Vulnerability Assessment and Operational Security Testing Methodology (VAOST) – version 0.2 released


Here is a newly released VA methodology, the author believes it to be more focused, and thus cost effective VA process. It may map to internal work, but it is probably more suited to external sites.

It’s gone through a couple of revisions so it’s a bit more polished now.

You can find the notes on the first version here.

Version 0.2 has been released after some community endorsement, there is still some work to do though, they hope to add the following shortly:

  • Pre stages to get management buy in
  • A complete worked example that shows the kind of results that can be produced
  • A more complete list of or supporting implementing software
  • A more complete list of attack tools for the authorisation checklist.
  • Better graphics
  • A standalone collection of the checklists

You can download VAOST version 0.2 here:

VAOST 0.2 (doc version)

The author welcomes your feedback and comments. The VAOST forum area where you can get the files will accept guest (ie un-registered) posts so you can add your comments there if you desire (note we will delete defamatory and rude posts to prevent our being sued!).

It is work in progress and we still have a long way to go, but hopefully, we can get there with your help.

The general VAOST forum can be found here.

Posted in: Hacking News, Networking Hacking

, ,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


Comments are closed.