一蓑烟雨

摘要： Packet Investigation PACKET INVESTIGATION Packet crafting Creating specific network packets to gather information or carry out attacks Tools - netcat, 阅读全文

摘要： Scanning and Enumeration INFORMATION GATHERING Scanning Process of looking at some number of "things" to determine characteristics Commonly used in pe 阅读全文

摘要： Scope Vulnerabilities SCHEDULING AND SCOPE CREEP Scheduling When can/should tests be run? Who should be notified? When must tests be completed? Scope 阅读全文

摘要： Project Strategy and Risk CONSIDERATIONS White-listed No one can access resources unless specifically granted Black-listed Everyone can access unless 阅读全文

摘要： Lab Environment Setup ENV1: Kali Linux Install a Kali Linux Virtual Machine. https://www.kali.org/ ENV2: DVWA - DAMN VULNERABLE WEB APPLICATION Downlo 阅读全文

摘要： Penetration Test - Planning and Scoping(7) TYPES OF ASSESSMENTS Goal-based Goals created upfront Tests set up to fulfill goal(s) Objectives-based Defi 阅读全文

摘要： Penetration Test - Planning and Scoping(6) LEGAL CONCEPTS Statement of Work(SOW) Clearly states what tasks are to be accomplished Master Service Agree 阅读全文

摘要： Penetration Test - Planning and Scoping(5) SUPPORT RESOURCES WSDL/WADL Web services/application description language XML file with lots of info about 阅读全文

摘要： Penetration Test - Planning and Scoping(4) SET EXPECTATIONS Impact The result of testing Report vulnerabilities Remediation How should client respond? 阅读全文

摘要： Penetration Test - Planning and Scoping(3) RESOURCES AND REQUIREMENTS What does each party provide? At what point does the engagement begin? Confident 阅读全文