pentesting

CyberSec Resources: Pentesting, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, Mobile Apps pentesting, FRAMEWORKS & STANDARDS, Pentest Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds & CTF, ...

PHASES OF A PENTEST

👉 𝗪𝗵𝗮𝘁 𝗮𝗿𝗲 𝘁𝗵𝗲 𝗽𝗵𝗮𝘀𝗲𝘀 𝗼𝗳 𝗣𝗲𝗻𝘁𝗲𝘀𝘁

🌟 Basis of penetration testing execution by the PTES http://www.pentest-standard.org/index.php/Main_Page

🌟 Penetration Testing Phases & Steps Explained by Ray Fernandez on Esecurityplanet: https://www.esecurityplanet.com/networks/penetration-testing-phases/

👉 𝗣𝗿𝗲-𝗘𝗻𝗴𝗮𝗴𝗲𝗺𝗲𝗻𝘁

🌟 Pre-engagement by the PTES http://www.pentest-standard.org/index.php/Pre-engagement

🌟 Scoping a pentest on PentesterLab https://blog.pentesterlab.com/scoping-f3547525f9df

🌟 Pentest Scope Worksheet by SANS https://www.sans.org/posters/pen-test-scope-worksheet/

🌟 API Pentesting 101: The rules of Engagement by Dana Epp https://danaepp.com/api-pentesting-101-the-rules-of-engagement

🌟 Pentest Rules of Engagement Worksheet by SANS https://www.sans.org/posters/pen-test-rules-of-engagement-worksheet/

👉 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗚𝗮𝘁𝗵𝗲𝗿𝗶𝗻𝗴

🌟 Intelligence Gathering by the PTES http://www.pentest-standard.org/index.php/Intelligence_Gathering

🌟 Gabrielle B's post of resources about OSINT

OSINT is often part of a pentest.

If you want to learn more about it or specialize in it. Here are some resources!

👉 Check out The Ultimate OSINT collection by Hatless1der: https://start.me/p/DPYPMz/the-ultimate-osint-collection

👉 Have a look at this 5 hours free course by TCM Security https://youtu.be/qwA6MmbeGNo https://www.linkedin.com/company/tcm-security-inc/

👉 Check out this article by Giancarlo Fiorella on Bellingcat: https://www.bellingcat.com/resources/2021/11/09/first-steps-to-getting-started-in-open-source-research/

👉 Check out this amazing list of Tools and Resources by onlineosint: https://osint.link/

🌟 The OSINT Framework by jnordine https://osintframework.com/

🌟 Gabrielle B's pentips about Information Gathering https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/information-gathering

🌟 Understanding the Steps of Footprinting on Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/penetration-testing/footprinting-steps-penetration-testing/

🌟 Passive Information Gathering for pentesting https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/passive-information-gathering-for-pentesting-275726/

🌟 Active information Gathering for pentesting https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/active-information-gathering-for-pentesting-275736/

👉 𝗧𝗵𝗿𝗲𝗮𝘁 𝗠𝗼𝗱𝗲𝗹𝗶𝗻𝗴

🌟 Threat Modeling by the PTES http://www.pentest-standard.org/index.php/Threat_Modeling

🌟 Threat modeling 101 Infosec resources https://resources.infosecinstitute.com/topic/applications-threat-modeling/

👉 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀

🌟 Vulnerability Analysis by the PTES http://www.pentest-standard.org/index.php/Vulnerability_Analysis

🌟 Gabrielle B's pentips about Scanning & Enumeration https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/scanenum

🌟 What is Vulnerability Analysis and How Does It work on Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/conduct-a-vulnerability-analysis/

🌟 NCSC Guide for vulnerability management https://www.ncsc.gov.uk/guidance/vulnerability-management

👉 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻

🌟 Exploitation by the PTES http://www.pentest-standard.org/index.php/Exploitation

🌟 Gabrielle B's pentips about Exploitation https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/exploitation

🌟 The Exploitation Phase in Penetration Testing by Gaurav Tiwari https://gauravtiwari.org/exploitation-phase-in-penetration-testing/

👉 𝗣𝗼𝘀𝘁 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻

🌟 Post Exploitation by the PTES http://www.pentest-standard.org/index.php/Post_Exploitation

🌟 Introduction to Post-Exploitation Phase on geeksforgeeks https://www.geeksforgeeks.org/introduction-to-post-exploitation-phase/

🌟 9 Post Exploitation Tools for Your next Penetration Test https://bishopfox.com/blog/post-exploitation-tools-for-pen-test

👉 𝗥𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴

🌟 Reporting by the PTES http://www.pentest-standard.org/index.php/Reporting

🌟 Gabrielle B's pentips on reporting https://csbygb.gitbook.io/pentips/reporting/pentest-report

REPORTING

👉 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗼𝗳 𝗮 𝗽𝗲𝗻𝘁𝗲𝘀𝘁 𝗿𝗲𝗽𝗼𝗿𝘁

🌟 Gabrielle B's article on how to write a pentest report: https://csbygb.gitbook.io/pentips/reporting/pentest-report

