User Tools

Site Tools


2-15-2017-brian-infosec-testing-methodology

Overview

This was a talk presented by Brian at our 2/15/2017 meeting. The topic was Infosec TTPs: General Testing Methodology.

Slide Deck

The slide deck is available here: Infosec Testing Methodology

Speaker or Attendee Notes

Some things that can be expanded upon:

Methodologies

PTES → Pre-Engagement Interactions → Intelligence Gathering → Threat Modeling → Vulnerability Analysis → Exploitation → Post Exploitation → Reporting

SANS →Recon →Scan →Exploit →Pivot →Own

Generic → Recon → System & Service Discovery → Broad Based Vuln Scanning → Exploitation → Post Exploitation → Reporting

A sample report can probably be included here.

Additional Resources

Here are some additional resources if you want to learn more about this subject.

Link Description
PTES - Penetration Testing Execution Standard Also see this specific page/wiki guidelines
InfosecHorse GitHub Page Presenter's GitHub
SANS Reading Room - Penetration Testing Whitepaper, worth reading
http://www.softwaretestinghelp.com/penetration-testing-tools/ Decent Pentesting Software List
Awesome Pentesting GitHub Amazing Resource :)
Kill Chain Precursor to all these mindmaps, killchains, etc
2-15-2017-brian-infosec-testing-methodology.txt · Last modified: 2017/02/23 02:04 by darksim905