Posted in: Security Certifications

CompTIA Pentest+ : Planning and Scoping

Pre Engagement Tasks

Planning the Tests

  • Types of Pentration testing
  • Overall Pentest Process

Defining The Scope

  • Overall Pentest Process
  • Planning and Scoping
  • Initial Information Gathering with the client
  • Regulatory Considerations
  • Contacts, Agreements and SOWs
  • Defining Scope
  • Defining Methodologies
  • Rules of Engagement
  • The Ethical Hacking Mindset

Pentest Drivers

Why is the client paying for the pentest?

  • Compliance Requirements
  • New Application
  • Recent breaches
  • Periodic pentest
  • Risk Mitigation

Client Expectations

  • Formal report
  • Remediation List
  • Retesting
  • Business-risk Analysis
  • Stakeholder Presentations
  • Threat Simulations

Collect Environment Information

  • How many IPs?
  • How many Assets?
  • How many URLs?
  • How many Pages per URL?
  • Security Controls

Defining Pentest Type

  • External Network
  • Internal Network
  • Web Application
  • Mobile Application
  • IoT / SCADA
  • Red Team Attacks

Testing Visibility

  • BlackBox Testing
  • GreyBox Testing
  • WhiteBox Testing

Compliance Standards

Most Common Compliance Standards

PCI-DSS – Payment Card Industry – Data Security Standards

This requirments is mandatory for any company that processes credit card transations.

Read Here the PCI-DSS Penetration Testing Guidance

GDPR – General Data Protection Regulation

Is a cyber security standard to protect data in Europe

HIPAA

SOX

NERC-CIP

ISO27001

Attacks and Tools Restritions

  • DoS Attacks
  • Massive Scans
  • Password Bruteforcing

Privacy Requirements

  • No sensitive data leaves the company
  • Pentester location requirements
  • Minimum-access requirements
  • Additional Privacy Requirements

Contracts, Agreements and SOWs

Basic Agreement Concepts

  • NDAs – Non-Disclosure Agreements
  • MSA – Master Service Agreement
  • SOW – Statement of Work
  • ROE – Rules of Engagement

Defining Scope

  • Assets
  • Types of Attacks
  • IP Ranges

Defining Methodologies and frameworks

  • OWASP Top 10
  • Mitre ATT&CK
  • NIST
  • PTES
  • ISSAF
  • OSSTMM

Rules of Engagement

The Ethical Hacker Mindset

Techincal Information Gathering

OSINT Techniques

Active Scanning

People Information Gathering

Vulnerability Scans

Scan Types

  • Discovery Scans
  • Full Scans
  • Compliance Scans
  • Stealth Scans

Scan Visibility

  • Authenticated Scan
  • UnAuthenticated Scan

Tools

  • OpenVAS
  • Nikto
  • Qualys
  • Nessus
  • Burp Suite
  • OWASP ZAP

Attacks and Exploits

  • Attacks and Exploits Basics
  • Network Attacks
  • Wireless Attacks
  • Application Based Attacks
  • Cloud Attacks
  • Specialized Systems Attacks
  • Social Engineering
  • Physical Security
  • Post Exploitation

Attacks and Exploits Basics

BAsh and Powershell

Networks Attacks

  • ARP Posisoning
  • Password Attacks
  • MITM
  • NAC Bypass
  • Kerberoasting
  • LLMNR / NBT-NS Poisoning
  • NTLM Relay Attacks

Tools

  • Netcat
  • Nmap
  • Metasploit
  • Hydra
  • John The Ripper
  • Hashcat
  • MAC Changer
  • Responder
  • Impacket

Wireless Attacks

  • Enumeration
  • Eavesdropping
  • De-Authentication
  • Jamming
  • Replay Attacks
  • WEP / WPA /WPS
  • Evil Twin and Fake Captive Portals
  • Bluetooth Attacks
  • RFID Attacks

Application Attacks

  • OWASP Top 10
  • SQL Injection
  • Command Injection
  • Cross-Site Scripting
  • LDAP Injection
  • API Attacks
  • Directory Transversal Attacks

Tools

  • Burp Suite
  • OWASP ZAP
  • SQLMAP
  • DirBuster
  • Wfuzz

Cloud Attacks

  • Misconfigurations
  • Credential Harvesting
  • Denial of Service

Specialized Attacks

  • Mobile
  • IoT
  • Industrial Systems
  • Virtual Environments

Social Engineering

  • Phishing Attacks
    • Email
    • Voice
    • SMS
  • USB Drops
  • Impersonation
  • Methods Of Influence
    • Authority
    • Scarity
    • Social Proof
    • Urgency
    • Likeness
    • Fear

Tools

  • Beef
  • SET Toolkit
  • Call Spoofing Tools

Physical Security

  • Obtaining Physical Access to Restrited Area
    • Tailgating
    • Badge Cloning
  • Obtaining Sensitive Data
    • Dumpster Diving
    • Shoulder Surfing

POST Exploitation

  • Upgrade Restrictive Shell
  • Enumeration
  • Gaining Administrator Access
  • Lateral Movement
  • Creating Foothold
  • Data Exfiltration
  • Detection Bypass

Tools

  • Empire C2 Tool
  • Mimikatz
  • Bloodhound
  • PsExec
  • ADRecon
  • Kerberoasting

Reporting and Communications

  • Communication During Pentest
  • Writing Proper Findings
  • Writing Proper Recommendations
  • The Final Report
  • Post Report Activities

BAsic Concepts

  • Contact Escalation Points
    • Primary Contact
    • Techical Contact
    • Emergency Contact
  • Reasons and Triggers for Communication

The Final Report

  • Report Structure
    • Cover
    • Executive Summay
    • Scope
    • Methodology
    • Findings
    • Recommendations
  • Tailoring Information for business Audience
  • Providing details for Tecnical Audience

Post Testing Activities

  • Environment Clean Up
  • Secure Report Distribution
  • Presenting Findings
  • Re-testing

Tools and Code Analysis

  • Coding Basics
    • Logic Structures
    • Data Structures
    • Libraries
    • Functions
    • Procedures
  • Shell Languages
    • Bash
    • Powershell / Batch
  • Programming Languages
    • Python
    • Ruby
    • Perl
    • Javascript
  • Customizeing Exploits
    • Review Code
    • Change Variables
    • Sandboxes
  • Automating Tasks
    • Pentest Environment
    • Automate Enumeration
    • Nmap NSE

CompTIA PenTest+

Leave a Reply

Back to Top