DeforaNetworks/pentext
3
0
Fork 0
Code Releases Activity
Files
d876ec38f021d91f7c74c8c24ab90abbdf928be8
pentext/xml/source/snippets/report/methodology.xml
Marcus Bointon 1d15497bee Methodology cleanup
2019-08-21 11:50:29 +02:00

92 lines
3.6 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<section id="methodology" xml:base="methodology.xml" break="before"
inexecsummary="yes">
<title>Methodology</title>
<section id="planning">
<title>Planning</title>
<p>Our general approach during penetration tests is as follows:</p>
<ol>
<li>
<b>Reconnaissance</b>
<br/>
We attempt to gather as much information as possible about the target.
Reconnaissance can take two forms: active and passive. A passive attack
is always the best starting point as this would normally defeat
intrusion detection systems and other forms of protection, etc.,
afforded to the network. This usually involves trying to discover
publicly available information by utilizing a web browser, visiting
newsgroups, etc. An active form would be more intrusive and may show up
in audit logs and may take the form of a social engineering type of
attack.
</li>
<li>
<b>Enumeration</b>
<br/>
We use various fingerprinting tools to determine what hosts are visible
on the target network and, more importantly, try to ascertain what
services and operating systems they are running. Visible services are
researched further to tailor subsequent tests to match.
</li>
<li>
<b>Scanning</b>
<br/>
Vulnerability scanners are used to scan all discovered hosts for known
vulnerabilities or weaknesses. The results are analyzed to determine if
there are any vulnerabilities that could be exploited to gain access or
enhance privileges to target hosts.
</li>
<li>
<b>Obtaining Access</b>
<br/>
We use the results of the scans to assist in attempting to obtain access
to target systems and services, or to escalate privileges where access
has been obtained (either legitimately though provided credentials, or
via vulnerabilities). This may be done surreptitiously (for example to
try to evade intrusion detection systems or rate limits) or by more
aggressive brute-force methods.
</li>
</ol>
</section>
<section id="riskClassification">
<title>Risk Classification</title>
<p>Throughout the report, vulnerabilities or risks are labeled and
categorized according to the Penetration Testing Execution Standard
(PTES). For more information, see:
<a href="http://www.pentest-standard.org/index.php/Reporting">
http://www.pentest-standard.org/index.php/Reporting
</a>
</p>
<p>These categories are:</p>
<ul>
<li>
<b>Extreme</b>
<br/>Extreme risk of security controls being compromised with the
possibility of catastrophic financial/reputational losses occurring as a
result.
</li>
<li>
<b>High</b>
<br/>High risk of security controls being compromised with the potential
for significant financial/reputational losses occurring as a result.
</li>
<li>
<b>Elevated</b>
<br/>Elevated risk of security controls being compromised with the
potential for material financial/reputational losses occurring as a
result.
</li>
<li>
<b>Moderate</b>
<br/>Moderate risk of security controls being compromised with the
potential for limited financial/reputational losses occurring as a
result.
</li>
<li>
<b>Low</b>
<br/>Low risk of security controls being compromised with measurable
negative impacts as a result.
</li>
</ul>
</section>
</section>
View Git Blame Copy Permalink