The Penetration Testing Execution Standard Documentation Release 1.1 The PTES Team Jun 16, 2021 Contents 1 The Penetration Testing Execution Standard3 1.1 High Level Organization of the Standard................................3 2 Pre-engagement Interactions5 2.1 Overview.................................................5 2.2 Introduction to Scope..........................................5 2.3 Metrics for Time Estimation.......................................6 2.4 Scoping Meeting.............................................6 2.5 Additional Support Based on Hourly Rate................................7 2.6 Questionnaires..............................................7 2.7 General Questions............................................7 2.8 Scope Creep............................................... 10 2.9 Specify Start and End Dates....................................... 10 2.10 Specify IP Ranges and Domains..................................... 11 2.11 Dealing with Third Parties........................................ 11 2.12 Define Acceptable Social Engineering Pretexts............................. 12 2.13 DoS Testing............................................... 12 2.14 Payment Terms.............................................. 12 2.15 Goals................................................... 13 2.16 Establish Lines of Communication................................... 14 2.17 Emergency Contact Information..................................... 14 2.18 Rules of Engagement........................................... 15 2.19 Capabilities and Technology in Place.................................. 17 3 Intelligence Gathering 19 3.1 General.................................................. 19 3.2 Intelligence Gathering.......................................... 20 3.3 Target Selection............................................. 20 3.4 OSINT.................................................. 21 3.5 Covert Gathering............................................. 30 3.6 Footprinting............................................... 31 3.7 Identify Protection Mechanisms..................................... 35 4 Threat Modeling 37 4.1 General.................................................. 37 4.2 Business Asset Analysis......................................... 38 4.3 Business Process Analysis........................................ 41 i 4.4 Threat Agents/Community Analysis................................... 41 4.5 Threat Capability Analysis........................................ 42 4.6 Motivation Modeling........................................... 43 4.7 Finding relevant news of comparable Organizations being compromised................ 43 5 Vulnerability Analysis 45 5.1 Testing.................................................. 45 5.2 Active................................................... 45 5.3 Passive.................................................. 49 5.4 Validation................................................. 49 5.5 Research................................................. 51 6 Exploitation 53 6.1 Purpose.................................................. 53 6.2 Countermeasures............................................. 53 6.3 Evasion.................................................. 55 6.4 Precision Strike.............................................. 55 6.5 Customized Exploitation Avenue.................................... 55 6.6 Tailored Exploits............................................. 56 6.7 Zero-Day Angle............................................. 56 6.8 Example Avenues of Attack....................................... 58 6.9 Overall Objective............................................. 58 7 Post Exploitation 59 7.1 Purpose.................................................. 59 7.2 Rules of Engagement........................................... 59 7.3 Infrastructure Analysis.......................................... 61 7.4 Pillaging................................................. 63 7.5 High Value/Profile Targets........................................ 70 7.6 Data Exfiltration............................................. 70 7.7 Persistence................................................ 71 7.8 Further Penetration Into Infrastructure.................................. 71 7.9 Cleanup.................................................. 72 8 Reporting 73 8.1 Overview................................................. 73 8.2 Report Structure............................................. 73 8.3 The Executive Summary......................................... 73 8.4 Technical Report............................................. 75 9 PTES Technical Guidelines 79 9.1 Tools Required.............................................. 79 9.2 Intelligence Gathering.......................................... 82 9.3 Vulnerability Analysis.......................................... 129 9.4 Exploitation............................................... 152 9.5 Post Exploitation............................................. 178 9.6 Reporting................................................. 185 9.7 Custom tools developed......................................... 188 9.8 General.................................................. 188 9.9 Plugins.................................................. 189 9.10 Credentials................................................ 189 9.11 Target Selection............................................. 189 9.12 Access Rules............................................... 189 9.13 Preferences................................................ 189 9.14 Knowledge Base............................................. 190 ii 9.15 General.................................................. 190 9.16 Credentials................................................ 191 9.17 Plugins.................................................. 192 9.18 Preferences................................................ 192 9.19 General.................................................. 197 9.20 Credentials................................................ 198 9.21 Plugins.................................................. 199 9.22 Preferences................................................ 199 9.23 General.................................................. 203 9.24 Credentials................................................ 204 9.25 Plugins.................................................. 205 9.26 Preferences................................................ 205 9.27 Denial of service............................................. 210 9.28 Discovery scan.............................................. 210 9.29 Discovery scan (aggressive)....................................... 211 9.30 Exhaustive................................................ 212 9.31 Full audit................................................. 212 9.32 HIPAA compliance............................................ 213 9.33 Internet DMZ audit............................................ 213 9.34 Linux RPMs............................................... 214 9.35 Microsoft hotfix............................................. 214 9.36 Payment Card Industry (PCI) audit................................... 215 9.37 Penetration test.............................................. 216 9.38 Penetration test.............................................. 216 9.39 Safe network audit............................................ 217 9.40 Sarbanes-Oxley (SOX) compliance................................... 217 9.41 SCADA audit............................................... 218 9.42 Web audit................................................. 218 10 FAQ 221 10.1 Q: What is this “Penetration Testing Execution Standard”?....................... 221 10.2 Q: Who is involved with this standard?................................. 221 10.3 Q: So is this a closed group or can I join in?............................... 222 10.4 Q: Is this going to be a formal standard?................................ 222 10.5 Q: Is the standard going to include all possible pentest scenarios?................... 222 10.6 Q: Is this effort going to standardize the reporting as well?....................... 222 10.7 Q: Who is the intended audience for this standard/project?....................... 222 10.8 Q: Is there a mindmap version of the original sections?......................... 223 11 Media 225 12 Indices and tables 227 iii iv The Penetration Testing Execution Standard Documentation, Release 1.1 Contents: Contents 1 The Penetration Testing Execution Standard Documentation, Release 1.1 2 Contents CHAPTER 1 The Penetration Testing Execution Standard 1.1 High Level Organization of the Standard Fork Disclaimer: Note that this is an unofficial fork, the goal for which is to experiment with an alternative platform for the standard. The official PTES can be located at http://pentest-standard.org/. The penetration testing execution standard consists of seven (7) main sections. These cover everything related to a penetration test - from the initial communication and reasoning behind a pentest, through the intelligence gathering and threat modeling phases where testers are working behind the scenes in order to get a better understanding of the tested organization, through vulnerability research, exploitation and post exploitation, where the technical security expertise of the testers come to play and combine with the business understanding of the engagement, and finally to the reporting, which captures the entire process, in a manner that makes sense to the customer and provides the most value to it. This version can be considered a v1.0 as the core elements of the standard are solidified, and
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages233 Page
-
File Size-