Hi Togg,
Looking better and better!
I see the section on exploit engines but, what about a section on
payload or compromise?
More specifically, once you have a shell, then what?
plant a rootkit?
sniff traffic?
plant files?
privilege escalation?
enumerate internal network?
repeat cycle..
just some ideas.
I cant wait to see some of the ideas from the list get incorporated.
Keep up the good work!
On 10 Jul 2006 18:53:54 -0000,
Toggmeister@vulnerabilityassessment.co.uk
<Toggmeister@vulnerabilityassessment.co.uk> wrote:
Hi,
After all your positive emails and responses I've made a number of tweaks
with my map and added extra content:
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
In light of the many requests for the source code for my mindmap and in the
spirit of open source I've also made this available:
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.mm
Could anyone who uses this and makes any major tweaks, could they repost
it/send me a copy. Save me doing some work also ;-))
I will keep adding as time permits, help would be appreciated. I will also
look into amending to keep it more in-line with the OSTMM model in the future.
Toggmeister
http://www.vulnerabilityassessment.co.uk/
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
