mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-29 15:54:05 -06:00
38 lines
3.5 KiB
Markdown
38 lines
3.5 KiB
Markdown
|
||
#cyber #redteam #pentest
|
||
|
||
## OWASP Testing Guides
|
||
|
||
In terms of technical security testing execution, the OWASP testing guides are highly recommended. Depending on the types of the applications, the testing guides are listed below for the web/cloud services, Mobile app (Android/iOS), or IoT firmware respectively.
|
||
|
||
- [OWASP Web Security Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
|
||
- [OWASP Mobile Security Testing Guide](https://owasp.org/www-project-mobile-security-testing-guide/)
|
||
- [OWASP Firmware Security Testing Methodology](https://github.com/scriptingxss/owasp-fstm)
|
||
|
||
# PTES Technical Guidelines
|
||
|
||
technical guidelines that help define certain procedures to follow during a penetration test.
|
||
|
||
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
|
||
|
||
|
||
* 0- Pyhsical Attacks
|
||
* [1 -](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#1---discovering-hosts-inside-the-network--discovering-assets-of-the-company) [Discovering hosts inside the network](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-network/index.html#discovering-hosts) / [Discovering Assets of the company](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/external-recon-methodology/index.html)
|
||
* [**2-**](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#2--having-fun-with-the-network-internal) [**Having Fun with the network**](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-network/index.html) **(Internal)**
|
||
* [3-](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#3--port-scan---service-discovery) [Port Scan - Service discovery](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-network/index.html#scanning-hosts)
|
||
* [**4-**](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#4--searching-service-version-exploits) [Searching service version exploits](https://book.hacktricks.wiki/en/generic-hacking/search-exploits.html)
|
||
* [**5-** Pentesting Services](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#5--pentesting-services)
|
||
* [6-](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#6--phishing) [Phishing](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/phishing-methodology/index.html)
|
||
* [**7-**](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#7--getting-shell) [**Getting Shell**](https://book.hacktricks.wiki/en/generic-hacking/reverse-shells/index.html)
|
||
* [8- Inside](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#8--inside)
|
||
* [**9 -**](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#9---exfiltration) [**Exfiltration**](https://book.hacktricks.wiki/en/generic-hacking/exfiltration.html)
|
||
* [**10- Privilege Escalation**](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#10--privilege-escalation)
|
||
* [11 - POST](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#11---post)
|
||
* [12 - Pivoting](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html#12---pivoting)
|
||
|
||
|
||
|
||
[https://lolbas-project.github.io/](https://lolbas-project.github.io/)
|
||
|
||
[https://gtfobins.github.io/](https://gtfobins.github.io/)
|