Knowledge Bank
  • 🔭About Us
    • 👋Welcome to Securescape!
  • 👶Fundamentals
    • 🖥️Operating Systems (WIP)
      • Introduction to Operating Systems
      • Processes and Process Management
        • 📠Processes
        • 🧵Threads
        • 📅Scheduling
      • Memory Management
        • Virtual Memory Management
      • Storage Management
      • I/O Management
    • 🐧Linux (WIP)
      • Introduction to Linux
      • Linux System Management
    • ⚡Programming (WIP)
      • 🔗Assembly
      • 💪C(++/#)
      • 🐍Python
      • 👑Nim
      • 🔨Bash
        • Introduction to Bash Scripting
        • Variables, Loops, and Port Scanner
    • 🚩Networking (WIP)
      • 📶Networking 101
        • 🕸️Networking Basics
        • 🛑Protocols
        • 🧓IPv4
        • 🧒IPv6
      • 🪡Packet Tracer
        • Interface
        • Connections
        • Creating Networks
        • Virtual LANS & Trunks
      • 🕸️Subnetting
      • 🕵️Network Security
    • ✍️Report Writing (WIP)
      • 🔍Research Skills
      • 🏗️Structuring a Report
      • 🗃️Creating Templates
  • 🦂General Security
    • 🗒️Methodologies
      • 🇭🇰OSSTMM
      • 🐝OWASP
        • Web Security Testing Guide
        • Mobile Security Testing Guide
      • 🦅NIST
      • 🥢PTES
      • ⛓️Cyber Killchain
    • 🍔Binary Exploitation
      • ir0nstone's Binary Exploitation Notes
    • 🎩Cheat Sheets
      • Enumeration
        • Network Scan
        • Vulnerability Scan
        • Web Scan
      • Exploitation
        • Page 1
        • Payloads & Shells
      • Post Exploitation
        • Lay of The Land
        • Persistence
        • Data Exfiltration
        • Pivoting
      • Command & Control
      • Disassembly
        • ☢️Radare2
        • 🥜GDB
      • CEH Cheatsheet
  • ⚔️Offensive Security
    • 💡Hardware Exploitation
      • Intro to Hardware
    • 🥷Red Team
      • 🦠Malware Development
        • Crow Malware Development
        • 🪡C# Malware
      • 🏭Offensive Development
        • 🔧Offensive DevOps
          • 🏷️GitLab
            • GitLab Setup
            • Simple Calculator Project
            • Making our CI/CD Pipeline
            • Build Artifacts
          • 🌆TeamCity
            • TeamCity Setup
            • Creating TeamCity Projects
            • Obfuscating Payloads
          • 🍷Jenkins (WIP)
            • Jenkins Setup
            • Creating Pipelines
            • Managing Projects
            • API Interaction
        • 🏗️Infrastructure Development (WIP)
          • 🎮Command & Control Infrastructure
            • 🤖Command & Control Anatomy
              • Command & Control Frameworks
              • Ⓜ️Metasploit Framework
                • Installing Metasploit
                • Metasploit Basics
                • Advanced Features
                • Metasploit Documentation
              • 🐲Mythic Framework
                • Installing Mythic
                • Malleable Command & Control
                • All About Agents
                • Services
                • Mythic Documentation
            • 🚥Traffic Redirection
              • Nginx
              • Amazon Web Services
              • Microsoft Azure
              • Google Cloud Platform
              • Cloudflare Workers
            • 🥷Covert Infrastructure
              • Ensuring Resiliency
              • Traffic Masking
              • Network Rules
          • 🎣Phishing Infrastructure
            • 📧Email Anatomy
            • 🐟Phishing Infrastructure Setup
            • 🚚Payload Delivery
            • 🚩Removing Red Flags
          • 🪄Infrastructure as Code
            • 🏝️Terraform
              • Interacting with Docker
              • Going to the Cloud
              • Hybrid Deployment
            • 🧊Pulumi
            • 🎼Ansible
          • ⚙️Infrastructure Automation
            • 🦴Structuring our Project
            • 🏭Automating Server Setups
            • 🎼Orchestrating our Infrastructure
            • 🔧CI/CD Integration
      • 🏙️Active Directory (WIP)
        • Active Directory Overview
        • Authentication
        • AD Lab
      • Red Team Operations - Joas Santos
  • 🛡️Defensive Security
  • 📻Software Defined Radios
    • ⚠️Disclaimer
    • 📡Baofeng
      • Programming
  • 🧑‍🔬Home Lab
    • 💨Virtualisation
      • 🔸Proxmox
  • 🏁Capture The Flag
    • 🧊HackTheBox
      • 👾Cyber Apocalypse
        • Cyber Apocalypse 2023
    • 🐤TryHackMe
      • 🎄Advent of Code
      • 🚪Rooms
        • 🐥Basic Pentesting
        • 👨‍💻Blog
      • 👟Paths
    • 🏳️Competitions
      • Nahamcon
        • Nahamcon 2023
          • Binary Exploitation
            • Open Sesame
      • 👁️Iris CTF
  • 🦺DRAFTS
    • GS
      • 📱Mobile Application Security
      • 👨‍🔬Reverse Engineering
      • 🌐Web Application Security
      • 📌Information Security
      • 🔒Cryptography
      • 🤫Operational Security
    • DS
      • 🧠Threat Intelligence
        • 🦌ELK Stack
          • 🤸Elasticsearch
          • 🏕️Kibana
          • 🦤SELKS
        • 🚓Yara
      • 🏹Threat Hunting
      • 🧬Malware Analysis
        • Fundamentals
      • 🔬Forensics
        • 📶Network Forensics
          • 🦈Wireshark
          • 🥟TCP Dump
        • 💾Memory Forensics
          • ⚡Volatility
        • 💽Disk Forensics
          • 🐕Autopsy
        • 🪟Windows Forensics
        • 🐧Linux Forensics
      • 🌲Security Operations
        • Intrusion Detection & Prevention
          • 🐛Splunk
            • Splunk Basics
            • Integrating Suricata with Splunk
          • 🐗Suricata
            • Intro to Suricata
          • 🐽Snort
            • Snort Basics
        • Security Information and Event Management (SIEM)
        • Security Orchestration, Automation and Response (SOAR)
    • HL
      • 🖥️Hardware
    • OS
      • 📶Network Exploitation
      • 🌩️Cloud Exploitation
Powered by GitBook
On this page
  • What are Methodologies?

