Announcement: Blog only to urge themselves to study, welcome to the big guy criticize correct!
Penetration Testing Standards
PETS http://www.pentest-standard.org
1. Early stage of interaction
2. Intelligence gathering Stage
3. Threat Modeling Phase
4. Vulnerability Analysis Phase
5, the late penetration testing phase
6. Penetration test Report
Introduction to the Application menu
These tasks and activities include:
Information collection:Collects data about the target network and its structure, identifies the computer and its operating system, and the services they run. Identify the potentially sensitive parts of the information system. Extracts various lists from the running directory service.
Vulnerability Analysis:Quickly test whether a local or remote system is affected by many known vulnerabilities or insecure configurations. Vulnerability scanners use databases that contain thousands of signatures to identify potential vulnerabilities.
Web Application Analysis:Identify errors and security vulnerabilities in Web applications. Given the public availability of these applications makes them an ideal target for attackers, identifying and mitigating these issues is critical.
Database Evaluation:From SQL injection to attack credentials, database attacks are a very common medium for attackers. Here you can find tools to test attack vectors from SQL injection to data extraction and analysis.
Password attack:The authentication system is always a medium to attack. There are a number of useful tools that can be found here, from online password attack tools to offline attacks on encrypted or hashed systems.
Wireless attack:The popularity of wireless networks means they will always be the medium of attack. With extensive support for a wide range of wireless cards, Carly is an obvious choice for attacking multiple types of wireless networks.
Reverse Engineering:Reverse engineering is an activity with many purposes. To support offensive activities, it is one of the main methods of vulnerability identification and development. In defense, it is used to analyze the malware used in targeted attacks. With this ability, the goal is to determine the ability of a given espionage.
Development tools:Exploit or exploit (previously identified) vulnerabilities to enable you to gain control of a remote computer (or device). This access can then be used for further permission escalation attacks, either locally on a damaged computer or on another computer that is accessible on its local network. This category contains a number of tools and utilities that simplify the process of writing your own vulnerabilities.
Sniffing & Spoofing:Gaining access to data while traveling over the network is often beneficial to attackers. Here you can find deception tools that allow you to impersonate legitimate users and sniffer tools, enabling you to capture and analyze data. When used together, these tools can be very powerful.
Post-development: Once you gain access to the system, you will typically want to maintain that access level or extend control by moving horizontally across the network. Find here the tools to help achieve these goals.
Forensic:The Forensic Linux Live boot environment has been very popular for years. Carly contains a number of popular Linux-based forensic tools that allow you to do everything from initial triage, data imaging, comprehensive analysis, and case management.
Reporting Tools:Penetration testing can be completed only after the results of the survey have been reported. This category contains tools that help organize the collection of information collection tools, find relationships that are not obvious, and bring together all the content in various reports.
Social engineering Tools:When technology is safe, it is often possible to use human behavior as a vehicle for attack. Given the right impact, people are often induced to take action that harms the environment. Does the secretary just insert a USB key that contains harmless PDFs? Or is it a Trojan horse that has a backdoor installed? Has the accountant just logged on to the intended site, or is it a perfect copy for phishing purposes? This category contains tools to help with these types of attacks.
System Services: This category contains tools that allow you to start and stop applications that run as system services in the background.
Author: cyberarm
About Libra, O-Blood, scrap iron bronze. If you have any questions or suggestions, please enlighten me!
Copyright notice: The copyright of this article is owned by the author, welcome reprint, but without the consent of the author must retain this paragraph, and in the article page obvious location to give the original link.
It is hereby stated that all comments and private messages will be answered at the first time. Also welcome you to correct mistakes, common progress. or direct private messages I, your encouragement is my insistence on original and continuous writing the greatest power!
Kali Linux Introduction notes