Treffer: МЕТОДИКА ВИКОНАННЯ ТЕСТІВ НА ПРОНИКНЕН&#1053...

The article examines the structuring of penetration testing using the MITRE ATT&CK framework. The relevance of the research is driven by the need for a standardized, reproducible, and realistic approach to simulating adversary actions during cybersecurity assessments of computer systems and networks. The paper analyzes recent publications on the application of ATT&CK in penetration testing, including mapping activities to tactics and techniques, scenario-based testing, gap analysis, the use of specialized tools, and integration with other methodologies (PTES, OSSTMM). A methodology for penetration testing is proposed, encompassing planning, selection of relevant techniques, execution of attacks, documentation, and effectiveness assessment. Mechanisms for selecting ATT&CK techniques based on the profile of the target system have been tested. To practically validate the proposed approach, testing was conducted on the Beelzebub:1 (VulnHub) virtual machine, demonstrating a full attack chain and covering 57% of the ATT&CK techniques from the corresponding matrix. Analysis of qualitative and quantitative indicators confirmed the effectiveness of the methodology: it ensured high repeatability (90%), convenience of documentation, test time optimization, and identification of critical vulnerabilities. The methodology is recommended for use in professional penetration testing practice as well as for educational purposes in penetration testing courses for computer systems. The application of the methodology results in an understanding of potential intrusion paths and provides clear and practical recommendations for further strengthening the protection of the studied computer systems. The validation of the methodology confirms its suitability for use in both academic courses and professional practice, enabling comprehensive, understandable, and repeatable coverage of all stages of the penetration testing process. [ABSTRACT FROM AUTHOR]