>> Practical Security Assessment (Penetration Testing) or
How to Get Paranoid


The material will be used from different sources as well as from my own experience. However, there two particular books that you should look into if you see cybersecurity as your possible future career: Hacker Playbook 2 and Hacker Playbook 3

Also, I found that this books is a good one to get really deep and really serious into pentesting: Advanced Penetration Testing: Hacking the World's Most Secure Networks


  • Hacker VS Pentester?
    • Free-for-all VS Written authorization
  • Types of a pentest

Abstract methodology

Any methodology is not a holy grail => develop your own

  • Planning
  • Non-intrusive target search
  • Intrusive target search
  • Remote target assessment
  • Local target assessment
  • Data analysis
  • Reporting

Penetration Testing Execution Standard

  • Pre-engagement interactions
    • Scope!!!
    • What if we identified something out of the scope?
  • Intelligence gathering
    • Open-Source Intelligence (OSINT): passive | semi-passive | active
  • Threat modeling
    • What-if scenarios
      • What if we lose an asset?
      • What is the asset's net value?
    • What do we need from the organization to do threat modeling?
      • Documentation | assets | threats
  • Vulnerability analysis: Look for flaws
  • Exploitation
    • Establish and gain access
  • Post-exploitation
    • Backdoors that will clean itself
    • Privilege escalation
    • Access to sensitive data
    • DoS - whoops, scope?
  • Reporting
    • Result: improve security, mitigate issues
    • Executive summary
    • Technical report
    • Risk assessment
    • Conclusion, remediation plan

Penetration Testing Methodology by Peter Kim

  • Intelligence Gathering
  • Initial Foothold
  • Local/Network Enumeration
  • Local Privilege Escalation
  • Persistence
  • Lateral Movement
  • Domain Privilege Escalation
  • Dumping Hashes
  • Data Identification/Exfiltration
  • Reporting



  • Passwords should never be included in the report, even in a hash form
  • Running binaries/scripts that you have not verified

Study Materials

Licensed under GNU General Public License v3.0 © Vitaly Ford