Hi,
As I said last week, I will be giving info about my own map. It,
basically, adds definitions of what is (vulnerability scanning,
security scanning, penetration testing, risk assessment, security
auditing, ethical hacking, security testing), it divides the tools and
assessment phases through a metodology that I myself developed, based
on many, but I think it integrates easily into OSSTMM, links that
check online various network settings, thinks to watch for in google
hacking, various ways of checking dns related stuff, host
identification, banner grabbing, it adds a few tools, etc.
One thing that I do think it would be beneficial to all ways, through
this framework, outline a report. I think that with everyone on the
list involved, we could make a definite and complete report suitable
for all of us.
best regards
Mário Platt
On 7/11/06, killy <killfactory@gmail.com> wrote:
Hi Togg,
Looking better and better!
work
I see the section on exploit engines but, what about a section on
payload or compromise?
More specifically, once you have a shell, then what?
plant a rootkit?
sniff traffic?
plant files?
privilege escalation?
enumerate internal network?
repeat cycle..
just some ideas.
I cant wait to see some of the ideas from the list get incorporated.
Keep up the good work!
On 10 Jul 2006 18:53:54 -0000,
Toggmeister@vulnerabilityassessment.co.uk
<Toggmeister@vulnerabilityassessment.co.uk> wrote:
> Hi,
>
> After all your positive emails and responses I've made a number of tweaks
with my map and added extra content:
>
>
> http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
>
>
> In light of the many requests for the source code for my mindmap and in the
spirit of open source I've also made this available:
>
>
>
> http://www.vulnerabilityassessment.co.uk/Penetration%20Test.mm
>
>
> Could anyone who uses this and makes any major tweaks, could they repost
it/send me a copy. Save me doing some work also ;-))
>
>
> I will keep adding as time permits, help would be appreciated. I will also
look into amending to keep it more in-line with the OSTMM model in the future.
>
>
> Toggmeister
>
> http://www.vulnerabilityassessment.co.uk/
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
