diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json
index e1e633b..bda6d29 100644
--- a/.obsidian/workspace.json
+++ b/.obsidian/workspace.json
@@ -13,13 +13,38 @@
"state": {
"type": "markdown",
"state": {
- "file": "01 - Planning Considerations.md",
+ "file": "01 - Planning.md",
+ "mode": "source",
+ "source": false
+ }
+ }
+ },
+ {
+ "id": "2a670ea5f942fc2d",
+ "type": "leaf",
+ "state": {
+ "type": "markdown",
+ "state": {
+ "file": "02 - Scoping.md",
+ "mode": "source",
+ "source": false
+ }
+ }
+ },
+ {
+ "id": "b310d53602dfbef1",
+ "type": "leaf",
+ "state": {
+ "type": "markdown",
+ "state": {
+ "file": "README.md",
"mode": "source",
"source": false
}
}
}
- ]
+ ],
+ "currentTab": 2
}
],
"direction": "vertical"
@@ -86,7 +111,7 @@
"state": {
"type": "backlink",
"state": {
- "file": "01 - Planning Considerations.md",
+ "file": "README.md",
"collapseAll": false,
"extraContext": false,
"sortOrder": "alphabetical",
@@ -103,7 +128,7 @@
"state": {
"type": "outgoing-link",
"state": {
- "file": "01 - Planning Considerations.md",
+ "file": "README.md",
"linksCollapsed": false,
"unlinkedCollapsed": true
}
@@ -126,7 +151,7 @@
"state": {
"type": "outline",
"state": {
- "file": "01 - Planning Considerations.md"
+ "file": "README.md"
}
}
}
@@ -147,13 +172,19 @@
"command-palette:Open command palette": false
}
},
- "active": "21b5784e2023f491",
+ "active": "b310d53602dfbef1",
"lastOpenFiles": [
- "templates/ASSET INVENTORY.md",
+ "02 - Scoping.md",
+ "README.md",
+ "tools/OSINT TOOLS.md",
+ "templates/VULNERABILITY ASSESMENT REPORT.md",
+ "templates/PASTA.md",
+ "tools",
+ "01 - Planning.md",
"templates/RISK REGISTER.md",
- "01 - Planning Considerations.md",
"templates/PENTEST REPORT TEMPLATE.md",
"templates/INCIDENT REPORT TEMPLATE.md",
+ "templates/ASSET INVENTORY.md",
"templates/legal/Non-Disclosure Agreement.md",
"templates/legal/Request for Information (RFI).md",
"templates/legal/Statement of Work.md",
@@ -161,13 +192,11 @@
"templates/METHODOLOGY.svg",
"Pasted image 20240824205517.png",
"2024-08-24.md",
- "Untitled.md",
"templates/legal/DPA-en.odt",
"templates/legal/MSA-en.odt",
"templates/legal/NDA-en.odt",
"templates/legal/NDA.md",
"templates/legal",
- "Untitled",
"templates",
"().md",
"Welcome.md"
diff --git a/01 - Planning Considerations.md b/01 - Planning.md
similarity index 92%
rename from 01 - Planning Considerations.md
rename to 01 - Planning.md
index a2759fe..edfc6d7 100644
--- a/01 - Planning Considerations.md
+++ b/01 - Planning.md
@@ -16,8 +16,8 @@ Identify Protected Assets
## Compliance
-Establish guidelines (or necessity) for compliance with internal and external regulations.
-Example: PCI DSS
+Establish guidelines (or necessity) for compliance with internal and external regulations or standards.
+Example: PCI DSS, GDPR, HIPPA, etc
- Strictly defined surface area of engagement
[[Statement of Work]]
@@ -36,6 +36,7 @@ Example: PCI DSS
1. Aquire Trusted Agent(s) within the company for trusted communication
2. Establish communication guidelines and information access control rules during engagement (who knows what)
+3. Establish escalation procedures
## Product/Report
diff --git a/02 - Scoping.md b/02 - Scoping.md
new file mode 100644
index 0000000..f9af27b
--- /dev/null
+++ b/02 - Scoping.md
@@ -0,0 +1,2 @@
+
+Requirements and objectives that are needed to complete engagement.
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..48899a1
--- /dev/null
+++ b/README.md
@@ -0,0 +1,13 @@
+
+This is a security handbook I complile for pentest and vulnerabilty analysis purposes.
+It is meant to be used with Obsidian.
+
+## Current Progress
+
+- Planning [100%]
+- Scoping [10%]
+- Engagement [0%]
+- Exploitation [0%]
+- Reporting [0%]
+- Mitigation [0%]
+
diff --git a/templates/PASTA.md b/templates/PASTA.md
new file mode 100644
index 0000000..93ae899
--- /dev/null
+++ b/templates/PASTA.md
@@ -0,0 +1,20 @@
+
+---
+
+
+
+
+| | |
+| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| **Stages** | **Sneaker company** |
+| I. Define business and security objectives | Make 2-3 notes of specific business requirements that will be analyzed.
- Will the app process transactions?
