Automated Penetration Testing System Based on PTES and ATT&CK
摘要
With the increasing frequency of cybersecurity incidents, traditional defense mechanisms are proving inadequate against complex and covert attacks, particularly those involving lateral movements from external to internal networks. To address this challenge, this paper presents an automated penetration testing system, designed based on the PTES (Penetration Testing Execution Standard) and ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework. The system covers six key stages, enabling automated security assessments across both external and internal networks. Experimental results demonstrate that the system efficiently identifies attack paths throughout the network, thereby enhancing defense capabilities and providing a practical solution for countering complex cyber threats.