Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
345CT - Pentest (Part II)
Transcript of 345CT - Pentest (Part II)
Reporting (Executive Summary)
Reporting (Technical Report)
Rules of engagement
High Value Business
Further penetration into
No modification of "critical" services (unless
agreed upon beforehand)
You MUST provide a list of changes and actions
Passwords (inc. encrypted forms) should not be included or should be masked so that it can't be recreated (the same with any sensitive information)
Any method/device used to maintain access needs written client consent, and must employ some form of user authentication
All data gathered must be encrypted
3rd party services should not be used without prior consent
No logs should be removed, cleared or modified
unless there is consent. If there is, the originals
should be backed up prior to test
If evidence of prior compromise is found, EVERYTHING around this should be provided to the client, who will then decide on incident response
Cleanup process covers requirements for cleaning up systems once the penetration test is complete.
All modifications must be documented, and then all original settings MUST be returned to original
Remove all executables, scripts and temporary files.
Return original system settings and application configuration parameters if they were modified
Remove all backdoors/rootkits/etc.
Remove any false user accounts created for persistence purposes
Backdoors (should survive reboot)
Installation or modification of services
(complex passwords should be used as minimum) - use of cryptographic keys is preferred where possible...why?
Reverse connections limited to a single IP
Creation of alternate accounts
What kind of services
or servers could you
active, passive, corporate, personnel
Technical Vulnerabilities (e.g. in OSI layers)
Logical vulnerabilities (type, how and where + level of exposure)
Exploitation & Vulnerability Confirmation
Exploitation Activities (able or not able)
Post Exploitation (Privilege escalation, techniques used, sensitive data, remediation)
Effectiveness of countermeasures (detection, response, recommendations)
Risk & Exposure
Incident frequency (inc. threat modelling), with probable, level of skill required, level of access required
Estimate of magnitude of loss
From the above, risk analysis
Reasons for test
Critical information identified
Overall posture and risk profile
Effectiveness of test, ability of pentesters to achieve goals
Brief description of systemic issues (e.g. lacking effective patch management process)
Risk grading (e.g. FAIR, DREAD etc.)
No. of systems, scenarios, processes in scope
No. times detected by client
No. Vulnerabilities of host
% scope systems exploited
% successful scenarios
and any other statistical analysis
Prioritised plan for remediation
Help to define certain procedures to use - they are only baseline but are a useful guide