Ethical Hacking and Penetration Testing Guide



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə26/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   22   23   24   25   26   27   28   29   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Methodology
We have discussed a wide variety of methodologies and standards of penetration testing, such as 
OSSTMM, NIST, and OWASP. I would also like to include the methodology that was followed 


Introduction to Hacking
◾ 
15
for conducting the penetration test; though its inclusion in the report is optional, it could add 
great value to your penetration report. In a scenario where you have been asked to follow a certain 
standard, talking about the methodology and its steps is a good idea.
The following is a screenshot from one of our penetration testing reports where the NIST 
methodology was followed in order to conduct the penetration test. Notice that we include the 
flowchart on how the methodology works and explain each step precisely.
Planning
Discovery
Attack
Additional discovery
Reporting
Methodology
Nist penetration test methodology
The NIST is an international standard for penetration testing; the methodology has been
divided into following phases:
Planning – In this phase, we plan how the assessments would be carried out.
Discovery – In this phase, the targets discovery, target enumeration, and vulnerability
assessments are performed.
Reporting–In the reporting phase the vulnerabilities that were discovered are documented.
Attacking–In the attacking phase, the vulnerabilities that were found in the previous phase
are attempted to be exploited. Once a system is exploited, an attempt to escalate privileges
is made, the attacking phase contains two more steps, namely, system browsing and “Installing
Additional Tools”. During this process if a new target is discovered we move back towards the
discovery phase.
RHAinfoSec utilized the NIST methodology in this engagement against the targets within
the foonetworks. The methodology focuses on assessing the security posture of the target
network in order to create an effective and better security posture.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   22   23   24   25   26   27   28   29   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin