Pre Engagement Tasks
Planning the Tests
- Types of Pentration testing
- Overall Pentest Process
Defining The Scope
- Overall Pentest Process
- Planning and Scoping
- Initial Information Gathering with the client
- Regulatory Considerations
- Contacts, Agreements and SOWs
- Defining Scope
- Defining Methodologies
- Rules of Engagement
- The Ethical Hacking Mindset
Pentest Drivers
Why is the client paying for the pentest?
- Compliance Requirements
- New Application
- Recent breaches
- Periodic pentest
- Risk Mitigation
Client Expectations
- Formal report
- Remediation List
- Retesting
- Business-risk Analysis
- Stakeholder Presentations
- Threat Simulations
Collect Environment Information
- How many IPs?
- How many Assets?
- How many URLs?
- How many Pages per URL?
- Security Controls
Defining Pentest Type
- External Network
- Internal Network
- Web Application
- Mobile Application
- IoT / SCADA
- Red Team Attacks
Testing Visibility
- BlackBox Testing
- GreyBox Testing
- WhiteBox Testing
Compliance Standards
Most Common Compliance Standards
PCI-DSS – Payment Card Industry – Data Security Standards
This requirments is mandatory for any company that processes credit card transations.
Read Here the PCI-DSS Penetration Testing Guidance
GDPR – General Data Protection Regulation
Is a cyber security standard to protect data in Europe
HIPAA
SOX
NERC-CIP
ISO27001
Attacks and Tools Restritions
- DoS Attacks
- Massive Scans
- Password Bruteforcing
Privacy Requirements
- No sensitive data leaves the company
- Pentester location requirements
- Minimum-access requirements
- Additional Privacy Requirements
Contracts, Agreements and SOWs
Basic Agreement Concepts
- NDAs – Non-Disclosure Agreements
- MSA – Master Service Agreement
- SOW – Statement of Work
- ROE – Rules of Engagement
Defining Scope
- Assets
- Types of Attacks
- IP Ranges
Defining Methodologies and frameworks
- OWASP Top 10
- Mitre ATT&CK
- NIST
- PTES
- ISSAF
- OSSTMM
Rules of Engagement
The Ethical Hacker Mindset
Techincal Information Gathering
OSINT Techniques
Active Scanning
People Information Gathering
Vulnerability Scans
Scan Types
- Discovery Scans
- Full Scans
- Compliance Scans
- Stealth Scans
Scan Visibility
- Authenticated Scan
- UnAuthenticated Scan
Tools
- OpenVAS
- Nikto
- Qualys
- Nessus
- Burp Suite
- OWASP ZAP
Attacks and Exploits
- Attacks and Exploits Basics
- Network Attacks
- Wireless Attacks
- Application Based Attacks
- Cloud Attacks
- Specialized Systems Attacks
- Social Engineering
- Physical Security
- Post Exploitation
Attacks and Exploits Basics
BAsh and Powershell
Networks Attacks
- ARP Posisoning
- Password Attacks
- MITM
- NAC Bypass
- Kerberoasting
- LLMNR / NBT-NS Poisoning
- NTLM Relay Attacks
Tools
- Netcat
- Nmap
- Metasploit
- Hydra
- John The Ripper
- Hashcat
- MAC Changer
- Responder
- Impacket
Wireless Attacks
- Enumeration
- Eavesdropping
- De-Authentication
- Jamming
- Replay Attacks
- WEP / WPA /WPS
- Evil Twin and Fake Captive Portals
- Bluetooth Attacks
- RFID Attacks
Application Attacks
- OWASP Top 10
- SQL Injection
- Command Injection
- Cross-Site Scripting
- LDAP Injection
- API Attacks
- Directory Transversal Attacks
Tools
- Burp Suite
- OWASP ZAP
- SQLMAP
- DirBuster
- Wfuzz
Cloud Attacks
- Misconfigurations
- Credential Harvesting
- Denial of Service
Specialized Attacks
- Mobile
- IoT
- Industrial Systems
- Virtual Environments
Social Engineering
- Phishing Attacks
- Voice
- SMS
- USB Drops
- Impersonation
- Methods Of Influence
- Authority
- Scarity
- Social Proof
- Urgency
- Likeness
- Fear
Tools
- Beef
- SET Toolkit
- Call Spoofing Tools
Physical Security
- Obtaining Physical Access to Restrited Area
- Tailgating
- Badge Cloning
- Obtaining Sensitive Data
- Dumpster Diving
- Shoulder Surfing
POST Exploitation
- Upgrade Restrictive Shell
- Enumeration
- Gaining Administrator Access
- Lateral Movement
- Creating Foothold
- Data Exfiltration
- Detection Bypass
Tools
- Empire C2 Tool
- Mimikatz
- Bloodhound
- PsExec
- ADRecon
- Kerberoasting
Reporting and Communications
- Communication During Pentest
- Writing Proper Findings
- Writing Proper Recommendations
- The Final Report
- Post Report Activities
BAsic Concepts
- Contact Escalation Points
- Primary Contact
- Techical Contact
- Emergency Contact
- Reasons and Triggers for Communication
The Final Report
- Report Structure
- Cover
- Executive Summay
- Scope
- Methodology
- Findings
- Recommendations
- Tailoring Information for business Audience
- Providing details for Tecnical Audience
Post Testing Activities
- Environment Clean Up
- Secure Report Distribution
- Presenting Findings
- Re-testing
Tools and Code Analysis
- Coding Basics
- Logic Structures
- Data Structures
- Libraries
- Functions
- Procedures
- Shell Languages
- Bash
- Powershell / Batch
- Programming Languages
- Python
- Ruby
- Perl
- Javascript
- Customizeing Exploits
- Review Code
- Change Variables
- Sandboxes
- Automating Tasks
- Pentest Environment
- Automate Enumeration
- Nmap NSE
Comments