🍡Penetration Testing Methodologies
Pentration tests each have a different scope and goal.
Stages of Penetration Testing
Information Gathering
Gathering as much publically accessible information as possible (OSINT and research)
Enumeration/Scanning
Discovering what services and applications are running on the system
Exploitation
Leveraging vulnerabilities that were discoverd on a system using either public exploits or exploiting application logic
Privilege Escalation
Excalating privileges horizontally (another account of the same privilege) or vertically (administrator accounts)
Post-Exploitation
Contains substages: Pivoting (what other hosts can be targeted), what additional information we can gather from the host, covering your tracks, reporting
OSSTMM (The Open Source Security Testing Methodology Manual) - provides a detailed framework of testing strategies and is the best for telecommunications, wired networks, wireless communications.
OWASP (Open Web Applicatoin Security Project) - framework used solely to test the security of web applications and services
Last updated