vault backup: 2024-10-16 09:12:37

2024-10-16 09:12:37 +01:00
parent bad31f35c5
commit 124e0b67ef
190 changed files with 192115 additions and 0 deletions
--- a/Pre-Engagement.md
+++ b/Pre-Engagement.md
@@ -0,0 +1,101 @@
+# Requirements
+Scope
+- What will be tested 
+- Start and End dates
+- Customer Objectives
+	- Strategic and Operational goals
+- Ensure requirements and expectations of customers being met
+
+Rules of Engagement
+- Detailed stages
+- Who is authorised
+- On or off site
+- Formal "permission to test" authorised
+
+Legal Signoff
+
+## Scope
+
+- Identify type of tests
+	- Network, web, wireless, physical, social engineering
+- Capabilities of target organisation to be tested. Detect and respond to:
+	- Info gathering
+	- Footprinting
+	- Scanning and vulnerability analysis
+	- Infiltration
+	- Data aggregation
+	- Data exfil
+- Immature (NIST T1) would benefit from a vulnerability analysis than a full pentest
+
+- Identify outsourced services
+	- In scope?
+	- Permission?
+	- Procedures and requirements?
+	- What to do if vulnerability found?
+- Identify policies of any ISP or MSSP
+	- In scope?
+	- Need to be notified?
+- Identify existing controls (firewall, IDS/IPS, web application firewall, load balancer)
+	- In scope?
+
+# Types of Test
+
+- Why customer has pentest performed against env?
+	- Required for compliance?
+- When does customer want active testing conducted?
+	- During business hours or out? 
+- How many IPs tested (internal/external)
+- How should testing team proceed if vulnerability found?
+
+## Web Application Pentest
+
+- How many applications being assessed?
+- How many login systems being assessed?
+- How many static pages being assessed?
+- How many dynamic pages being assessed?
+- Static analysis?
+- Source code available?
+- Documentation?
+
+## Wireless Network Pentest
+
+- How many wireless networks?
+- Guest network? Authentication?
+- Encryption used and type?
+- Square footage of coverage?
+- Enumeration of rogue devices?
+- Assessing wireless attacks against clients?
+- How many clients on network?
+
+## Physical Pentest
+
+- How many locations?
+- Physical or shared facility? If so, floors in scope.
+- Need permission?
+- Security guards? Who do they work for? What are terms of reference?
+	- Reasonable force? Armed?
+- How many entrances to building
+- Local laws?
+- Square footage?
+- Physical security documented?
+- Video surveillance?
+- Alarm system? Silent? How triggered?
+
+## Social Engineering
+
+- List of email addresses client wants attacked
+- List of phone numbers?
+- Approved? How many targeted
+- Chosen pretexts approved in writing beforehand.
+
+# Questions
+
+## For company
+
+- Manage aware?
+- Main datum that would create greatest risk to organisation if exposed, corrupted or deleted?
+	- If ISMS, will have risk register.
+	- If no ISMS, lack maturity for test to be meaningful.
+- Testing and validations procedures to verify applications functioning in place?
+- Testers have access to QA testing procedures from when application developed?
+- Disaster Recovery Procedures in place for application data.
--- a/Testing/Week
+++ b/Testing/Week
@@ -0,0 +1,12 @@
+`site:salford.ac.uk -site:www.salford.ac.uk -site:beta.salford.ac.uk`
+![](Pasted%20image%2020241011140611.png)
+
+`intitle:"admin login"`
+![](Pasted%20image%2020241011140654.png)
+
+`(inurl:login.cgi OR inurl:login.php OR inurl:login.js) AND site:ac.uk AND password`
+![](Pasted%20image%2020241011140717.png)
+
+
+1. https://hub.salford.ac.uk/sbs-disruptive-technologies/events/
+2.