boris/G4G0-2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
G4G0-2/Penetration Testing/Week 4/Week 4 - Pre-Engagement.md
boris ae837183f1 vault backup: 2025-03-16 18:59:42
2025-03-16 18:59:42 +00:00

2.7 KiB
Executable File
Raw Permalink Blame History

Requirements

Scope

  • What will be tested
  • Start and End dates
  • Customer Objectives
    • Strategic and Operational goals
  • Ensure requirements and expectations of customers being met

Rules of Engagement

  • Detailed stages
  • Who is authorised
  • On or off site
  • Formal "permission to test" authorised

Legal Signoff

Scope

  • Identify type of tests
    • Network, web, wireless, physical, social engineering
  • Capabilities of target organisation to be tested. Detect and respond to:
    • Info gathering
    • Footprinting
    • Scanning and vulnerability analysis
    • Infiltration
    • Data aggregation
    • Data exfil
  • Immature (NIST T1) would benefit from a vulnerability analysis than a full pentest
  • Identify outsourced services
    • In scope?
    • Permission?
    • Procedures and requirements?
    • What to do if vulnerability found?
  • Identify policies of any ISP or MSSP
    • In scope?
    • Need to be notified?
  • Identify existing controls (firewall, IDS/IPS, web application firewall, load balancer)
    • In scope?

Types of Test

  • Why customer has pentest performed against env?
    • Required for compliance?
  • When does customer want active testing conducted?
    • During business hours or out?
  • How many IPs tested (internal/external)
  • How should testing team proceed if vulnerability found?

Web Application Pentest

  • How many applications being assessed?
  • How many login systems being assessed?
  • How many static pages being assessed?
  • How many dynamic pages being assessed?
  • Static analysis?
  • Source code available?
  • Documentation?

Wireless Network Pentest

  • How many wireless networks?
  • Guest network? Authentication?
  • Encryption used and type?
  • Square footage of coverage?
  • Enumeration of rogue devices?
  • Assessing wireless attacks against clients?
  • How many clients on network?

Physical Pentest

  • How many locations?
  • Physical or shared facility? If so, floors in scope.
  • Need permission?
  • Security guards? Who do they work for? What are terms of reference?
    • Reasonable force? Armed?
  • How many entrances to building
  • Local laws?
  • Square footage?
  • Physical security documented?
  • Video surveillance?
  • Alarm system? Silent? How triggered?

Social Engineering

  • List of email addresses client wants attacked
  • List of phone numbers?
  • Approved? How many targeted
  • Chosen pretexts approved in writing beforehand.

Questions

For Company

  • Manage aware?
  • Main datum that would create greatest risk to organisation if exposed, corrupted or deleted?
    • If ISMS, will have risk register.
    • If no ISMS, lack maturity for test to be meaningful.
  • Testing and validations procedures to verify applications functioning in place?
  • Testers have access to QA testing procedures from when application developed?
  • Disaster Recovery Procedures in place for application data.