- Does it do a lot of back-end processing?
- Are there industry regulations that need to be considered? |
+| II. Define the technical scope | List of technologies used by the application:
- Application programming interface (API)
- Public key infrastructure (PKI)
- SHA-256
- SQL
Write 2-3 sentences (40-60 words) that describe why you choose to prioritize that technology over the others. |
+| III. Decompose application | [Sample data flow diagram](https://docs.google.com/presentation/d/1ol7y79popTFfNHM-90ES-H-i1Lpd0YNvPShxBlXozjg/template/preview?resourcekey=0-DZAkf7Vzh2PXsP-j3oXV-g) |
+| IV. Threat analysis | List 2 types of threats in the PASTA worksheet that are risks to the information being handled by the application.
- What are the internal threats?
- What are the external threats? |
+| V. Vulnerability analysis | List 2 vulnerabilities in the PASTA worksheet that could be exploited.
- Could there be things wrong with the codebase?
- Could there be weaknesses in the database?
- Could there be flaws in the network? |
+| VI. Attack modeling | [Sample attack tree diagram](https://docs.google.com/presentation/d/1FmWLyHgmq9XQoVuMxOym2PHO8IuedCkan4moYnI-EJ0/template/preview?usp=sharing&resourcekey=0-zYPY7AhPJdcClXamlAfOag) |
+| VII. Risk analysis and impact | List 4 security controls that you’ve learned about that can reduce risk. |
+
+
+
+---
\ No newline at end of file
diff --git a/templates/VULNERABILITY ASSESMENT REPORT.md b/templates/VULNERABILITY ASSESMENT REPORT.md
new file mode 100644
index 0000000..bd7e5e1
--- /dev/null
+++ b/templates/VULNERABILITY ASSESMENT REPORT.md
@@ -0,0 +1,44 @@
+
+1st January 20XX
+
+---
+
+# System Description
+
+The server hardware consists of a powerful CPU processor and 128GB of memory. It runs on the latest version of Linux operating system and hosts a MySQL database management system. It is configured with a stable network connection using IPv4 addresses and interacts with other servers on the network. Security measures include SSL/TLS encrypted connections.
+
+# Scope
+
+The scope of this vulnerability assessment relates to the current access controls of the system. The assessment will cover a period of three months, from June 20XX to August 20XX. [NIST SP 800-30 Rev. 1](https://docs.google.com/document/d/1pRpdpQMEWskxSkwqEMv8W7A7x8GXQlcn0hEcDzWet3Y/template/preview?usp=sharing&resourcekey=0-3GRRWAd8HryVgof-Jc33yA) is used to guide the risk analysis of the information system.
+
+# Purpose
+
+Consider the following questions to help you write:
+
+- How is the database server valuable to the business?
+
+- Why is it important for the business to secure the data on the server?
+
+- How might the server impact the business if it were disabled?
+
+
+# Risk Assessment
+
+
+
+| | | | | |
+|---|---|---|---|---|
+|Threat source|Threat event|Likelihood|Severity|Risk|
+|E.g. Competitor|Obtain sensitive information via exfiltration|1|3|3|
+||||||
+||||||
+
+
+
+# Approach
+
+Risks considered the data storage and management methods of the business. The likelihood of a threat occurrence and the impact of these potential events were weighed against the risks to day-to-day operational needs.
+
+# Remediation Strategy
+
+Implementation of authentication, authorization, and auditing mechanisms to ensure that only authorized users access the database server. This includes using strong passwords, role-based access controls, and multi-factor authentication to limit user privileges. Encryption of data in motion using TLS instead of SSL. IP allow-listing to corporate offices to prevent random users from the internet from connecting to the database.
\ No newline at end of file
diff --git a/tools/OSINT TOOLS.md b/tools/OSINT TOOLS.md
new file mode 100644
index 0000000..fde0d9e
--- /dev/null
+++ b/tools/OSINT TOOLS.md
@@ -0,0 +1,22 @@
+
+There's an enormous amount of open-source information online. Finding relevant information that can be used to gather intelligence is a challenge. Information can be gathered from a variety of sources, such as search engines, social media, discussion boards, blogs, and more. Several tools also exist that can be used in your intelligence gathering process. Here are just a few examples of tools that you can explore:
+
+- [VirusTotal](https://www.virustotal.com/gui/home/upload)
+
+- is a service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content.
+
+- [MITRE ATT&CK®](https://attack.mitre.org/)
+
+- is a knowledge base of adversary tactics and techniques based on real-world observations.
+
+- [OSINT Framework](https://osintframework.com/)
+
+- is a web-based interface where you can find OSINT tools for almost any kind of source or platform.
+
+- [Have I been Pwned](https://haveibeenpwned.com/)
+
+
+- is a tool that can be used to search for breached email accounts.
+
+
+There are numerous other OSINT tools that can be used to find specific types of information. Remember, information can be gathered from a variety of sources. Ultimately, it's your responsibility to thoroughly research any available information that's relevant to the problem you’re trying to solve.
\ No newline at end of file