The Penetration Testing Execution Standard Logo

The Penetration Testing Execution Standard

0
Free
Visit Website

The penetration testing execution standard consists of seven main sections, covering everything related to a penetration test, from initial communication to reporting. The standard is divided into seven main sections: 1. Introduction and Planning 2. Intelligence Gathering and Threat Modeling 3. Vulnerability Research 4. Exploitation and Post-Exploitation 5. Reporting This version can be considered a v1.0, with a v2.0 in the works, providing more granular work in terms of 'levels' - as in intensity levels at which each of the elements of a penetration test can be performed at.

FEATURES

ALTERNATIVES

A tool for detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities

Adversary emulation framework for testing security measures in network environments.

A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.

CLI tool for offensive and defensive security assessments on the Joi validator library with a wide range of attacks.

A COM Command & Control framework using JScript for stealthy and flexible command and control capabilities on Windows systems.

Utilizes dirtyc0w kernel exploit for privilege escalation in a Docker container.

DET (extensible) Data Exfiltration Toolkit is a proof of concept tool for performing Data Exfiltration using multiple channels simultaneously.

Automatic SSRF fuzzer and exploitation tool