Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
13 hours 9 minutes
Hello and congratulations on reaching the penetration Testing execution standard Summary.
And again, you have put in a lot of hard work and a lot of dedication to going through the penetration testing execution standard, whether as a business owner, sock manager or a tester, so that you could better understand best practices surrounding penetration, testing and it's methodologies.
So what should we have picked up? Well, we went into pre engagement interactions where we went over a number of different areas to include introduction of scope all the way through to rules of engagement. We talked about intelligence gathering and background concepts and Level 12 and three intelligence target selection. Oh sent foot printing and identifying protection mechanisms.
We looked at threat modeling and a general process for doing so. We looked at asset analysis and process analysis within businesses, threat agent analysis, capability analysis, motivation, modeling and finding relevant news within touched on vulnerability analysis with testing, active testing, passive testing, validation and research
as the discussion topics,
we moved on into exploitation. The purpose countermeasures, evasion, precision strike, customized exploitation avenue, zero day angle example, am unease of attack and the overall objectives being reviewed. We then got into post exploitation, reiterating rules of engagement,
how we could go about data, exfiltration and some considerations, their persistence.
And then why important? Why it was important to clean up after ourselves and ensure that we don't leave a mess on our client network.
We wrapped it all up with reporting what makes up a sound executive summary as well as a sound technical report reminding everyone that this is not the end all be all in reporting. It's simply a recommendation. I encourage you to read various examples and find something that fence your need as well as the need of your clients.
So what? That I want to thank you for your time and joining me in the penetration Testing Execution Standard Review
until we meet again.