The gMan nixWiki

Because the mind is made of Teflon...

User Tools

Site Tools

You are here: start » method_0_intro
method_0_intro

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
method_0_intro [2022/09/24 19:40] – [Practice] gmanmethod_0_intro [2022/12/31 00:16] (current) – [Methodology Resources] gman
Line 1: Line 1:
 ====== PenTest Methodology ====== ====== PenTest Methodology ======
 +
 +===== Six Stages =====
  
 **During a PenTest you generally follow these six steps: ** **During a PenTest you generally follow these six steps: **
Line 8: Line 10:
   - Post-Exploitation   - Post-Exploitation
   - Post-Engagement: Report   - Post-Engagement: Report
 +
 +===== Essential =====
  
 **Most important out of the six: ** **Most important out of the six: **
Line 16: Line 20:
   * Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration.    * Therefore, if you are having problems getting to where you need to go, you probably missed something in your scanning and enumeration. 
  
-**Enumeration:** All //enumeration// means is "build a list." You enumerate throughout this process, and it is essential for a successful hack.+===== Enumeration ===== 
 + 
 +All //enumeration// means is "build a list." You enumerate throughout this process; enumeration is essential for a successful hack. 
 + 
 +===== Methodology Resources ===== 
 + 
 +Here are some frameworks, methodologies, standards, and examples to use when you build out your own PetTesting process:  
 + 
 +  - [[https://attack.mitre.org/ | The MITRE ATT&CK Framework]]: Adversarial Tactics, Techniques & Common Knowledge 
 +    * The most comprehensive free database of hacking information (concepts and practices) available. 
 +    * It is not a pentesting standard or outline. It is a knowledge base of descriptions, definitions, and examples. 
 +  - [[https://owasp.org/ | OWASP]]: Open Web Application Security Project 
 +    * Provides pentesting guides for web security, mobile security, and firmware. 
 +    * Also provides advice on how to use other testing methodologies and standards. 
 +  - [[http://www.pentest-standard.org/index.php/Main_Page | PTES]]: Penetration Testing Execution Standard 
 +    * One of the most complete modern and openly available pentesting standards. 
 +    * Includes pre-engagement interactions (scoping, questions for clients, details on dealing with third parties, etc.). 
 +    * Provides a full range of pentesting techniques and concepts. 
 +  - [[https://www.isecom.org/research.html#content5-a0 | OSSTMM]]: Open Source Security Testing Methodology Manual (outdated) 
 +  - [[https://www.nist.gov/publications/technical-guide-information-security-testing-and-assessment | NIST]]: National Institute of Standards and Technology (outdated) 
 +  - [[https://untrustednetwork.net/files/issaf0.2.1.pdf | ISSAF]]: Information Systems Security Assessment Framework (outdated)
  
 ---- ----
method_0_intro.1664048439.txt.gz · Last modified: by gman