👉 𝗛𝗼𝘄 𝘁𝗼 𝘁𝗮𝗸𝗲 𝗻𝗼𝘁𝗲𝘀

🌟 Cherry Tree https://www.giuspen.com/cherrytree/

🌟 Joplin https://joplinapp.org/

🌟 Keepnote http://keepnote.org/

👉 𝗧𝗶𝗽𝘀 𝗳𝗿𝗼𝗺 𝗘𝘅𝗽𝗲𝗿𝘁𝘀

🌟 Writing Tips for IT Professionals by Lenny Zeltser https://zeltser.com/writing-tips-for-it-professionals/

🌟 How to write a Penetration Testing Report by HackerSploit https://www.youtube.com/watch?v=J34DnrX7dTo

👉 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻

🌟 Blackstone project by micro-joan https://github.com/micro-joan/BlackStone

🌟 Pentext by Radically Open Security https://github.com/radicallyopensecurity/pentext

👉 𝗘𝘅𝗮𝗺𝗽𝗹𝗲𝘀 𝗼𝗳 𝗿𝗲𝗽𝗼𝗿𝘁𝘀

🌟 A list of public pentest reports by juliocesarfort https://github.com/juliocesarfort/public-pentesting-reports

🌟 A list of bug bounty writeup on Pentester Land https://pentester.land/writeups/

PENTEST TOOLS

👉 See Rajneesh Gupta’s post about some of the Practical web Pentesting tools. He even share them according to the pentest steps: https://www.linkedin.com/posts/rajneeshgupta01_web-pentesting-practical-tools-activity-6946808678402375680-CJjt/

Some of the practical Web Pentesting Tools!

👉 Reconnaisaance

✔ Nmap - Web Service detection

✔ Nessus - Automated Scan

✔ Skipfish - Web App Active Scanning for vulnerabilities

👉 Mapping/Discovery

✔ Burp-Suite- Web Proxy

✔ OWASP ZAP - Web Proxy

👉 Exploitation

✔ Metasploit Framework: Exploitation tool with payloads, exploits

✔ Burp-Suite- Web Proxy

✔ Exploit-db - To search for exploits

✔ Netcat

🚨 Follow Rajneesh he offers amazing content 🚨

👉 You know the Nmap project? Well they have a list of the top 125 Network Security Tools: https://sectools.org/

👉 You want Open Source?

✴️Julien Maury shared a Top 10 on eSecurity Planet: https://www.esecurityplanet.com/applications/open-source-penetration-testing-tools/

✴️And SANS has a list of tools including plenty of pentest tools: https://www.sans.org/img/free-faculty-tools.pdf

👉 Finally arch3rPro has an amazing amount of tools listed on github: https://github.com/arch3rPro/PentestTools

NETWORK SECURITY, Networking

👉 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗡𝗲𝘁𝘄𝗼𝗿𝗸𝗶𝗻𝗴?

🌟 Cover your digital basics with netacad: https://www.netacad.com/courses/os-it/get-connected

🌟 Professor Messer’s CompTIA Network+ Course https://www.professormesser.com/network-plus/n10-008/n10-008-video/n10-008-training-course/

🌟 OSI Model https://en.wikipedia.org/wiki/OSI_model

👉 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆?

🌟 What is Network Security on Hackthebox blog by Kim Crawley: https://www.hackthebox.com/blog/what-is-network-security

🌟 Network Security Course on OpenLearn by The Open University https://www.open.edu/openlearn/digital-computing/network-security

🌟 OSI Layers and related Attack types by Harun Seker

👉 𝗛𝗼𝘄 𝘁𝗼 P𝗲𝗻𝘁𝗲𝘀𝘁 𝗡𝗲𝘁𝘄𝗼𝗿𝗸𝘀?

🌟 Full Ethical Hacking Course - Beginner Network Penetration Testing by TCM Security https://youtu.be/WnN6dbos5u8

🌟 Infrastructure Pentesting Checklist by Purab Parihar: https://github.com/purabparihar/Infrastructure-Pentesting-Checklist

PRIVILEGE ESCALATION, Windows and Linux

👉 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲 𝗘𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗼𝗻?

🌟 Cybersecurity 101 - What is Privilege escalation on CrowdStrike https://www.crowdstrike.com/cybersecurity-101/privilege-escalation/ https://www.linkedin.com/company/crowdstrike/

🌟 Privilege Escalation Attack and defend explained on BeyondTrust https://www.beyondtrust.com/blog/entry/privilege-escalation-attack-defense-explained https://www.linkedin.com/company/beyondtrust/

👉 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲 𝗘𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗼𝗻

🌟 Gabrielle B 🔑's Pentips on Windows Privilege escalation on CSbyGB - Pentips https://csbygb.gitbook.io/pentips/windows/privesc

🌟 Windows Privilege Escalation on PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

🌟 Windows Privesc gui