Security Audit & Pentest
Perform a detailed security assessment of computers, networks and network services.
Approaches and goals:
Investigate network and application layers
Spot design and implementation flaws
Spot network and operating system misconfigurations
Execution: Local or remote, blackbox or graybox
Check for existing operational security (OPSEC)
Check for OWASP Application Security Risks (WSTG v4.2)
Match w/ publicly known vulnerabilities
Attack classes and methods:
Brute force, pass-the-hash and cracking
Remote Code Execution (RCE)
Local/Remote File Inclusion (LFI/RFI)
Cross-Site Request Forgery / Scripting (CSRF/XSS)
Database Injection (e.g. SQLi)
Privilege Escalation (LPE/PX)
Pivoting/Proxying, Man-in-the-Middle (MitM)
Manual Vulnerability Exploitation and Verification
