Red Team Toolkit
  • 👊Welcome!
  • Methodology
    • MITRE
    • NIST
    • OWASP
    • PTES
    • SANS
  • Reconnaissance
    • DNS Recon
    • Open Source Intelligence
    • Web Application Recon
  • Initial Access
    • Phishing
    • Web Authentication Bypass
    • Network Services Attacks
    • Breaching Active Directory
    • Windows Exploits
    • Linux Exploits
    • SQL Injection
    • XSS
    • Burp Suite
    • Hyrdra
    • Metasploit
    • Nessus
    • Wordlists
    • OWASP ZAP
  • Discovery
    • NMAP
    • PowerView
    • Active Directory Enumeration
    • Windows Post Exploitation Discovery
    • Linux Post Exploitation Discovery
    • Other Scanning Methods
  • Privilege Escalation
    • Password Cracking
    • AD Privilege Escalation
    • Local Windows Privilege Escalation
    • Linux Privilege Escalation
    • Mimikatz
  • Movement
    • Movement
    • Evasion
  • Collection
    • Persistence
    • Exfiltration
  • Other
    • Bookmarks
    • OpeSec
Powered by GitBook
On this page
  • Background
  • Steps
  • Resources

Was this helpful?

  1. Methodology

SANS

PreviousPTESNextReconnaissance

Last updated 1 year ago

Was this helpful?

The SANS Penetration Testing Framework is a structured methodology for conducting comprehensive and consistent penetration testing.

Background

The SANS Penetration Testing Framework was developed by the , a leading provider of cybersecurity education and training. The framework was designed to provide a comprehensive and standardized approach to penetration testing that can be used by organizations of all sizes and industries. It draws upon the collective knowledge and experience of SANS instructors and practitioners in the field of cybersecurity.

Steps

The SANS Penetration Testing Framework includes the following steps:

  1. Pre-engagement: Define scope, goals, and rules of engagement for the testing.

  2. Intelligence gathering: Gather information about the target environment to identify potential vulnerabilities.

  3. Threat modeling: Analyze the information gathered to identify the most likely attack vectors and potential attack scenarios.

  4. Vulnerability analysis: Conduct a detailed assessment of the target environment to identify potential vulnerabilities.

  5. Exploitation: Attempt to exploit identified vulnerabilities to gain access to target systems.

  6. Post-exploitation: Maintain access to the target environment and escalate privileges.

  7. Reporting: Document the findings of the testing process and provide recommendations for remediation.

  8. Cleanup: Remove any tools or artifacts left behind during the testing process and restore the environment to its original state.

Resources

Available online here:

SANS Conducting a Penetration Test White Paper
https://sansorg.egnyte.com/dl/CqDcmgwKE3
SANS Institute
Background
Steps
Resources