đŸš©
THM Walkthroughs
  • THM Walkthroughs
    • đŸ§‘â€đŸ«Tutorial
  • 🟩Difficulty: Info
    • 🔌What is Networking?
    • 🔌Intro to LAN
    • 🐧Linux Fundamentals
      • 🐧Linux Fundamentals Part 1
        • Task 2 - A Bit of Background on Linux
        • Task 4 - Running Your First few Commands
        • Task 5 - Interacting With the Filesystem!
        • Task 6 - Searching for Files
        • Task 7 - An Introduction to Shell Operators
      • 🐧Linux Fundamentals Part 2
        • Task 3 - Introduction to Flags and Switches
        • Task 4 - Filesystem Interaction Continued
        • Task 5 - Permissions 101
        • Task 6 - Common Directories
      • 🐧Linux Fundamentals Part 3
        • Task 3 - Terminal Text Editors
        • Task 4 - General/Useful Utilities
        • Task 5 - Processes 101
        • Task 6 - Maintaining Your System: Automation
        • Task 8 - Maintaining Your System: Logs
    • đŸȘŸWindows Fundamentals
      • đŸȘŸWindows Fundamentals 1
      • đŸȘŸWindows Fundamentals 2
      • đŸȘŸWindows Fundamentals 3
    • 🔓Principles of Security
    • 🐍Python Basics
    • 🔍History of Malware
    • đŸŠčCommon Attacks
    • đŸ–„ïžSecurity Awareness
    • ⚔Intro to Offensive Security
    • đŸŠčPentesting Fundamentals
    • 🔓CVE Walkthroughs
      • đŸ–„ïžSudo Security Bypass: CVE-2019-14287
      • đŸ–„ïžSudo Buffer Overflow: CVE-2019-18634
      • đŸ–„ïžBaron Samedit: CVE-2021-3156
      • đŸ–„ïžOverlayFS: CVE-2021-3493
      • đŸ–„ïžPolkit: CVE-2021-3560
      • đŸ–„ïžPwnkit: CVE-2021-4034
      • đŸȘ¶Apache HTTP Server Path Traversal: CVE-2021-41773/42013
      • đŸ§»Dirty Pipe: CVE-2022-0847
      • 🟱Spring4Shell: CVE-2022-22965
    • 🟧Burp Suite
      • 🟧Burp Suite: The Basics
      • 🟧Burp Suite: Repeater
    • 🏁Challenges
      • ‎Bypass Disable Functions
    • đŸŽŸïžTHM PROMOs
      • đŸŽŸïžLearn and win prizes [PROMO ENDED]
      • đŸŽŸïžLearn and win prizes #2 [PROMO ENDED]
  • đŸŸ©Difficulty: Easy
    • 🚀Learning Cyber Security
    • 🔁The Hacker Methodology
    • 🔍Google Dorking
      • Task 2 - Let's Learn About Crawlers
      • Task 4 - Beepboop - Robots.txt
      • Task 5 - Sitemaps
      • Task 6 - What is Google Dorking?
    • 🐝OWASP Top 10
      • Task 5 - Command Injection Practical
      • Task 7 - Broken Authentication Practical
      • Task 11 - Sensitive Data Exposure (Challenge)
      • Task 13 - XML External Entity - eXtensible Markup Language
      • Task 14 - XML External Entity - DTD
      • Task 16 - XML External Entity - Exploiting
      • Task 18 - Broken Access Control (IDOR Challenge)
      • Task 19 - Security Misconfiguration
      • Task 20 - Cross-site Scripting
      • Task 21 - Insecure Deserialization
      • Task 24 - Insecure Deserialization - Cookies
      • Task 25 - Insecure Deserialization - Cookies Practical
      • Task 30 - Insufficient Logging and Monitoring
    • 📡Nmap
      • Task 2 - Introduction
      • Task 3 - Nmap Switches
      • Task 5 - TCP Connect Scans
      • Task 6 - Scan Types SYN Scans
      • Task 7 - UDP Scans
      • Task 8 - NULL, FIN and Xmas
      • Task 9 - ICMP Network Scanning
      • Task 10 - NSE Scripts Overview
      • Task 11 - Working with the NSE
      • Task 12 - Searching for Scripts
      • Task 13 - Firewall Evasion
      • Task 14 - Practical
    • 📡RustScan
      • Task 2 - Installing RustScan
      • Task 5 - Extensible
      • Task 7 - Scanning Time!
      • Task 8 - RustScan Quiz
    • 🐙Crack the hash
    • 🌍OhSINT
    • 🧑‍🚀Vulnversity
    • 🧊Ice
    • đŸȘŸBlue
    • 🎄Advent of Cyber 4 (2022)
  • 🟹Difficulty: Medium
    • đŸȘŸAttacktive Directory
      • Task 3 - Welcome to Attacktive Directory
      • Task 4 - Enumerating Users via Kerberos
      • Task 5 - Abusing Kerberos
      • Task 6 - Back to the Basics
      • Task 7 - Elevating Privileges within the Domain
      • Task 8 - Flag Submission Panel
    • 💀Mr Robot CTF
    • 🛗Linux PrivEsc
    • 🛗Linux PrivEsc Arena [WIP]
    • 🛗Windows PrivEsc Arena
  • 🟧Difficulty: Hard
    • 🐘Hacking Hadoop [WIP]
  • đŸŸ„Difficulty: Insane
    • â›șYou're in a cave [WIP]
  • Blank Room (Duplicate Me)
Powered by GitBook
On this page
  • Task 1 What is Penetration Testing?
  • Read me!
  • Task 2 Penetration Testing Ethics
  • You are given permission to perform a security audit on an organisation; what type of hacker would you be?
  • You attack an organisation and steal their data, what type of hacker would you be?
  • What document defines how a penetration testing engagement should be carried out?
  • Task 3 Penetration Testing Methodologies
  • What stage of penetration testing involves using publicly available information?
  • If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We're looking for the acronym here and not the full name.
  • What framework focuses on the testing of web applications?
  • Task 4 Black box, White box, Grey box Penetration Testing
  • You are asked to test an application but are not given access to its source code - what testing process is this?
  • You are asked to test a website, and you are given access to the source code - what testing process is this?
  • Task 5 Practical: ACME Penetration Test
  • Complete the penetration test engagement against ACME's infrastructure.
  1. Difficulty: Info

