Penetration Testing mailing list archives
Re: Pen Test Main Map updated - source .mm now available
From: "Mario Platt" <mplatt () gmail com>
Date: Tue, 11 Jul 2006 16:40:41 +0100
Hi, As I said last week, I will be giving info about my own map. It, basically, adds definitions of what is (vulnerability scanning, security scanning, penetration testing, risk assessment, security auditing, ethical hacking, security testing), it divides the tools and assessment phases through a metodology that I myself developed, based on many, but I think it integrates easily into OSSTMM, links that check online various network settings, thinks to watch for in google hacking, various ways of checking dns related stuff, host identification, banner grabbing, it adds a few tools, etc. One thing that I do think it would be beneficial to all ways, through this framework, outline a report. I think that with everyone on the list involved, we could make a definite and complete report suitable for all of us. best regards Mário Platt On 7/11/06, killy <killfactory () gmail com> wrote:
Hi Togg, Looking better and better! work I see the section on exploit engines but, what about a section on payload or compromise? More specifically, once you have a shell, then what? plant a rootkit? sniff traffic? plant files? privilege escalation? enumerate internal network? repeat cycle.. just some ideas. I cant wait to see some of the ideas from the list get incorporated. Keep up the good work! On 10 Jul 2006 18:53:54 -0000, Toggmeister () vulnerabilityassessment co uk <Toggmeister () vulnerabilityassessment co uk> wrote: > Hi, > > After all your positive emails and responses I've made a number of tweaks with my map and added extra content: > > > http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html > > > In light of the many requests for the source code for my mindmap and in the spirit of open source I've also made this available: > > > > http://www.vulnerabilityassessment.co.uk/Penetration%20Test.mm > > > Could anyone who uses this and makes any major tweaks, could they repost it/send me a copy. Save me doing some work also ;-)) > > > I will keep adding as time permits, help would be appreciated. I will also look into amending to keep it more in-line with the OSTMM model in the future. > > > Toggmeister > > http://www.vulnerabilityassessment.co.uk/ > > ------------------------------------------------------------------------------ > This List Sponsored by: Cenzic > > Concerned about Web Application Security? > Why not go with the #1 solution - Cenzic, the only one to win the Analyst's > Choice Award from eWeek. As attacks through web applications continue to rise, > you need to proactively protect your applications from hackers. Cenzic has the > most comprehensive solutions to meet your application security penetration > testing and vulnerability management needs. You have an option to go with a > managed service (Cenzic ClickToSecure) or an enterprise software > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can > help you: http://www.cenzic.com/news_events/wpappsec.php > And, now for a limited time we can do a FREE audit for you to confirm your > results from other product. Contact us at request () cenzic com for details. > ------------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Pen Test Main Map updated - source .mm now available Toggmeister (Jul 10)
- Re: Pen Test Main Map updated - source .mm now available brad Causey (Jul 10)
- Re: Pen Test Main Map updated - source .mm now available Ralph Forsythe (Jul 10)
- Re: Pen Test Main Map updated - source .mm now available Pieter Baele (Jul 11)
- Re: Pen Test Main Map updated - source .mm now available Brad Causey (Jul 11)
- Re: Pen Test Main Map updated - source .mm now available Joseph Nicosia (Jul 11)
- Re: Pen Test Main Map updated - source .mm now available Ralph Forsythe (Jul 10)
- Re: Pen Test Main Map updated - source .mm now available brad Causey (Jul 10)
- Re: Pen Test Main Map updated - source .mm now available Ralph Forsythe (Jul 10)
- Re: Pen Test Main Map updated - source .mm now available Mario Platt (Jul 11)
- <Possible follow-ups>
- Re: Pen Test Main Map updated - source .mm now available Marco Ivaldi (Jul 11)