Results 1 to 5 of 5

Thread: Research

Hybrid View

  1. #1
    Junior Member jirtos's Avatar
    Join Date
    Jan 2011
    Posts
    28

    Default Research

    Hi all,

    i just want to ask you for little aid and some of your time.
    The point is, that during my PhD. study i am, among other things, working on a bridge from results from pentests to risk management according to ISO 27001 standard. For this, i would like to use (well, i need to use) little statistics about methodology that you are using for penetration testing. So my request is, if u can post a methodology used by you.
    For instance i am using OSSTMM since first version (from year 2001) till today (so currently i am working over OSSTMMv3).

    Thanks for your time and responses.

  2. #2
    Senior Member
    Join Date
    Feb 2010
    Posts
    146

    Default Re: Research

    generally speaking any and all methodologies used by a company and it's employees is the intellectual property of said company, no matter how generic the methodology may be. it may be better to request this information from companies themselves and include them in the study
    open source = open minds, human knowledge belongs to the world

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Research

    You should subscribe the the security focus mailing lists, and ask there. You will find better suited answers.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Junior Member jirtos's Avatar
    Join Date
    Jan 2011
    Posts
    28

    Default

    Quote Originally Posted by Archangel-Amael View Post
    You should subscribe the the security focus mailing lists, and ask there. You will find better suited answers.
    Yeap, true in that. I am a member of few security teams and academic partnership programs, so i am going this way also. This was mainly intended to be a general statistic that can be used in first chapter or even abstract. Thats why there is no specification required, only general point of view. According to this, i need to thank all replies so far. Because for that kind of general purpose even no answer is a good answer.

    Quote Originally Posted by crweedon View Post
    generally speaking any and all methodologies used by a company and it's employees is the intellectual property of said company, no matter how generic the methodology may be. it may be better to request this information from companies themselves and include them in the study
    thats not entirely true. A lot of companies and groups are proud on using certified techniques or standards, of course, the actual detailed procedure is often their secret, but the basic approach is usually defined and publicly stated.
    Last edited by Archangel-Amael; 03-18-2011 at 11:51 AM.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Research

    The basic methodology I see used nearly everywhere is as follows (though each step may have a different name or slightly different activities or be divided slightly differently....kind of like programming a loop is a loop is a loop even if the syntax is slightly different).

    The following steps assume a zero starting knowledge assessment or penetration test.
    1) Open Source Intelligence Gathering (OSI) - Google the company, google details or the company, check LinkedIn, domain dossier, DNS lookups, ARIN/RIPE/APNIC, etc (Think about using FOCA, Maltego, etc)
    2) Reconnaissance - Based on your OSI results do some tests to see what machines are live in their IP/name space and see what basic services they might be offering. (Think about using nmap, amap, ike-scan, ping, whois, nslookup, host, etc)
    3) Identification - Now that you know what machines are there try to identify specific services and OS versions etc. (Think about using nmap version scans w/ NSE, etc)
    3) Vulnerability Assessment - Now that you know what machines are there and what stuff is on them then fire up some actual VA "scanners". (Think about using Nessus, OpenVAS, etc)
    3b) Vulnerability Research - Based on the info from steps 2 & 3 search Secunia and other vulnerability databases to identify issues which may impact the target's technologies etc. (This includes not only services/OS level stuff but also web apps, etc)
    4) Vulnerability Exploitation - Now that you know what machines are there, what they're running, and what issues they might be vulnerable to...actually try to exploit said weaknesses.

    5) Reporting.....
    Last edited by thorin; 03-21-2011 at 05:10 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Similar Threads

  1. private research - setting up a malware lab
    By brtw2003 in forum Experts Forum
    Replies: 3
    Last Post: 03-14-2011, 11:49 AM
  2. Browser exploit research
    By n37w4lk3r in forum Beginners Forum
    Replies: 3
    Last Post: 11-02-2010, 06:04 AM
  3. Suggested Links (Reading/Research/Newbies)
    By thorin in forum Beginners Forum
    Replies: 9
    Last Post: 09-23-2010, 01:36 PM
  4. My Rainbow Table Research....
    By >Dart> in forum OLD Pentesting
    Replies: 9
    Last Post: 09-10-2008, 09:56 PM
  5. Wireless Card Research.
    By crashreb0ot in forum OLD Newbie Area
    Replies: 3
    Last Post: 07-04-2007, 05:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •