Skip to content

Instantly share code, notes, and snippets.

@ZacFran

ZacFran/Penetration_Testing.md

Last active August 14, 2023 17:04
Show Gist options
  • Save ZacFran/6806aea2cb0591d3158064509d6d9faf to your computer and use it in GitHub Desktop.
Save ZacFran/6806aea2cb0591d3158064509d6d9faf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Penetration_Testing.md

Notes

phase 1: Mission Definition

  • Define mission goals and targets
  • Define the Rules of engagement

phase 2: Recon

  • Gather publicy availble inforamtion.

phase 3: Footprinting

  • Start building a network map.
  • nmap scripts allow more functions to nmap
nmap --script <filename>|<category>|<directory>
nmap --script-help "ftp-* and discovery"
nmap --script-args <args>
nmap --script-args-file <filename>
nmap --script-help <filename>|<category>|<directory>
nmap --script-trace

phase 4: Exploitation/Initial Access

  • research exploits
  • test the exploit in a testing environment
  • Gain a foothold in the network.
  • phishing is one of the most common method to gain initail access

phase 5: Post-Exploitation

  • Establish persistence
  • Escalate privileges
  • cover tracks/clean logs
  • Exfiltrate data

Reporting

report everything that you do!!!

OPNotes

The persional report used to track the steps taken during an operation.

  • Tips
    use Screen captures when applicable

Formal

Executive Summary
  • The key take aways that can be passed to an executive
Technical Summary
  • The formal version of your opnotes for used to pass to other team members.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment