Posted: August 26th, 2021
Wk2 Penetration Testing Plan
Name
Institutional Affiliation
Wk2 Penetration Testing Plan
Criteria | Response |
Project Title: | Penetration Testing |
Project Sponsor(s): | Amazon Web Services |
Business Context for the Penetration Test: | Information Security |
Project Scope Description: | Find security vulnerabilities within the company information technology systems which could be exploited to compromise their information |
Date Prepared: | 17th May 2020 |
Prepared By: | Your Name |
Team Location(s) | Organization Location(s) | Client Personnel Aware of Testing | Resources Provided to Pentest Team | Pentest Technologies Used |
Irvine, CA | Irvine, CA | Yes | Location, photos/roster of the IT Team and management | Engineering, Software Tools, Tailgating |
Cupertino, CA | Cupertino, CA | No | Location, photos/roaster of the Team and management | Engineering, Software Tools, Tailgating |
Minneapolis, MN | Minneapolis, MN | No | None | Engineering, Software Tools, Tailgating |
Toronto, ON | Toronto, ON | Yes | Location, photos/roaster of the Team and management | Engineering, Software Tools, Tailgating |
Description of Work/Pentest Boundaries | Assumptions and Constraints |
What is tested? Social engineering test boundaries? What is acceptable? What are the boundaries of physical security tests? What is the restriction on invasive pen test attacks? What type of corporate policy affects your test? Spear Phishing or social engineering, Tester only attempts access to on-site hosted applications or servers, Tester scans emails of the users they compromise and attempt further infiltration. However, they have to keep a record of any company data that they have obtained from the emails. Any software tools tester that they wish to use is acceptable. | -The focus of this work is penetration testing and helps the organization disintegrate the complexity of penetration testing. – Testers will use the same strategy that attackers use to identify system vulnerabilities. – Penetration testing conducts an in-depth vulnerability of the system. – The testing will be provided with a detailed understanding of various vulnerability risks to the organization. – The process of penetration testing is broken down into logical steps for executing the test. – Tester is not allowed to access any non-production systems. – Any data that related to |
Milestones | Due Dates |
Pre-engagement with the organizationReconnaissance Threatt modeling and vulnerability identificationExploitation and post-exploitationPentest Analysiss and Report Planning | 2 days, 18th May 2020 3 days, 21st May 2020 4 days, 25th May 2020 2 days, 27th May 2020 3 days, 30th May 2020 |
ID | Activity | Resource | Labor | Material | Total Cost | ||||
Hours | Rate | Total | Units | Cost | Total | ||||
1 | Penetration Test Pre-Planning | 3 | |||||||
2 | High-Level Work Schedule: Pentest Project Scope | 3 |
Appropriate Authorization (Including Third-Party Authorization)
Name | Title/Organization | Description of Authorization and Consent (Identify reference documents) |
Web search engine | Running conventional web searching engines for reconnaissance to get as much understanding of the company as possible. | |
Public network scanning | attempts to access public Wi-Fi networks broadcast by the organization and establish the types of access that can be made through this | |
Building Reconnaissance | Gain knowledge of the building entry practices by the users. Attempts to find out any weaknesses in these entries. Assess whether tailgating allowed or it is prominent. Establish the kind of building surveillance currently available | |
Footprinting | It aims at facilitating gathering as much information on the company’s security footprints from external looking inside. |
Reconnaissance Deliverable Name | Reconnaissance Deliverable Description |
Scanning Test Deliverable Name | Scanning Test Deliverable Description |
Nmap | Involves probing the target network to gain a better understanding of the network map. Includes ascertaining the number of locations that are in existence and where they are located. Also, ascertain the number of endpoints that the network can host |
Nessus | Vulnerability scanning of the network devices |
Traceroute | It conducts a trace hops of packets from testers location to the target location to facilitate determining of potential ingress points |
Bursuite | For scanning web applications to assess potential vulnerabilities |
Gaining Access Activities
Gaining Access Activity Name | Gaining Access Activity Description |
Hashcat | For testing the strength of passwords against common and likely passwords on known information about the organization and the dictionary words. |
Social engineering of the internal helpdesk | The helpdesk is not aware of the test and will be tested to find if there is possible access to privileged network accounts. |
VPN Scanning | Involves scanning the VPN tunnel for any vulnerabilities and attempt to gain access externally using the VPN. |
Spear phishing | Involves conducting a targeted phishing attack made against the organization’s staff following reconnaissance to gain access to the systems at whatever possible levels. |
Maintaining Access Activities
Maintaining Access Activity Name | Maintaining access Activity Description |
Trojan horse | A Trojan embedded in an update is distributed to a widely used system, |
Spyware attack (Velu & Beggs, 2019) | The activity involves attaching spyware to as many machines as possible, which can catch the changes in passwords or form entries. |
Plant Backdoor access to the network (Porche, 2020) | A backdoor tunnel is planted into the network such that there is no need of a VPN |
Adware attacks | Ads are sent to almost all the systems to ensure that enough authentication details are collected. |
Covering Tracks Activity Name | Covering Tracks Activity Description |
Clear event logs using meterpreter | A script called clearev is used to clear all the event logs. |
Erasing command history (Oriyano & Gregg, 2011) | All the command history is cleared from the system files. |
Disable auditing | Audit files are disabled in the system. |
Shredding history file | The history file is shredded to ensure that all data files are erased. |
Pentest Analysis and Report Planning
Describe the plan for analyzing and reporting pen test results. |
A summary of vulnerabilities will be grouped on a single page to enable easy reading by the organization’s IT management. Grouping of vulnerabilities can be done by category using tables, charts to ensure that it is more explicit,Details of the test team will be made based on their names to identify and recognize every Tester that was involved.A list of tools utilized in the process will be provided in the report based on versions and briefly describing the function of each tool.Full details of the results of pen-testing. |
References
Oriyano. & Gregg, M. (2011). Hacker techniques, tools, and incident handling. Sudbury, Mass: Jones & Bartlett Learning.
Porche, I. (2020). Cyberwarfare: An Introduction to Information-Age Conflict. Norwood, MA: Artech House.
Velu, V. & Beggs, R. (2019). Mastering Kali Linux for advanced penetration testing: secure your network with Kali Linux 2019.1, the ultimate white hat hackers’ toolkit. Birmingham, UK: Packt Publishing.
Place an order in 3 easy steps. Takes less than 5 mins.