Differences

This shows you the differences between two versions of the page.

--- method_0_intro [2022/09/24 19:42] – [Enumeration] gman
+++ method_0_intro [2022/12/31 00:16] (current) – [Methodology Resources] gman
@@ Line 23: / Line 23: @@
 All //enumeration// means is "build a list." You enumerate throughout this process; enumeration is essential for a successful hack.
+===== Methodology Resources =====
+Here are some frameworks, methodologies, standards, and examples to use when you build out your own PetTesting process:
+  - [[https://attack.mitre.org/ | The MITRE ATT&CK Framework]]: Adversarial Tactics, Techniques & Common Knowledge
+    * The most comprehensive free database of hacking information (concepts and practices) available.
+    * It is not a pentesting standard or outline. It is a knowledge base of descriptions, definitions, and examples.
+  - [[https://owasp.org/ | OWASP]]: Open Web Application Security Project
+    * Provides pentesting guides for web security, mobile security, and firmware.
+    * Also provides advice on how to use other testing methodologies and standards.
+  - [[http://www.pentest-standard.org/index.php/Main_Page | PTES]]: Penetration Testing Execution Standard
+    * One of the most complete modern and openly available pentesting standards.
+    * Includes pre-engagement interactions (scoping, questions for clients, details on dealing with third parties, etc.).
+    * Provides a full range of pentesting techniques and concepts.
+  - [[https://www.isecom.org/research.html#content5-a0 | OSSTMM]]: Open Source Security Testing Methodology Manual (outdated)
+  - [[https://www.nist.gov/publications/technical-guide-information-security-testing-and-assessment | NIST]]: National Institute of Standards and Technology (outdated)
+  - [[https://untrustednetwork.net/files/issaf0.2.1.pdf | ISSAF]]: Information Systems Security Assessment Framework (outdated)
 ----