties, etc.).
+    * Provides a full range of pentesting techniques and concepts.
+  - [[https://www.isecom.org/research.html#content5-a0 | OSSTMM]]: Open Source Security Testing Methodology Manual (outdated)
+  - [[https://www.nist.gov/publications/technical-guide-information-security-testing-and-assessment | NIST]]: National Institute of Standards and Technology (outdated)
+  - [[https://untrustednetwork.net/files/issaf0.2.1.pdf | ISSAF]]: Information Systems Security Assessment Framework (outdated)
 ----
 ====== Practice ======
+===== VulnHub =====
 VulnHub has a lot of practice machines you can download.
@@ Line 28: / Line 54: @@
 List of VulHub machines similar to OSCP:
   * [[https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms]]
+===== TryHackMe =====
+Cyber security training through short, gamified, real-world labs. Content for complete beginners and seasoned hackers.
+  * [[https://tryhackme.com/ | Site]]
+  * [[prac_app_tryhackme| Write-Ups]]
+===== Hack The Box =====
+A Massive Hacking Playground
+  * [[https://www.hackthebox.com/ | Site]]
+  * [[prac_app_htb| Write-Ups]]
 ----
-====== Zim ======
-  * {{ :zim:backup_zim_2020-10-04_2114.tar.gz |}}
-  * {{ :zim:backup_zim_2020-10-03_1751.tar.gz |}}
-  * {{ :zim:backup_zim_2020-10-07_0616.tar.gz |}}
-  * {{ :zim:backup_zim_2020-10-08_2127.tar.gz |}}
-  * {{ :zim:backup_zim_2020-11-05_2121.tar.gz |}}
-  * {{ :zim:backup_zim_2020-11-07_1937.7z |}}