ZacFran/Penetration_Testing.md

Last active August 14, 2023 17:04

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/ZacFran/6806aea2cb0591d3158064509d6d9faf.js"></script>
Save ZacFran/6806aea2cb0591d3158064509d6d9faf to your computer and use it in GitHub Desktop.

Download ZIP

Raw

Penetration_Testing.md

Notes

phase 1: Mission Definition

Define mission goals and targets
Define the Rules of engagement

phase 2: Recon

Gather publicy availble inforamtion.

phase 3: Footprinting

Start building a network map.
nmap scripts allow more functions to nmap

nmap --script <filename>|<category>|<directory>
nmap --script-help "ftp-* and discovery"
nmap --script-args <args>
nmap --script-args-file <filename>
nmap --script-help <filename>|<category>|<directory>
nmap --script-trace

phase 4: Exploitation/Initial Access

research exploits
test the exploit in a testing environment
Gain a foothold in the network.
phishing is one of the most common method to gain initail access

phase 5: Post-Exploitation

Establish persistence
Escalate privileges
cover tracks/clean logs
Exfiltrate data

Reporting

report everything that you do!!!

OPNotes

The persional report used to track the steps taken during an operation.

Tips
use Screen captures when applicable

Formal

Executive Summary

The key take aways that can be passed to an executive

Technical Summary

The formal version of your opnotes for used to pass to other team members.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment