Planning and Scoping
Information Gathering and Vulnerability Scanning
Attacks and Exploits
Reporting and Communication
Tools and Code Analysis
100

describes the processes, tools, and strategies that organizations use to address compliance with industry regulations, enterprise risk management, and internal governance.

Governance, Risk and Compliance (GRC)

100

process of assessing a target to collect preliminary knowledge about the system, software, network, and people without actively engaging a target or its assets.

passive information gathering

100

an attacker knows the websites an organization frequents, the attacker could infect the web pages in the site with malware.

Waterholing


100

is your BLUF summary of the report.

Executive Summary

100

tell a program to perform a set of actions repeatedly. generally used to iterate over a list of items.

Loops

200

it applies to data that was created or used in a health care context. This may apply to medical diagnoses, provider visit details, or other attributes that define an individual’s health or health care.

Protected Health Information (PHI)

200

information is tied to domain name registration entries

WhoIS

200

is probably the oldest method of attack. Generally, you find a user and try every possible combination of letters and numbers to guess the password. Try a. Then try aa. Then try ab. Then try ac… and so on

Brute Forcing

200

of the network and systems to be tested during the engagement, such as IP addresses, hostnames, application names and application programming interfaces (APIs), etc.

scope

200

most languages implement are AND, OR, and NOT.

Boolean Operators

300

is a confidentiality agreement that protects a business’s competitive advantage by protecting its proprietary information and intellectual property.

nondisclosure agreement (NDA)

300

Uses range from identifying login portals based on your company’s domain to searching for web cameras or other devices that are exposed to the Internet.

Googledorks
300

targeting many users with a single well-known password, like Winter2021. The theory is that out of 1,000 users, at least one of them might be using this password.

Password Spraying

300

something that could be advantageous to a malicious threat actor when attacking the customer’s network.

finding

300

are used when you have a repetitive task that needs to take input to the task or provide usable output from the task.

Functions

400

Blind, Double-Blind, Gray Box, Double Gray Box, Tandem, and Reversal

Open Source Security Testing Methodology Manual OSSTMM six testing types

400

search engine also scans the entire Internet, parsing banners for services and categorizing the data returned by each device. The main page provides a search box that can be used to examine content to find keywords or phrases.

Shodan
400

tactical process for surveying an area for access points while in a moving vehicle. The goal is preliminary reconnaissance and to pinpoint wireless networks and potential targets in a certain area of interest.

Wardriving

400

establishes what a person is allowed to access based on their job role. This can mitigate vertical privilege escalation.

Role-based access control (RBAC)

400

are a programming tool that is used to keep data, functions, and procedures related to that data together.

Classes

500

is not a holistic pentest methodology, but rather a knowledge base of attacker actions created from a survey of publicly reported attacker activities.

MITRE ATT&CK

500

is a command-line tool that utilizes various network protocols and advanced features for surveying hosts for open TCP and UDP ports, fingerprinting operating systems, extracting service banners, and much more.

NMAP

500

another type of client-side injection attack that causes a user to perform an action they do not intend against a trusted website.

Cross-site request forgery (CSRF)

500

is a written statement provided by an independent third party (e.g., a pentesting consultancy) that is designed to give the organization credibility to other external parties, often as a part of an audit process.

attestation

500

is a very popular scripting language because of its perceived ease of use and its great tutorial documentation, which makes it very friendly for beginners.

Python

M
e
n
u