User Tools

Site Tools



This was a talk presented by Brian at our 2/15/2017 meeting. The topic was Infosec TTPs: General Testing Methodology.

Slide Deck

The slide deck is available here: Infosec Testing Methodology

Speaker or Attendee Notes

Some things that can be expanded upon:


PTES → Pre-Engagement Interactions → Intelligence Gathering → Threat Modeling → Vulnerability Analysis → Exploitation → Post Exploitation → Reporting

SANS →Recon →Scan →Exploit →Pivot →Own

Generic → Recon → System & Service Discovery → Broad Based Vuln Scanning → Exploitation → Post Exploitation → Reporting

A sample report can probably be included here.

Additional Resources

Here are some additional resources if you want to learn more about this subject.

Link Description
PTES - Penetration Testing Execution Standard Also see this specific page/wiki guidelines
InfosecHorse GitHub Page Presenter's GitHub
SANS Reading Room - Penetration Testing Whitepaper, worth reading Decent Pentesting Software List
Awesome Pentesting GitHub Amazing Resource :)
Kill Chain Precursor to all these mindmaps, killchains, etc
2-15-2017-brian-infosec-testing-methodology.txt · Last modified: 2017/02/23 02:04 by darksim905