Dark Arts
  • index
  • BUY ME A BOOK
  • 🪄Dark Magic
    • Pentesting
      • Industry Methodologies
    • Scopes of Testing
    • Reconnaissance
      • Passive
        • WHOIS
        • DNS
          • nslookup
          • dig
        • WAF
        • Subdomain
        • Google Dork
        • Misc. Techniques
        • Leaked Passwords
      • Active
        • Browser & Plugins
        • ping & traceroute
        • fping
        • telnet & netcat
        • DNS
          • Zone Transfer
          • DNS Amplification DDoS Attack Breakdown
        • Misc. Techniques
    • Vulnerability Assessment
    • Attack Types
  • 🕷️Aragoogs Nest
    • Web Application Overview & Security
      • Security Testing
      • Common Threats & Risks
    • Web Application Architecture
      • Technologies
    • HTTP/S
      • Message
      • Request
      • Response
        • Status Code
    • Crawling/Spidering
  • 🧪Potions
    • Web Browsers
    • Computer Networking
      • Network Protocol
      • Packets
      • OSI Layer
        • Layer 3: Network
        • Layer 4: Transport
      • DNS
        • Primary-Secondary
        • Local Name Resolution
        • Domain Hierarchy
        • FQDN
        • Lookups
        • DNS Resolution
        • DNS Records
        • Security: Attack-Defense (Default)
  • 🎆Spells
    • 📜Linux Scroll
    • 📜WebShell Scroll
    • git
      • Attacks + Vulnerabilities
  • 🖼️Flaws w/ Magical Frameworks
    • Windows
      • In a Nutshell
      • CVE-2019-0708: BlueKeep
      • CVE-2017-0144: EternalBlue: MS17-010
      • Attacking Services
        • MS IIS - WebDAV
        • SMB
        • HTTP File Server (HFS)
        • Apache Tomcat Web Server
        • RDP
        • WinRM
      • File System Vulnerabilities
      • Credential Dumping
        • Password Search in Windows Configuration Files
        • Mimikatz
        • Pass-the-Hash Attack
    • Linux
      • In a Nutshell
      • CVE-2014-6271: Shellshock
      • Attacking Services
        • FTP
        • SSH
        • SAMBA
        • SMTP
        • RSYNC
      • Dumping Hashes
  • 🌼Marauder's Boost
    • Privilege Escalation
    • Windows PrivEsc
      • Windows Kernel Exploit
      • Bypassing UAC
      • Access Token Impersonation
    • Linux PrivEsc
      • Linux Kernel Exploit
      • Misconfigured Cron Jobs
      • Exploiting SUID Binaries
      • shells
      • File Permissions
  • ☠️Death Eaters
    • Post Exploitation
      • Windows
      • Linux
  • 🪄OLLIVANDERS
    • nmap
      • Host Discovery
      • Port Scan
      • Service & OS
      • NSE
      • Firewall/IDS Evasion
      • Scan Optimization
      • Misc. Methods
    • ffuf
    • Hydra
    • Metasploit Framework
      • Architecture
      • Must to Know
      • msfvenom
      • Auxiliary Modules
      • Service Enumeration
      • Vulnerability Scanning
      • Imports
      • Automating
    • Vulnerability Scanners
    • Wireshark
  • 🚂Platform 9(3/4)
    • Auth-Auth
      • Authentication
        • Password-based Authentication
        • Basic Authentication
        • Multi-factor Authentication
        • Access Token
        • Token-based Authentication
          • JWT
          • OAuth 2.0
    • Secure Headers
      • Content-Security-Policy (CSP)
    • Cryptography
      • Caesar Cipher
  • ⛲Port Pensieve
    • Enumeration
      • SMB & NetBIOS
      • SNMP
    • Wordlists
  • 🔆DUELS
    • Pivoting
    • SMB Relay Attack
  • 🗺️Marauder's Map
    • Web Application Pentesting
    • API Pentesting
      • GraphQL
        • Primer
    • Mobile Application Pentesting
  • 🎧SIDE CHANNEL
    • Side Channel Analysis
    • Timing Side-Channel Attacks
      • Vulnerable Login
  • 🥃Sky
    • Cloud Basics
    • Cloud Management
      • Shared Responsibility Model
    • Using Cloud Resources
      • Monitoring & Alerts
      • Identity & Access Management
      • Scalability & Availability
      • Solution Design
    • Cloud Providers
    • Cloud Security & Regulatory Compliance
      • Resource Protection
      • ICCA: Cloud Security & Regulatory Compliance
    • ICCA Preparation
      • Knowledge Tests
      • Lab
  • 🔷Obsidian
    • Pentest Engagement
      • Scoping
    • Pentest Ethics
      • Rules of Engagement
    • Auditing Fundamentals
      • Process/Lifecycle
      • Pentest & Security Auditing
      • GRC
      • Standards, Frameworks & Guidelines
      • From Audit to Pentest
  • 💢Threat Modeling
    • Why Threat Model?
  • 📡THREAT INTEL
    • Threat Intelligence
    • Tool Dump
  • 📱Anything-Mobile-IoT
    • Firmware
    • Firmware Analysis
      • Example: CVE-2016-1555
    • Firmware Installation/Flashing
  • 🎉Mischeif
    • Social Engineering
    • Phishing
      • GoPhish
    • Pretexting
Powered by GitBook
On this page
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • OWASP
  • NIST Cybersecurity Framework 1.1
  • NCSC Cyber Assessment Framework (CAF)
  1. Dark Magic
  2. Pentesting

