Skip to content
This repository has been archived by the owner on Sep 8, 2021. It is now read-only.

Latest commit

History

History

Reporting_Communication

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
4.1
4.1
4.2
4.2
4.3
4.3
4.4
4.4
README.md
README.md

README.md

4.0 Reporting and Communication

4.1 Compare and contrast important components of written reports.

  • Report audience
    • C-suite
    • Third-party stakeholders
    • Technical staff
    • Developers
  • Report contents ( not in a particular order)
    • Executive summary
    • Scope details
    • Methodology
      • Attack narrative
    • Findings
      • Risk rating (reference framework)
      • Risk prioritization
      • Business impact analysis
    • Metrics and measures
    • Remediation
    • Conclusion
    • Appendix
  • Storage time for report
  • Secure distribution
  • Note taking
    • Ongoing documentation during test
    • Screenshots
  • Common themes/root causes
    • Vulnerabilities
    • Observations
    • Lack of best practices

4.2 Given a scenario, analyze the findings and recommend the appropriate remediation within a report.

  • Technical controls
    • System hardening
    • Sanitize user input/parameterize queries
    • Implemented multifactor authentication
    • Encrypt passwords
    • Process-level remediation
    • Patch management
    • Key rotation
    • Certificate management
    • Secrets management solution
    • Network segmentation
  • Administrative controls
    • Role-based access control
    • Secure software development life cycle
    • Minimum password requirements
    • Policies and procedures
  • Operational controls
    • Job rotation
    • Time-of-day restrictions
    • Mandatory vacations
    • User training
  • Physical controls
    • Access control vestibule
    • Biometric controls
    • Video surveillance

4.3 Explain the importance of communication during the penetration testing process.

  • Communication path
    • Primary contact
    • Technical contact
    • Emergency contact
  • Communication triggers
    • Critical findings
    • Status reports
    • Indicators of prior compromise
  • Reasons for communication
    • Situational awareness
    • De-escalation
    • Deconfliction
    • Identifying false positives
    • Criminal activity
  • Goal reprioritization
  • Presentation of findings

4.4 Explain post-report delivery activities.

  • Post-engagement cleanup
    • Removing shells
    • Removing tester-created credentials
    • Removing tools
  • Client acceptance
  • Lessons learned
  • Follow-up actions/retest
  • Attestation of findings
  • Data destruction process