This was a talk presented by Brian at our 2/15/2017 meeting. The topic was Infosec TTPs: General Testing Methodology.
The slide deck is available here: Infosec Testing Methodology
Some things that can be expanded upon:
PTES → Pre-Engagement Interactions → Intelligence Gathering → Threat Modeling → Vulnerability Analysis → Exploitation → Post Exploitation → Reporting
SANS →Recon →Scan →Exploit →Pivot →Own
Generic → Recon → System & Service Discovery → Broad Based Vuln Scanning → Exploitation → Post Exploitation → Reporting
A sample report can probably be included here.
Here are some additional resources if you want to learn more about this subject.
|PTES - Penetration Testing Execution Standard||Also see this specific page/wiki guidelines|
|InfosecHorse GitHub Page||Presenter's GitHub|
|SANS Reading Room - Penetration Testing||Whitepaper, worth reading|
|http://www.softwaretestinghelp.com/penetration-testing-tools/||Decent Pentesting Software List|
|Awesome Pentesting GitHub||Amazing Resource :)|
|Kill Chain||Precursor to all these mindmaps, killchains, etc|