Industry Methodologies

PreviousPentestingNextScopes of Testing

Last updated 9 months ago

Open Source Security Testing Methodology Manual (OSSTMM)

The Open Source Security Testing Methodology Manual (OSSTMM) is a comprehensive and open framework for conducting security tests and assessments. It provides a structured approach to evaluate the security of systems, networks, processes, and physical security controls. OSSTMM covers a wide range of security domains, including information security, operational security, and human security.

The manual outlines best practices for ethical hacking, risk assessment, and security auditing, ensuring that security professionals have a standardized methodology to follow. Its goal is to help organizations measure and improve their security posture while remaining transparent and consistent in their testing processes.

The methodology focuses primarily on how these systems, applications communicate, so it includes a methodology for:

  • Telecommunications (phones, VoIP, etc.)

  • Wired Networks

  • Wireless communications

Advantages

  • Covers a wide range of testing strategies in-depth.

  • Includes specific strategies for targeted areas like telecommunications and networking.

  • Flexible and adaptable to an organization’s specific needs.

  • Provides a standard methodology for penetration testing across systems and applications.

Disadvantages

  • The framework is complex, detailed, and uses unique definitions, making it difficult to understand.

OWASP

OWASP is a community-driven framework designed specifically to test the security of web applications and services. It is frequently updated, providing comprehensive reports that highlight the top ten security vulnerabilities, along with guidance on testing approaches and remediation strategies.

Advantages

  • Easy to learn and implement.

  • Actively maintained with regular updates.

  • Covers all stages of an engagement, including testing, reporting, and remediation.

  • Specializes in web applications and services.

Disadvantages

  • Vulnerability types in web applications may overlap, making it unclear which specific vulnerability is present.

  • Does not offer guidance for specific software development life cycles (SDLCs).

  • Lacks accreditation such as CHECK.

NIST Cybersecurity Framework 1.1

The NIST Cybersecurity Framework is a widely-used framework designed to help organizations improve their cybersecurity standards and manage risks from cyber threats. It is popular due to its thoroughness and applicability across sectors, from critical infrastructure (e.g., power plants) to commercial enterprises. However, it provides limited guidance on specific methodologies for penetration testers.

Advantages

  • By 2020, it was estimated to be used by 50% of American organizations.

  • Highly detailed in setting cybersecurity standards to help mitigate cyber threats.

  • Frequently updated to reflect current security challenges.

  • NIST offers accreditation for organizations that adopt the framework.

  • Can be used alongside other cybersecurity frameworks for enhanced protection.

Disadvantages

  • Multiple iterations of NIST frameworks can make it difficult for organizations to choose the right one.

  • Weak auditing policies make it harder to determine how breaches occur.

  • The framework does not adequately address cloud computing, which is increasingly critical for modern organizations.

NCSC Cyber Assessment Framework (CAF)

The Cyber Assessment Framework (CAF) is a comprehensive framework consisting of fourteen principles designed to evaluate the risk of various cyber threats and an organization’s defenses. It is particularly relevant for organizations that provide "vitally important services and activities," such as critical infrastructure and banking. The framework focuses on key areas including: Data Security, System Security, Identity and Access Control, Resiliency, Monitoring, Response and Recovery Planning.

Advantages:

  • Backed by a government cybersecurity agency, providing credibility and authority.

  • Offers accreditation for organizations that meet its standards.

  • Covers a broad range of topics with fourteen principles addressing security, response, and recovery.

Disadvantages:

  • As a newer framework, it may not yet be fully integrated into industry practices, and organizations might need time to adapt.

  • Based on principles rather than specific rules, which can be less straightforward compared to other frameworks.

🪄
https://www.isecom.org/OSSTMM.3.pdf
OWASP Foundation | Open Source Foundation for Application Security
Logo
Cybersecurity FrameworkNIST
Logo
CAF Objective A - Managing Security Risk
Logo