📃
Anggi's Notes
  • Tentang Penulis
  • Preambule
  • Tutorial Red Team Area (General)
    • Tutorial Setup VirtualBox
    • Tutorial Setup Kali Linux pada VirtualBox
    • Network Adapter Type pada Virtual Box
    • Tutorial Port Forwarding Pada Virtual Box
    • Mempercepat update/upgrade/install Kali Linux
    • Networking in a Nutshell
    • Linux in A Nutshell
    • Linux Command Intro
    • VA-PT Cheatsheet
    • Penetration Testing Guide & Checklist
    • Pentesting Web checklist
    • NMAP Cheatsheet
    • Bind vs Reverse Shell Concept
    • Reverse Shell Cheatsheet
    • Linux TTY Shell Cheat Sheet
    • Menaikkan Common Shell ke Meterpreter
    • Metasploit Cheatsheet
      • msfvenom
      • searchploit
    • Metasploitable-2
    • Metasploitable-3
    • Linux Privilege Escalation
      • Linux Privilege Escalation with Misconfigured /etc/passwd
      • Linux Privilege Escalation with SUID
      • Linux Privilege Escalation with Misconfigured Sudo
      • Linux Privilege Escalation with MSF
    • DVWA
      • Brute Force
        • Low
        • Medium
        • High
      • Command Injection
        • Low
        • Medium
        • High
      • Local File Inclusion
        • Low
        • Medium
        • High
      • File Upload Vulnerability
        • Low
        • Medium
        • High
      • Cross Site Scripting (XSS)
        • Reflected
          • Low
          • Medium
          • High
        • Stored
          • Low
          • Medium
          • High
        • DOM
          • Low
          • Medium
          • High
      • SQL Injection
        • Non Blind
          • Low
          • Medium
          • High
        • Blind
          • Low
          • Medium
          • High
      • CSRF
        • Low
        • Medium
        • High
    • Pentesting Report Sample
    • Tutorial Penggunaan ZAP
    • Windows VA/Audit
      • DetExploit
      • HardeningKitty
      • Tutorial Installasi OWASP ZAP pada Windows OS
    • Linux VA/Audit dengan Lynis
    • Mobile Security Framework (MobSF) Windows Docker
  • Tutorial Red Team Area (Teknik Windows Attack )
    • Reconnaissance Techniques
    • Windows Red Team Exploitation Techniques
    • Windows Red Team Defense Evasion Techniques
  • Tutorial Blue Team Area
    • Merancang SOC
    • IR Playbook
    • Blue Team Opensource Online Tools
    • Wireshark Query Cheatsheet
  • Temuan Celah Keamanan
    • LFI (Directory Traversal) di redacted.co.id
    • Kredensial Database dan Azure Leaks pada redacted.com
    • HTML Injection di Tokopedia
    • 🤪4300$ Bounty from Opensource automate recon tools, why not?
    • I hacked Mastercard 4 times? But How?
    • LFI dan RCE di aset redacted.com
    • FTPd DOS di aset redacted.co.id
    • Gitlab SSRF di redacted.com
    • Firebase Android database Takeover
    • RCE di 11 Subdomain Dell
    • SSRF di redacted.com
    • Reflected XSS di CelticPipes
    • Git Disclosure di redacted.co.id
    • Open Redirection+XSS pada Private Program Bugcrowd
    • Rails Debug Mode Enabled pada redacted.com
Powered by GitBook
On this page
  • Overview
  • Step
  • 1. Pre-Engagement
  • 2. Information Gathering
  • 3. Vulnerability Analysis
  • 4. Exploitation
  • 5. Post-Exploitation
  • 6. Reporting
  • 7. Remediation Verification

Was this helpful?

  1. Tutorial Red Team Area (General)

Penetration Testing Guide & Checklist

PreviousVA-PT CheatsheetNextPentesting Web checklist

Last updated 2 months ago

Was this helpful?

