With the increasing frequency of cybersecurity incidents, traditional defense mechanisms are proving inadequate against complex and covert attacks, particularly those involving lateral movements from external to internal networks. To address this challenge, this paper presents an automated penetration testing system, designed based on the PTES (Penetration Testing Execution Standard) and ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework. The system covers six key stages, enabling automated security assessments across both external and internal networks. Experimental results demonstrate that the system efficiently identifies attack paths throughout the network, thereby enhancing defense capabilities and providing a practical solution for countering complex cyber threats.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Automated Penetration Testing System Based on PTES and ATT&CK

  • Wei Dai,
  • Junping Zhou,
  • Chaoying Ye,
  • Guoai Xu

摘要

With the increasing frequency of cybersecurity incidents, traditional defense mechanisms are proving inadequate against complex and covert attacks, particularly those involving lateral movements from external to internal networks. To address this challenge, this paper presents an automated penetration testing system, designed based on the PTES (Penetration Testing Execution Standard) and ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework. The system covers six key stages, enabling automated security assessments across both external and internal networks. Experimental results demonstrate that the system efficiently identifies attack paths throughout the network, thereby enhancing defense capabilities and providing a practical solution for countering complex cyber threats.