Skip to content

High level overview of GoVanguard's blackbox network penetration testing methodology (PTES based)

Notifications You must be signed in to change notification settings

jr69ss/process-pentest-blackbox-ptes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 

Repository files navigation

Blackbox Network Penetration Testing Process (PTES Based)


Objective:

Find vulnerabilities and attack vectors, exploit them and develop a thoughtful retrospective with compelling evidence.

Causes of vulnerabilities:

– Design and development errors – Poor system configuration – Human errors (specific or architectural)

High Level Process:

  • Organization Profiling
    • Creating profiled passwords
    • Understanding organization relationships
    • User information
    • Looking for past breaches and compromised passwords
  • Data Collection
    • Ports, services, operating systems
    • URL fuzzing and crawling
    • DNS maps
  • Automated Vulnerability Analysis
    • OpenVAS system scanning & report generation
    • OWASP ZAP and Nikto web application scanning & report generation
    • Metasploit Framework
  • Manual Vulnerability Analysis
    • Analyzing returned custom errors
    • Analyzing web schemas
    • Google dorking
  • Automated Exploitation
    • CVE exploitation
  • Manual Exploitation
    • Creating maliciously crafted packets and responses
    • Profiled password brute-forcing
  • Data Rollup and Data Point Correlation
    • Reporting prep
    • Custom and Deep Manual Exploits
  • Report Delivery
    • List of systems, scopes, vulnerabilities, successful attacks/breaches, remediation recommendation

Engineering Process: (DRAFT v2)

MS1 (Day 1-3)

Organization Profiling
  • DNS Scanning
    • TheHarvester theharvester -d <DOMAIN> -b all -v -n -\-t -l 500
    • Mxtoolbox
    • Robtex
    • Dnsmap dnsmap <DOMAIN> -w usr/share/wordlists/gvit_subdomain_wordlist.txt -r results.txt
Email Address Scanning

Password Profiling

  • Based on intelligence gathered from Maltego CE, mostly emails and names
DNS/IP Dorking
SSL/TLS Analysis
  • tlssled
  • sslscan for quick scan (this is also called from tlssled)
  • ssllabs.com (requires host to have a domain name)
User Breach Lookup
User Password Lookup
  • Using internal password database
  • Dropbox Hack Search (Grab SHA1 Hash and decipher with HashCat)
Host Identification
Vulnerability Scanning

MS2 (Day 3-5)

MS3 (Day 5-8)

  • Create Maltego Maps (company intelligence & systems topology)
  • Screenshot Data Roll Up
  • Exploit Data Roll Up
  • MS4 (Day 8-12)
  • Generate Dradis Report (soon to be Spearhead)
  • Word Document Customizations
    • Add in any additional screenshots and scale & crop as necessary
    • Check for proper language usage (Third-Person-Formal & Past Tense)
    • Look for and correct any non-sequiturs
    • Check for soft returns, spacing and correct font (Lato)
    • Ensure issue titles are all using Title Case
    • Ensure all fields contain proper entries (No n/a or empty fields)
    • Simplify summary, insight and mitigation fields wherever possible
    • Format tables, lists or other data collections in clean easy to read tables with alternating colors
    • Insert page breaks where needed to ensure good flow of report
    • Check “Affected Hosts” for duplicates and trailing commas
    • Insert comments for any incomplete items
  • Proof Read and Review

About

High level overview of GoVanguard's blackbox network penetration testing methodology (PTES based)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published