Pentesting Fundamentals

Learn the important ethics and methodologies behind every pentest

PreviousIntro to Offensive SecurityNextCVE Walkthroughs

Last updated 2 years ago

Room Attributes
Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Tags

Cybersecurity, Framework, Penetration Testing, Ethics

Task 1 What is Penetration Testing?

Read me!

No answer needed

Task 2 Penetration Testing Ethics

You are given permission to perform a security audit on an organisation; what type of hacker would you be?

HINT: Look at the hat categories in this task.

You attack an organisation and steal their data, what type of hacker would you be?

What document defines how a penetration testing engagement should be carried out?

Task 3 Penetration Testing Methodologies

What stage of penetration testing involves using publicly available information?

If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We're looking for the acronym here and not the full name.

What framework focuses on the testing of web applications?

Task 4 Black box, White box, Grey box Penetration Testing

You are asked to test an application but are not given access to its source code - what testing process is this?

You are asked to test a website, and you are given access to the source code - what testing process is this?

Task 5 Practical: ACME Penetration Test

Complete the penetration test engagement against ACME's infrastructure.

Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag
Reveal Flag

White Hat

Black Hat

Rules of Engagement

Information Gathering

OSSTMM

OWASP

Black Box

White Box

THM{PENTEST_COMPLETE}

🟩
đŸŠč
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
đŸš©
LogoTryHackMe | Pentesting FundamentalsTryHackMe
https://tryhackme.com/room/pentestingfundamentals