TurboWindX
  • Welcome
  • Hacking Methodologies
    • Known Tools & Technologies
    • Kill Chain
    • Phyisical and hardware
      • Full Screen Escape
  • Checklist - WebApps
  • Checklist - Windows
  • External Recon
    • Ports & services scanning
    • Web Recon
      • CMS
        • Wordpress
      • Path traversal & LFI/RFI
      • XSS - Cross site scripting
      • XML External Entity - XXE
  • Internal Recon
    • Active Directory
  • Post Exploitation
    • Container/Sandbox Breakout
    • Privilege Escalation
      • Hashing & Cracking
    • Persistence
      • Windows
    • Data Exfiltration
      • Steganography
      • Pivot & Tunneling
  • Shells
  • Protocols
    • FTP
    • SSH
    • DNS
    • IPP
  • Binary Exploitation
    • Linux - Simple reverse & crack
  • Memory Analysis
  • Forensics
  • Android & iOS
  • Database Injection & Exploitation
  • DDoS
  • Kubernetes & Docker
  • Phish
Powered by GitBook
On this page
  • Kill chain Overview
  • Physical access & Hardware hacking
  • External Recon
  • Internal Recon
  • Privilege Escalation
  • Post Exploitation

Was this helpful?

  1. Hacking Methodologies

Kill Chain

PreviousKnown Tools & TechnologiesNextPhyisical and hardware

Last updated 3 years ago

Was this helpful?

Kill chain Overview

Lockheed martin developed the first kill chain map but a few iteration have come along the way. The following cyber kill chains are made by Varonis and Cytomic. Both are good.

Or even this one which divides External and Internal kill chains.

All you need is access Note: Not my favorite way of hacking but it still is very interesting. It can always be fun to phish with malware/trollware infected usb or keylog/tap into a line. In reality, this will happen probably never while doing a pentest, at least not a web-application/infrastructure test. I would assume that government-based hacking groups are very into hardware hacking for very obvious reasons, when you have a good amount of money and your hands in major electronic/distribution companies, it becomes a very scalable and scary attack vector

Don't peek, don't peek ! proceeds to peek

There is no penetration testing without recon. Learn to scan properly to avoid getting blacklisted or detected by an IDS.

Network scanning is an integral part of hacking. I would say that 95% of penetration tests will have any kind of scan involved, ranging from port scans, directory fuzzing, to intrusive SQL injection scans.

Let's have a look inside.

Having a foot in a box is good but usually pretty limited, it is always a nice thing to elevate our privileges and capabilities.

root

Having a foot in a box is good but usually pretty limited, it is always a nice thing to elevate our privileges and capabilities.

Persistence, C2, exfiltration, all the good stuff

Depending on the scenario, you might want to implement some form of backdoor and be able to come back whenever you want or can.

Physical access & Hardware hacking
External Recon
Internal Recon
Privilege Escalation
Post Exploitation