This section will contain training/notes on these topics:
- Penetration Testing Techniques
- WebApp Penetration Testing Techniques
- Vulnhub Practice
NOTE: I will not explain the basics in this section at all. If you are having trouble following along, please reference back to the InfoSec Core Concepts section.
What is Red Team (Offense)?
According to DoDD 8570.1, a Red Team is: “An independent, focused threat-based effort by an interdisciplinary, simulated adversary to expose and exploit vulnerabilities to improve IS security posture.”
Penetration Testing Techniques
Web App Penetration Testing Techniques
VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
My first CTF: Sectalks-bne0x03:
VM is available at: https://www.vulnhub.com/entry/sectalks-bne0x03-simple,141/
Here is the documented process of how I cracked this box and found the flag:
- SecTalks BNE0x03 – Simple (PDF)
- Screenshot of the flag:
The tools I utilized for this VM were:
- NMAP – https://nmap.org/
- Nikto – https://cirt.net/Nikto2
- Dirb – http://tools.kali.org/web-applications/dirb
- Burp-Suite – https://portswigger.net/burp/