Was this helpful?

Edit on GitHub
  1. General Security

Methodologies

Penetration Testing and Red Team Methodologies

PreviousCreating TemplatesNextOSSTMM

Last updated 1 year ago

Was this helpful?

What are Methodologies?

These are globally recognised standards for Red and Blue teams. The purpose of having methodologies is to set a standard across every country or company.

OSSTMM

The Open Source Security Testing Methodology Manual (OSSTMM) is a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance. OSSTMM can be supporting reference of ISO 27001 instead of a hands-on or technical application penetration testing guide. ~

OWASP

The Open Web Application Security Project Methodology covers 3 parts - Web Security (WSTG), Mobile Security (MSTG), and Firmware Security. They are most popularly known by the OWASP Top 10 ratings for popular Web Vulnerabilities for each given year. OWASP also creates labs such as DVWA and Juice Shop where you can practice and learn about their Top 10 vulnerabilities and how to exploit them.

NIST

The NIST Cyber Security Framework covers the Blue Team Methodology of Identify, Protect, Detect, Respond and Recover. They set standards on best practices, Guidelines and Standards for managing cyber security risks. Additionally, NIST provides to teach end users how to use their framework, and how to implement them into their businesses and lives.

PTES

The Penetration Testing Execution Standard (PTES) is the most recent (and arguably the most complete overall) penetration testing methodology to date. It was developed by a team of information security practitioners with the aim of addressing the need for a complete and up-to-date standard in penetration testing. ~

Cyber Killchain

Developed by Lockheed Martin, the Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.

The seven steps of the Cyber Kill Chain® enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques and procedures. ~

OWASP
free online learning
FutureLearn
Lockheed Martin
🦂
🗒️
Page cover image