Penetration Testing techniques and methodologies

joba19 · November 2017

I can't find much on penetration testing techniques and methodologies on google.

Any recommendations? What websites you have bookmarked about those things you guys can share?

N7Valiant · November 2017

Erm, is there any context to the level of information you know? Your familiarity with the topic?

In my security class at college which preps you for the CEH, it does cover a few core concepts about certain types of attacks like using ICMP packets to bypass the firewall or using session splintering to cloak an attack from the IDS, but nothing in depth on how to actually carry out these attacks.

The closest I got to practical experience was using labrea in Kali Linux to tarpit an nmap, and using Hydra to try a brute-force attack against a Metasploitable VM.

I think the best recommendation I got thus far was to go over to VulnHub to find a downloadable virtual machine(which are generally setup for you to penetrate) and follow the instructions. Haven't quite been able to find the time to do that yet since I'm gunning for my Security+ and CEH at the moment, but my understanding is that preparing for the OSCP is a good way to gain knowledge on penetration testing and demonstrate your skill at the same time.

BlackBeret · November 2017

Interesting, when I search Google for penetration testing methodologies, the top site is the OWASP page, listing 7 different standards, what they cover in broad terms, and links to their respective pages.
https://www.owasp.org/index.php/Penetration_testing_methodologies

kronos13 · November 2017

PTEST Technical Guidelines have some good information

PTES Technical Guidelines - The Penetration Testing Execution Standard

yoba222 · November 2017

OWASP's list and the PTES like BlackBeret and kronos13 linked.

Penetration Testing techniques and methodologies

Comments