Digubah dari:

Overview

A comprehensive guide for ethical penetration testing, meticulously designed to cover all phases of a penetration test. This step-by-step checklist ensures thorough coverage from preparation to reporting, ideal for both novice and experienced testers.

Step


1. Pre-Engagement

Legal and Compliance

  • Secure a Non-Disclosure Agreement (NDA): Example NDA Template:

  • Obtain formal, written authorization for testing.

  • Ensure legal compliance with all relevant laws and regulations (e.g., GDPR, HIPAA).

  • Obtain appropriate insurance coverage (e.g., professional liability insurance).

  • Establish additional confidentiality agreements if necessary.

Scope Definition

  • Collect comprehensive client and system information.

  • Define the scope and rules of engagement clearly:

    • Identify in-scope and out-of-scope systems and applications.

    • Confirm any limitations or constraints (e.g., testing windows, sensitive systems).

  • Agree on acceptable testing methodologies and tools.

  • Establish safe testing periods to minimize business impact.

  • Identify third-party systems and obtain necessary permissions.

Communication and Planning

  • Set specific, measurable success criteria.

  • Establish emergency contact and response protocols.

  • Define data handling and storage protocols:

    • Agree on how sensitive data will be stored, transmitted, and destroyed.

  • Agree on communication channels and reporting frequency with the client:

    • Set up regular check-ins and progress updates.

  • Clarify testing schedule and time frame.

  • Ensure the penetration testing team has the necessary skills and certifications.


2. Information Gathering

Passive Reconnaissance

  • Utilize Open Source Intelligence (OSINT) techniques:

    • Review job postings for insights into technologies and systems used.

Active Reconnaissance

Social Engineering Opportunities

  • Assess opportunities and methods for social engineering:


3. Vulnerability Analysis

Automated Scanning

Manual Testing

  • Analyze applications for common flaws:

Network and Infrastructure

IoT Device Testing

  • Review physical security controls.

Container Security

CI/CD Pipeline Security

Cloud Infrastructure

OWASP Testing Guide

NIST SP 800-115

Cloud Penetration Testing Resources

Mobile Security Testing

Compliance and Standards

  • Assess compliance with the organization's security policies and procedures.


4. Exploitation

Initial Access

  • Attempt to gain initial access through:

Privilege Escalation

Lateral Movement

Security Evasion

Documentation

  • Document each step of the exploitation process meticulously.

  • Maintain detailed logs of all actions for accountability and analysis.

  • Ensure all exploitation steps are reproducible and verifiable.


5. Post-Exploitation

Impact Analysis

  • Identify and access critical data stores.

  • Analyze the potential business and technical impacts of exploited vulnerabilities.

  • Evaluate the likelihood of real-world exploitation based on findings.

Persistence and Cleanup

  • Remove all tools, scripts, and artifacts used during testing.

  • Ensure no backdoors, test accounts, or persistence mechanisms remain.

  • Verify that systems are restored to their pre-testing state.

  • Confirm that no sensitive data was altered or left exposed.

Data Handling

  • Adhere to secure data handling and processing procedures.

Documentation

  • Document all system alterations comprehensively.


6. Reporting

Report Preparation

  • Create a detailed technical report documenting tools, techniques, and procedures used.

  • Include evidence such as screenshots and logs.

  • Provide clear, actionable remediation recommendations.

  • Assign risk ratings to all identified vulnerabilities.

  • Include a detailed methodology section explaining the testing approach.

  • Provide references to relevant industry standards and best practices.

Executive Summary

  • Prepare an executive summary for stakeholder review.

  • Include both technical details and high-level overviews for different audiences.

Classification and Security

  • Ensure the report is classified appropriately and sensitive data is secured.

  • Offer a prioritized action plan with clear timelines for remediation.

Client Communication

  • Conduct a read-out meeting with the client to discuss key findings.

