public-pentesting-reports
Awesome-Red-Teaming
Our great sponsors
public-pentesting-reports | Awesome-Red-Teaming | |
---|---|---|
27 | 8 | |
8,095 | 6,501 | |
- | - | |
5.4 | 0.0 | |
9 days ago | 4 months ago | |
HTML | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
public-pentesting-reports
-
Yet another eCPPTv2 Review
You might find https://github.com/juliocesarfort/public-pentesting-reports repository useful if you need to see how reports are generally structured and written.
-
Reporting question
As for templates, to be honest, I haven't come across many templates floating around. You could look through public pentest reports (https://github.com/juliocesarfort/public-pentesting-reports) and borrow the bits that you prefer and drop them into TCM's template and make it your own.
-
Redteam sanitized report
I know of this site https://redteam.guide/docs/Templates/report_template/ which for me is down but maybe that is temporary, otherwise seek the cached or wayback version. There are also these https://github.com/juliocesarfort/public-pentesting-reports which are pentesting reports but you may find a number that are more about red teaming or have elements of red teaming which you can refer to.
-
Wanting to get into to security
A repository of pentest reports. Writing reports is the most important component of pentesting and redteaming. A pentester who cannot explain what they did, what they found and what the recipient should do to fix their issues is of limited value.
- Penetration testing reports
-
Information to include when writing a Pentesting Report
If you're anything like me, examples help tremendously and so: https://github.com/juliocesarfort/public-pentesting-reports
-
What is a good way to evaluate a pentesting agency?
For good examples, look here. I'd do a test with most of the firms on that list.
- I need help with a pentest report :(
- How often do you communicate with non-technical people in this field?
-
Log4j: The Pain Just Keeps Going and Going
I'd say don't let yourself be discouraged by GP. Just look into a company before you apply. Many have public reports you could look at or security research they publish, both of which you could use as indicators.
Here's a repo with lots of public audit reports by various companies, you could use that as a starting point: https://github.com/juliocesarfort/public-pentesting-reports
Awesome-Red-Teaming
- Career growth in cybersecurity
- i'm literally so far behind compared to everyone else!
- Any useful cybersecurity software under $5k?
-
Cybersecurity Repositories
Red Teaming
- Is there a cheat sheet of security tools and a small description of what they're used for?
-
Struggling to decide if I should take a low paying job offer or focus on studying for cybersecurity certificates. Any advice would be much appreciated.
Red Teaming / pen testing -- set up a home lab. Find a resource on the internet about how to learn red teaming and dig in. Example: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
-
Red Team Equipment for Budget Proposal
For software, pretty much everything you might need to start out is available as open source. Besides the actual testing stuff, don't forget to look at tools to facilitate collaboration + reporting (highly recommend looking at https://github.com/GhostManager/Ghostwriter). Also checkout: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
-
Looking for a mentor to show me what the industry in like
Pentesting is a tiny fraction of roles out of 10s of thousands and you're not likely to get an entry level gig on a red team but if you are interested in pen-testing check out https://jhalon.github.io/becoming-a-pentester/ and https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
What are some alternatives?
OSCP-Exam-Report-Template-Markdown - :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
nanodump - The swiss army knife of LSASS dumping
CherryTree - cherrytree
Starkiller - Starkiller is a Frontend for PowerShell Empire.
writehat - A pentest reporting tool written in Python. Free yourself from Microsoft Word.
SharpLAPS - Retrieve LAPS password from LDAP
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
Viper - Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台
tmux-logging - Easy logging and screen capturing for Tmux.
Red-Team-Advent-of-Code - Red Teaming / Pentesting challenges for my Advent-Of-Code 2021.
Serpico - SimplE RePort wrIting and COllaboration tool
Awesome-CobaltStrike-Defence - Defences against Cobalt Strike