The gMan nixWiki

Because the mind is made of Teflon...

User Tools

Site Tools

You are here: start » method_0_intro
method_0_intro

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
method_0_intro [2022/09/24 19:36] – [PenTest Methodology] gmanmethod_0_intro [2022/12/31 00:16] (current) – [Methodology Resources] gman
Line 1: Line 1:
 ====== PenTest Methodology ====== ====== PenTest Methodology ======
 +
 +===== Six Stages =====
  
 **During a PenTest you generally follow these six steps: ** **During a PenTest you generally follow these six steps: **
Line 8: Line 10:
   - Post-Exploitation   - Post-Exploitation
   - Post-Engagement: Report   - Post-Engagement: Report
 +
 +===== Essential =====
  
 **Most important out of the six: ** **Most important out of the six: **
Line 16: Line 20:
   * Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration.    * Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration. 
  
-**Enumeration:** All //enumeration// means is "build a list." You enumerate throughout this process, and it is essential for a successful hack.+===== Enumeration ===== 
 + 
 +All //enumeration// means is "build a list." You enumerate throughout this process; enumeration is essential for a successful hack. 
 + 
 +===== Methodology Resources ===== 
 + 
 +Here are some frameworks, methodologies, standards, and examples to use when you build out your own PetTesting process:  
 + 
 +  - [[https://attack.mitre.org/ | The MITRE ATT&CK Framework]]: Adversarial Tactics, Techniques & Common Knowledge 
 +    * The most comprehensive free database of hacking information (concepts and practices) available. 
 +    * It is not a pentesting standard or outline. It is a knowledge base of descriptions, definitions, and examples. 
 +  - [[https://owasp.org/ | OWASP]]: Open Web Application Security Project 
 +    * Provides pentesting guides for web security, mobile security, and firmware. 
 +    * Also provides advice on how to use other testing methodologies and standards. 
 +  - [[http://www.pentest-standard.org/index.php/Main_Page | PTES]]: Penetration Testing Execution Standard 
 +    * One of the most complete modern and openly available pentesting standards. 
 +    * Includes pre-engagement interactions (scoping, questions for clients, details on dealing with third parties, etc.). 
 +    * Provides a full range of pentesting techniques and concepts. 
 +  - [[https://www.isecom.org/research.html#content5-a0 | OSSTMM]]: Open Source Security Testing Methodology Manual (outdated) 
 +  - [[https://www.nist.gov/publications/technical-guide-information-security-testing-and-assessment | NIST]]: National Institute of Standards and Technology (outdated) 
 +  - [[https://untrustednetwork.net/files/issaf0.2.1.pdf | ISSAF]]: Information Systems Security Assessment Framework (outdated)
  
 ---- ----
  
 ====== Practice ====== ====== Practice ======
 +
 +===== VulnHub =====
  
 VulnHub has a lot of practice machines you can download. VulnHub has a lot of practice machines you can download.
Line 28: Line 54:
 List of VulHub machines similar to OSCP:  List of VulHub machines similar to OSCP: 
   * [[https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms]]   * [[https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms]]
 +
 +===== TryHackMe =====
 +
 +Cyber security training through short, gamified, real-world labs. Content for complete beginners and seasoned hackers. 
 +  * [[https://tryhackme.com/ | Site]]
 +  * [[prac_app_tryhackme| Write-Ups]]
 +
 +===== Hack The Box =====
 +
 +A Massive Hacking Playground 
 +  * [[https://www.hackthebox.com/ | Site]]
 +  * [[prac_app_htb| Write-Ups]]
  
 ---- ----
  
  
method_0_intro.1664048160.txt.gz · Last modified: by gman