CMIT 321

Penetration Test Proposal

Deliverable 4: Final Penetration Test Proposal

Name:

Course Number and Section:

Instructor:

Date:

Rules of Engagement

Overview

Include a brief description of the penetration test project.

Scope

Discuss the scope of the penetration test (pen test).

Checklist

Provide a list of the testing requirements.

Ethical Considerations

Describe how you will apply appropriate ethical principles throughout the penetration testing process.

Reconnaissance Plan

Overview

Provide a summary of the Reconnaissance phase.

Reconnaissance Methods

Identify specific methods and demonstrate a structured and ordered methodology while gathering key information that could be used to penetrate the network and systems of Haverbrook Investment Group. Discuss in detail both passive and active methods of reconnaissance.

Scanning Plan

Overview

Provide a summary of the Scanning phase.

Tactics, Techniques, and Procedures

Outline and discuss specific use cases to discover and enumerate information that could be used for potential exploitation. Some examples of information that you are gathering from Haverbrook Investment Group’s systems are usernames, machine names, shares, and services from a system. Identify any software, applications, or scripts that will be needed and provide a description of how this software will be used to gather information about Haverbrook’s systems.

Gaining Access Plan

Overview

Provide a summary of the Gaining Access phase.

Vulnerable Resources

Identify the resources where vulnerabilities can be located and include a brief description of those resources. Be sure to include a reference to the vulnerability, i.e., NVD.

Techniques and Software

Provide the techniques and any software, applications, or scripts that will be used in gaining access to the network(s) or system(s) along with a description of each technique. Refer to Chapter 6 in the textbook for additional information.

Maintaining Access Plan

Overview

Provide a summary of the Maintaining Access phase.

Techniques and Software

Identify the techniques used to maintain network and/or system access. Provide a brief summary of each technique. Include any software, applications, or scripts that may be needed to maintain access in the network or system(s). Refer to Chapter 6 in the textbook for additional information.

Covering Your Tracks Plan

Overview

Provide a summary of the Cover Your Tracks phase.

Techniques and Software

Identify the methods, software, applications, scripts and any other means of covering your tracks. Provide a brief description of how each of these will be used to hide from the system administrator. Refer to Chapter 6 in the textbook for additional information.

References