Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


345CT - Pentest (Part II)

No description

Madeline Cheah

on 7 October 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of 345CT - Pentest (Part II)

Reporting (Executive Summary)
Penetration Testing
Post-Exploitation (cont'd)
Reporting (Technical Report)
Rules of engagement
Part II

Technical Guidelines
Infrastructure Analysis
High Value Business
Business Impact
Further penetration into
No modification of "critical" services (unless
agreed upon beforehand)
You MUST provide a list of changes and actions
Passwords (inc. encrypted forms) should not be included or should be masked so that it can't be recreated (the same with any sensitive information)
Any method/device used to maintain access needs written client consent, and must employ some form of user authentication
All data gathered must be encrypted
3rd party services should not be used without prior consent
No logs should be removed, cleared or modified
unless there is consent. If there is, the originals
should be backed up prior to test
If evidence of prior compromise is found, EVERYTHING around this should be provided to the client, who will then decide on incident response
Cleanup process covers requirements for cleaning up systems once the penetration test is complete.
All modifications must be documented, and then all original settings MUST be returned to original
Remove all executables, scripts and temporary files.
Return original system settings and application configuration parameters if they were modified
Remove all backdoors/rootkits/etc.
Remove any false user accounts created for persistence purposes
Backdoors (should survive reboot)
Installation or modification of services
(complex passwords should be used as minimum) - use of cryptographic keys is preferred where possible...why?
Reverse connections limited to a single IP
Creation of alternate accounts
What kind of services
or servers could you
Information Gathering
active, passive, corporate, personnel
Vulnerability Assessment
Classification Levels
Technical Vulnerabilities (e.g. in OSI layers)
Logical vulnerabilities (type, how and where + level of exposure)
Exploitation & Vulnerability Confirmation
Targets selected
Exploitation Activities (able or not able)
Post Exploitation (Privilege escalation, techniques used, sensitive data, remediation)
Effectiveness of countermeasures (detection, response, recommendations)
Risk & Exposure
Incident frequency (inc. threat modelling), with probable, level of skill required, level of access required
Estimate of magnitude of loss
From the above, risk analysis
Reasons for test
Objectives defined
Critical information identified
Overall posture and risk profile
Effectiveness of test, ability of pentesters to achieve goals
Brief description of systemic issues (e.g. lacking effective patch management process)
Risk grading (e.g. FAIR, DREAD etc.)
General Findings
Pen-test metrics
No. of systems, scenarios, processes in scope
No. times detected by client
No. Vulnerabilities of host
% scope systems exploited
% successful scenarios
and any other statistical analysis
Recommendation summary

Strategic Roadmap
Prioritised plan for remediation
Help to define certain procedures to use - they are only baseline but are a useful guide
Full transcript