  • Suggest a timeline for follow-up assessments or retesting.


7. Remediation Verification

Retesting

  • Allow a designated period for the client to remediate identified issues.

  • Conduct retests to verify the effectiveness of fixes.

  • Update the report with verification results and any new findings.

  • Validate that security controls are now functioning as intended.

Unresolved Issues

  • Document any unresolved security issues.

  • Recommend strategies for ongoing monitoring and improvement.

Continuous Improvement

  • Assist in identifying root causes to prevent future vulnerabilities.

  • Recommend improvements to policies, procedures, and security practices.

  • Propose integrating security into the software development lifecycle.

  • Advise on the need for security awareness and training programs.

  • Propose a schedule for regular future security audits.

  • Provide guidance on implementing a vulnerability management program.

Example Scoping Document:

Perform WHOIS lookups and analyze domain registration information. Tool:

Conduct DNS analysis and enumerate subdomains. Tool:

Undertake passive information gathering (e.g., Shodan, Censys). Tool:

Gather information from social media, public forums, and past breaches. Tool:

Examine code repositories (e.g., GitHub) for exposed code or credentials. Tool:

Analyze SSL/TLS certificates for issuer details and expiration dates. Tool:

Perform Google dorking to find potentially sensitive information. Guide:

Conduct network and application scans (e.g., Nmap, Nessus). Tool:

Identify and enumerate all subdomains. Tool:

Perform web crawling for hidden or dynamic content. Tool:

Map network topology and identify network devices. Tool:

Identify technologies, platforms, and frameworks used in applications. Tool:

Search for common vulnerabilities (e.g., default credentials, unpatched systems). Tool:

Check for information leakage via metadata, HTML comments, etc. Tool:

Monitor social media platforms for company-related disclosures. Tool:

Gather employee and organizational information from public sources. Tool:

Validate and prioritize findings from automated scans. Tool:

Test for known vulnerabilities and possible exploits. Tool:

Use vulnerability assessment tools to identify potential issues. Tool:

SQL Injection (SQLi) Example:

Cross-Site Scripting (XSS) Example:

Cross-Site Request Forgery (CSRF) Example:

Insecure Direct Object References (IDOR) Example:

Insecure deserialization Example:

Conduct fuzz testing to discover new vulnerabilities. Tool:

Review server and application configurations for misconfigurations. Tool:

Perform manual code reviews where feasible. Guide:

Assess authentication and authorization mechanisms. Tool:

Check for sensitive data exposure (e.g., in URLs, API responses). Tool:

Examine session management for weaknesses like session fixation. Guide:

Test for security misconfigurations in network devices (firewalls, routers). Tool:

Evaluate encryption and cryptographic practices, including SSL/TLS configurations. Tool:

Assess APIs for vulnerabilities such as improper authentication. Tool:

Assess logging and monitoring controls for effectiveness. Tool:

Examine third-party components and libraries for vulnerabilities. Tool:

Firmware analysis for vulnerabilities. Tool:

Assess communication protocol security (e.g., MQTT, CoAP). Tool:

Perform hardware security testing (e.g., JTAG, UART interfaces). Tool:

Evaluate over-the-air (OTA) update security. Tool:

Check default configuration and hardcoded credentials. Tool:

Assess RF communication security (e.g., Bluetooth, Zigbee). Tool:

Analyze Docker security configurations. Tool:

Assess Kubernetes cluster security. Tool:

Perform container image scanning for vulnerabilities. Tool:

Implement runtime security monitoring. Tool:

Review service mesh configurations. Tool:

Evaluate container orchestration security. Tool:

Secure container registries. Tool:

Secure source code management systems. Tool:

Assess build pipeline security. Tool:

Protect artifact repositories. Tool:

Secure deployment processes. Tool:

Evaluate Infrastructure as Code (IaC) security. Tool:

Implement secrets management best practices. Tool:

Enforce pipeline access controls. Tool:

Conduct cloud configuration reviews. Tool:

Assess Identity and Access Management (IAM) policies. Tool:

Secure storage services (e.g., S3 buckets, Blob storage). Tool:

Review network security groups and firewall settings. Tool:

Evaluate serverless function security. Tool:

Test for misconfigurations in cloud environments. Tool:

Assess cloud-specific vulnerabilities and exploits. Tool:

A comprehensive guide to testing the security of web applications.

