Search the Community
Showing results for tags 'pentest'.
Found 2 results
pfpentester posted a topic in Business and Enterprise ITHello, I'm working as pentester freelancer. The company that hired me has to perform annually at least one external and one internal pentest of its web application (they have an e-commerce service). They have to obey a set of compliance rules to ensure that they will keep a maturity security level. To keep this level of maturity security, an external audit company has to identify and verify if these pentests were executed. Note that this means that the external audit company does not have to know which vulnerabilities were found, but they have to be sure that tests were made. Pentests's reports that I found on the internet (from SANS, offensive security, PCI) and that I used on my previous works do not serve for this purpose. I say this because they have descriptions about vulnerabilidades, detailed evidences from their existence (with screenshots, network's captures) to prove their existence. Note that these types of reports are not what I need to generate, since I just need to generate a document proving that I executed the pentest. Would you have any suggestions for me to generate this new kind of document? Is there any auditing tool that could be used for this end? Would you suggests another approach?
How can someone use Powershell Empire for attacks over the internet? Do you need a server? Also can someone create a Veil-Evasion payload and then get a connection in Empire? It would be great if someone could use it outside of the network because Privilege Escalation is way easier than it is with Metasploit! Furthermore are there any tools for Post-Exploitation other than Metasploit , Powersploit? Any suggestions would be appreciated!