The Penetration Testing Execution Standard
The penetration testing execution standard consists of seven main sections, covering everything related to a penetration test, from initial communication to reporting. The standard is divided into seven main sections: 1. Introduction and Planning 2. Intelligence Gathering and Threat Modeling 3. Vulnerability Research 4. Exploitation and Post-Exploitation 5. Reporting This version can be considered a v1.0, with a v2.0 in the works, providing more granular work in terms of 'levels' - as in intensity levels at which each of the elements of a penetration test can be performed at.
FEATURES
ALTERNATIVES
Utilizes dirtyc0w kernel exploit for privilege escalation in a Docker container.
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A tool that simplifies the installation of tools and configuration for Kali Linux
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
Pwndrop is a self-deployable file hosting service for red teamers, allowing easy upload and sharing of payloads over HTTP and WebDAV.
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.