TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

Six Tips for Managing Penetration Test Data

BHIS · 2023-05-25 · Read original ↗

ATT&CK techniques detected

9 predictions
T1003.003NTDS
98%
"as “ / ”, will return many results outside of what you were probably looking for. however, ag is also a great way to scrape mounted shares for information about stored passwords. you could utilize “ ag password = ” or a similar variation to search an entire mounted share for pote…"
T1046Network Service Discovery
98%
"for your supporting archive. granted, this is simply a method i use to gather low - hanging fruit during an assessment. feel free to design your own scripts, but ensure they adhere to a philosophy of generating strong logs and building evidence for your archive! tip 5 : use the s…"
T1018Remote System Discovery
96%
"range of hosts. we will also break the below command down into its individual components to ensure maximum clarity. also, kindly take note of the bolded text. for ip in $ ( cat / home / tester / testing / targets. txt ) ; do nmap - vvv - pn - t4 - sv $ ip - on / home / tester / t…"
T1018Remote System Discovery
94%
"using a list of ip cidr ranges, it generates a list of hosts that are alive, and creates a log file of those living hosts, targets. txt. this is saved to our archive. - it uses the new targets. txt file to perform two nmap operations. the first operation enumerates all of our hos…"
T1018Remote System Discovery
94%
"often have their own unique case uses, for the intent of a thorough supporting archive, we would want to rely on - on. the reason for this is that normal output is a simple text file that contains our information. simplicity is a good thing and can allow us to use equally simple …"
T1046Network Service Discovery
80%
"clever ways to utilize the information we gain, could we? with the above bullet points in mind, we can now use our archive in a way that allows it to further build on itself, thereby saving us even more time. this time, due to the nature of our work, can instead be put towards po…"
T1018Remote System Discovery
76%
"home / tester / testing / fping - sweep. txt ; done # # # trimming our list of living hosts into a usable list of targets and outputting it to targets. txt in our archive # # # cat fping - sweep. txt | grep alive | cut - d ” ” - f 1 > / home / tester / testing / targets. txt # # …"
T1046Network Service Discovery
55%
". this is great, because it not only allows you to rapidly look at the crucial information about open ports but the data can be trimmed even further with something like the below command, which will rapidly produce a list of hosts running ssh : ag open | grep ssh | sort - vu simi…"
T1046Network Service Discovery
36%
"home / tester / testing / fping - sweep. txt ; done # # # trimming our list of living hosts into a usable list of targets and outputting it to targets. txt in our archive # # # cat fping - sweep. txt | grep alive | cut - d ” ” - f 1 > / home / tester / testing / targets. txt # # …"

Summary

John Malone // Introduction Information is power. This sentiment also holds true when discussing the creation of a supporting archive. A supporting archive is something that we put together to […]

The post Six Tips for Managing Penetration Test Data appeared first on Black Hills Information Security, Inc..