6. PTES
• Common language for organizations and
service providers
• Set the bar for a common standard to be
used
• Eliminate hacks (as in run Nessus, generate
report, send to customer, charge $10,000)
7. PTES - Who?
• As always - started during a long night of
drinking...
• Nickerson (@indi303), Kennedy (author of
SET), me (@iiamit), Gates
(@carnal0wnage),Val (@attackresearch),
Nick (@c7five), Robin (@digininja), Wim
(@wimremes), Stefan (@stfn42), lots
more... www.pentest-standard.org
8. PTES - How?
• Basically, define the basic 7 elements of a pentest:
• Pre-engagement
• Intelligence gathering
• Threat modeling
• Vulnerability Analysis
• Exploitation
• Post exploitation
• Reporting
9. PTES - How?
• Basically, define the basic 7 elements of a pentest:
• Pre-engagement
• Intelligence gathering
• Threat modeling
• Vulnerability Analysis
• Exploitation
• Post exploitation
• Reporting
10. PTES - How?
• Basically, define the basic 7 elements of a pentest:
• Pre-engagement
• Intelligence gathering
• Threat modeling
• Vulnerability Analysis
“old” pentesting scope
• Exploitation
• Post exploitation
• Reporting
30. PTES - initial reactions
• You have to be kidding me
• No one does that
31. PTES - initial reactions
• You have to be kidding me
• No one does that
• I can’t do this all by myself
32. PTES - initial reactions
• You have to be kidding me
• No one does that
• I can’t do this all by myself
• This is a lot of work
33. PTES - initial reactions
• You have to be kidding me
• No one does that
• I can’t do this all by myself
• This is a lot of work
• Is this going into PCI/ISO/[someStandard]?
34. PTES - initial reactions
• You have to be kidding me
• No one does that
• I can’t do this all by myself
• This is a lot of work
• Is this going into PCI/ISO/[someStandard]?
• We already do that
39. Roadmap
• Catch up on all the “official” news at
www.pentest-standard.org
40. Roadmap
• Catch up on all the “official” news at
www.pentest-standard.org
• Volunteer! (we need working hands...)
41. Roadmap
• Catch up on all the “official” news at
www.pentest-standard.org
• Volunteer! (we need working hands...)
• Previous milestone - Shmoocon (Feb 2011)
42. Roadmap
• Catch up on all the “official” news at
www.pentest-standard.org
• Volunteer! (we need working hands...)
• Previous milestone - Shmoocon (Feb 2011)
• Next milestone - ph-neutral (May 2011)
43. Roadmap
• Catch up on all the “official” news at
www.pentest-standard.org
• Volunteer! (we need working hands...)
• Previous milestone - Shmoocon (Feb 2011)
• Next milestone - ph-neutral (May 2011)
• Drop the bomb - BlackHat?