Penetration Testing techniques and methodologies

joba19joba19 Member Posts: 32 ■■□□□□□□□□
I can't find much on penetration testing techniques and methodologies on google.

Any recommendations? What websites you have bookmarked about those things you guys can share?

Comments

  • N7ValiantN7Valiant Senior Member Member Posts: 364 ■■■■□□□□□□
    Erm, is there any context to the level of information you know? Your familiarity with the topic?

    In my security class at college which preps you for the CEH, it does cover a few core concepts about certain types of attacks like using ICMP packets to bypass the firewall or using session splintering to cloak an attack from the IDS, but nothing in depth on how to actually carry out these attacks.

    The closest I got to practical experience was using labrea in Kali Linux to tarpit an nmap, and using Hydra to try a brute-force attack against a Metasploitable VM.

    I think the best recommendation I got thus far was to go over to VulnHub to find a downloadable virtual machine(which are generally setup for you to penetrate) and follow the instructions. Haven't quite been able to find the time to do that yet since I'm gunning for my Security+ and CEH at the moment, but my understanding is that preparing for the OSCP is a good way to gain knowledge on penetration testing and demonstrate your skill at the same time.
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    Interesting, when I search Google for penetration testing methodologies, the top site is the OWASP page, listing 7 different standards, what they cover in broad terms, and links to their respective pages.
    https://www.owasp.org/index.php/Penetration_testing_methodologies
  • kronos13kronos13 Member Posts: 1 ■□□□□□□□□□
  • yoba222yoba222 Senior Member Member Posts: 1,127 ■■■■■■■■□□
    OWASP's list and the PTES like BlackBeret and kronos13 linked.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
Sign In or Register to comment.