diff --git a/taxonomies.html b/taxonomies.html index a654ecd..903326b 100755 --- a/taxonomies.html +++ b/taxonomies.html @@ -481,6 +481,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
+ + | ++pentest namespace available in JSON format at this location. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. + | +
pentest classification.
+This is group is dealing with differents types of pentest
+Blackbox penetration test requires no prior information about the target network or application and is actually performed keeping it as a real world hacker attack scenario. (https://www.evolution-sec.com/en/products/blackbox-penetration-testing)
+Gray box testing lies between black and white. Testers will have knowledge of some areas but not others. These areas are defined at the start of an engagement.(https://www.intelisecure.com/security-assessments-pen-testing/approaches/)
+White box, or authenticated tests, target the security of your underlying technology with full knowledge of your IT department. Information typically shared with the tester includes: network diagrams, IP addresses, system configurations and access credentials.(https://www.intelisecure.com/security-assessments-pen-testing/approaches/)
+Vulnerability scanning is a security technique used to identify security weaknesses in a computer system. (https://www.techopedia.com/definition/4160/vulnerability-scanning)
+A red team is an group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view without any predefined scope. (https://en.wikipedia.org/wiki/Red_team)
+Automated tool that perform network checks
+A scan against multiple ports of a single IP.
+A scan against a group of IPs for a single port.
+It is the discovery of networks and machines with services.
+Vulnerability scanning is a security technique used to identify security weaknesses in a computer system. (https://www.techopedia.com/definition/4160/vulnerability-scanning)
+Exploitation of a vulnerability
+Utilizing post exploitation techniques will ensure that a penetration tester maintains some level of access and can potentially lead to deeper footholds into the targets trusted infrastructure. (https://www.offensive-security.com/metasploit-unleashed/msf-post-exploitation/)
+Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. (https://en.wikipedia.org/wiki/Privilege_escalation)
+Pivoting refers to a method used by penetration testers that uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines. (https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting)
+Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. (https://en.wikipedia.org/wiki/Password_cracking)
+The persistence is when a penetration tester let him a way to keep its exploitation on a machine or a domain even if the system is rebooted.
+After an exploitation of a machine, a penetration tester will try to exfiltrate sensitive data.
+This is group is dealing with web vulnerabilities
+Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or "inject") code into a vulnerable computer program and change the course of execution. (https://en.wikipedia.org/wiki/Code_injection)
+An SQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the SQL backend database. The malicious data then produces database query results or actions that should never have been executed.(https://www.techopedia.com/definition/4126/sql-injection)
+An NoSQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the NoSQL backend database. The malicious data then produces database query results or actions that should never have been executed.
+XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application. Further, XML injection can cause the insertion of malicious content into the resulting message/document.(http://projects.webappsec.org/w/page/13247004/XML%20Injection)
+Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.(https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
+Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network. (https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/)
+Cross-site scripting (XSS) is a security breach that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user’s browser or by an application that has not protected itself against cross-site scripting. (https://www.webopedia.com/TERM/X/XSS.html)
+The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. (https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion)
+A web tree discovery is a brute force directories and files names on web/application server
+A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. (https://en.wikipedia.org/wiki/Brute-force_attack)
+Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. (https://en.wikipedia.org/wiki/Fuzzing)
+This is group is dealing with network vulnerabilities
+Sniffing involves capturing, decoding, inspecting and interpreting the information inside a network packet on a TCP/IP network. (http://www.valencynetworks.com/articles/cyber-security-attacks-network-sniffing.html)
+Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security. (https://www.techopedia.com/definition/5398/spoofing)
+man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. (https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
+It is the discovery of networks and machines with services.
+Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. (https://krashconsulting.com/index.php/services/sea/)
+Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. (https://en.wikipedia.org/wiki/Phishing)
+Malware, short for malicious software, is an umbrella term used to refer to a variety of forms of harmful or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. (https://en.wikipedia.org/wiki/Malware)
+This is group is dealing with the classification of weaknesses and vulnerabilities
+Targeted to developers and security practitioners, the Common Weakness Enumeration (CWE) is a formal list of software weakness types. (https://cwe.mitre.org/about/)
+Common Vulnerabilities and Exposures (CVE) is a dictionary-type list of standardized names for vulnerabilities and other information related to security exposures. (https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)
+