[email protected]
Search…
[email protected]
About Calvin Lai (fkclai)
My Work
Exploit/CVE PoC
ZeroLogon Exploit
Remote Retrieved Chrome saved Encrypted Password
Twitter Control an RCE attack
Hacking Report (HTB)
Hits & Summary
Windows Machine
Linux Machine
Penetration Testing Checklists
Web Application PenTest
Network/System PenTest
Mobile Application PenTest
Red Team (Windows)
01 Reconnaissance
02 Privileges Escalation
03 Lateral Movement
04 AD Attacks
05 Bypass-Evasion
06 Kerberos Attack
99 Basic Command
Exploitation Guide
01 Reconnaissance
02 Port Enumeration
03 Web Enumeration
04 Windows Enum & Exploit
05 File Enumeration
06 Reverse Shell Cheat Sheet
07 SQL Injection
08 BruteForce
09 XSS Bypass Checklist
10 Spring Boot
11 WPA
12 Payload list
Vuln Hub (Writeup)
MrRobot
CYBERRY
MATRIX 1
Node-1
DPwwn-1
DC7
AiWeb-2
AiWeb-1
BrainPan
CTF (Writeup)
Hacker One
CTF Learn
P.W.N. University - CTF 2018
HITCON
Pwnable
Useful Command/Tools
Windows
Linux
Offensive Security Lab & Exam
Lab
Powered By GitBook
Network/System PenTest

Available Service

  • Search all opening ports and ensure it is operation required.
  • Ensure all endpoints implemented authentication and authorization control
  • Identify the opening ports service applied latest version & patches
  • Outdated components or known vulnerability (CVE) found in the identified service

Certification Setting

  • Disable the use of SSL 3.0, TLS 1.0 and TLS 1.1. Instead, leverage a newer version of TLS such as TLS v1.2 and v1.3.
  • Correctness of the certification information and signed party
  • SSL Certificate strength, at least > 2048 bits
  • Not use the weak ciphers

Sensitive Data Exposure

  • Any shared files or services that contain sensitive data
  • Correctness of the certification information
Penetration Testing Checklists - Previous
Web Application PenTest
Next - Penetration Testing Checklists
Mobile Application PenTest
Last modified 2mo ago
Copy link
Contents
Available Service
Certification Setting
Sensitive Data Exposure