Technical Guide to Information Security Testing and Assessment.

AWS Penetration Testing Guidelines

Azure Penetration Testing

Google Cloud Platform (GCP) Penetration Testing

OWASP Mobile Security Testing Guide A detailed guide for testing mobile applications' security.

Verify adherence to industry standards (e.g., OWASP Top Ten, NIST). Reference:

Map findings to compliance requirements (e.g., PCI DSS, ISO 27001). Reference:

Phishing campaigns (with explicit permission). Tool:

Exploiting known vulnerabilities. Tool:

Using default or weak credentials. Tool:

Utilize exploit frameworks (e.g., Metasploit) responsibly and within scope. Tool:

Perform privilege escalation on compromised systems. Tool:

Exploit application logic flaws and business logic vulnerabilities. Example:

Explore lateral movements within the network. Tool:

Attempt to access other systems and resources. Tool:

Attempt to bypass security controls like WAF, 2FA, etc. Tool:

Try to evade detection by security solutions (e.g., antivirus, IDS/IPS). Tool:

Use custom or zero-day exploits cautiously and with explicit permission. Tool:

Implement strategies for maintaining access, if necessary and authorized. Tool:

Check for clear-text credentials and sensitive data in memory. Tool:

Simulate data exfiltration, if within the agreed scope. Tool:

Follow industry-standard reporting formats (e.g., PTES, NIST guidelines). Reference:

Scoping Template by SANS Institute
WHOIS Lookup by ICANN
Sublist3r
Shodan
Maltego
GitHub Search
SSL Labs
Google Dorking Cheat Sheet
Nmap
Amass
Burp Suite
Netdiscover
Wappalyzer
OpenVAS
Metagoofil
Social-Engineer Toolkit (SET)
LinkedIn
Nessus
OpenVAS
Qualys
SQLi Cheat Sheet
XSS Cheat Sheet
CSRF Example
IDOR Example
Deserialization Cheat Sheet
AFL (American Fuzzy Lop)
Lynis
OWASP Code Review Guide
Burp Suite
ZAP (Zed Attack Proxy)
Session Management Cheat Sheet
Nessus
SSL Labs
Postman
Splunk
Dependency-Check
Binwalk
Wireshark
JTAGulator
Firmware Analysis Toolkit
RouterSploit
Ubertooth
Docker Bench for Security
Kube-bench
Clair
Falco
Istio
Kubescape
Harbor
GitGuardian
Jenkins
Nexus Repository Manager
Argo CD
Checkov
HashiCorp Vault
Open Policy Agent (OPA)
Prowler
CloudSploit
S3Scanner
Scout Suite
Serverless Framework
CloudMapper
Pacu
OWASP Testing Guide
NIST SP 800-115
AWS Penetration Testing Guidelines
Microsoft Cloud Penetration Testing Rules of Engagement
GCP Penetration Testing Guidelines
OWASP MSTG
OWASP Top Ten
PCI DSS Requirements
GoPhish
Metasploit
Hydra
Metasploit
LinPEAS
Privilege Escalation Techniques
CrackMapExec
Mimikatz
WAFW00F
Veil-Evasion
Exploit-DB
Empire
Mimikatz
Dnscat2
PTES Reporting
https://github.com/iAnonymous3000/awesome-pentest-checklist
NDA Template by LegalTemplates
Pre-Engagement
Information Gathering
Vulnerability Analysis
Exploitation
Post-Exploitation
Reporting
Remediation Verification