Book
The material will be used from different sources as well as from my own experience. However, there two particular books that you should look into if you see cybersecurity as your possible future career: Hacker Playbook 2 and Hacker Playbook 3
Also, I found that this books is a good one to get really deep and really serious into pentesting: Advanced Penetration Testing: Hacking the World's Most Secure Networks
Methodology
- Hacker VS Pentester?
- Free-for-all VS Written authorization
- Types of a pentest
- Compliance test
- Vulnerability assessment
- Pentesting: what is the business impact?
- Box: black | grey | white
- Penetration testing execution standard
Abstract methodology
Any methodology is not a holy grail => develop your own
- Planning
- Non-intrusive target search
- Intrusive target search
- Remote target assessment
- Local target assessment
- Data analysis
- Reporting
Penetration Testing Execution Standard
- Pre-engagement interactions
- Scope!!!
- What if we identified something out of the scope?
- Intelligence gathering
- Open-Source Intelligence (OSINT): passive | semi-passive | active
- Threat modeling
- What-if scenarios
- What if we lose an asset?
- What is the asset's net value?
- What do we need from the organization to do threat modeling?
- Documentation | assets | threats
- What-if scenarios
- Vulnerability analysis: Look for flaws
- Active
- Passive
- Validation (Common Vulnerabilities and Exposures (CVE))
- Research
- Exploitation
- Establish and gain access
- Post-exploitation
- Backdoors that will clean itself
- Privilege escalation
- Access to sensitive data
- DoS - whoops, scope?
- Reporting
- Result: improve security, mitigate issues
- Executive summary
- Technical report
- Risk assessment
- Conclusion, remediation plan
Penetration Testing Methodology by Peter Kim
- Intelligence Gathering
- Initial Foothold
- Local/Network Enumeration
- Local Privilege Escalation
- Persistence
- Lateral Movement
- Domain Privilege Escalation
- Dumping Hashes
- Data Identification/Exfiltration
- Reporting
Reconnaissance
- CentralOps: Free online network tools
- Vulnerability Assessment tools reviews
- PowerShell AD Recon
- Discover VPNs within the organization
- 12 Additional OSINT Techniques
Do-nots
- Passwords should never be included in the report, even in a hash form
- Running binaries/scripts that you have not verified
Study Materials
- Basic Theory of Cybersecurity
- Offensive Security Learning
- Getting Started in InfoSec
- Collection of Awesome Hacking
- 124 Legal Website to Practice and Learn
- Network Security on Reddit
- Security Investigations by Krebs
- Web: Missions
- Web: Hacker 101
- Web: OWASP WebGoat Vulnerable App
- Misc: Practical Pentest Labs
- Metasploitable: Vulnerable Windows/Linux Machines
- Machines Vulnerable by Design
- Cybersecurity Cheetsheets
- HackTricks Book
Random links to sort out later
- Twitter is Broken
- Cybersecurity Horror Stories
- APT Groups and Operations
- Community-driven Creacking Hashes
- Exploit php remotely to bypass waf and filters
- 5 pentest tools for sysadmins
- Exploits for Different Vulnerabilities
- Free Course for Web Pentesting with CTF
- Password spraying, doxycannon to avoid block by IP, cookie crimes to get cookies from command line, slack extract
- Free Practical Pentest Labs web application hacking network, exploit development network, and scenario-based network
- MySQL Root Privilege Escalation
- LSASS Corruption
- Python Web Exploitation
- WIG for 802.11 Information Gathering
- Free Pentest Course
- Secret Leaks of Android Apps
- Escalating Privileges in Windows 10 x64
- CyberChef - different encoding/encryption methods online
- Walkthrough of Holiday Challenge Hack 2015
- File Upload Vulnerability Scanner and Exploitation Tool
- C2 over DNS to Bypass Firewall
- 17 pentesting tools that pros use
- Attacking Windows 10 on Metasploit
- Stealing NTLM Hashes via PDF
- Data Center Security Testing: Infection Monkey
- Privilege Escalation, UAC bypass, Persistence, DLL Hijack Techniques, Python-based
- Windows Privilege Escalation Fundamentals
- Oracle EBS Pentesting
- Attack on TLS for RSA
- Mimikatz how-to
- Raspberry Pi based - Pwnpi