Penetration testing is the process of performing authorized exploitation of target systems (that fall in the engagement scope) to discover vulnerabilities in network and machine configuration within the length of the engagement.
Types
- Blackbox: pentesters are not given any information besides basic information such as domain or CIDR blocks
- Graybox: pentesters are given limited internal information
- Whitebox: pentesters are given complete access to all internal information (e.g., code) during the engagement
Outline
- OSINT: look for publicly available information on the target
- enumeration: determine a set of hosts and available services for attack; has the utmost importance in ensuring the success of the next stage
- penetration: discover and take advantage of vulnerabilities to obtain access to a target machine; repeat to discover more successful attack vectors
- persistence: implant programs or forge credentials to maintain access to a compromised host
- host privilege escalation: discover and exploit local vulnerabilities to obtain high-privileged access to the host; repeat to discover more attack vectors
- pivoting: use a compromised host as a base for attacking other hosts on the same network (where you repeat all the steps above)
- Housekeeping/Clean-up: clean up tracks, including programs, exploit scripts, log files, fake accounts, etc
Resources
- OWASP Top 10
- NIST SP 800-115
- HackTricks
- For an extensive documentation of pentesting methodology, see PTES.
- For web app testing, see OWASP ASVS & WSTG.
- For more methodologies, check out the old OWASP wiki.
- ISO/IEC 27001
- Advanced Penetration Testing (Georgia Weidman)
- Priv Esc Wiki for different platforms
- Hack The Box (YouTube: IppSec, John Hammond)
- Vuln Hub
- HackerOne Educational Resources