Chapter 11: Reporting and Communication Flashcards
Communication Path
- Primary Contact: Responsible for day to day admin of the pentest
- Technical Contact: Can handle any tech issues or questions that arise during the test
- Emergency Contact: When shit hits the fan (24/365 SOC)
Comms Triggers
Completion of a Testing Stage
* SOW should include milestones that indicate the completion of one stage of testing and mark the beginning of the next
* Completion of a test stage should server as a trigger for commnicating periodic status updates to management
Discovery of a Critical Finding
* If pentest identifies a critical issue with the security of the environment, don’t wait for final deliver, say it now
* Follow procedures outlined in SOW to immediately notify management of the issue, even if it reduces the depth pentesters are able to achieve during the test
Discovery of Indicators of Previous Compromise
* If you discover evidence left behind by real attackers who have previously compromised a system
* Immediately inform managment and recommend that the org activate it’s IR process
Recommending Mitigation Strategies
Technical Controls
* Common controls like hardening systems, input sanitization, query parameterization, MFA, password encryption, hash salting, path management, encryption key rotation, segmentation, etc
Admin Controls
* RBAC, secure software dev lifecycle, policies and procedure enforcement, minimum password requirements
Operational Controls
* Job rotation, Login time-of-day restrictions, mandatory vacations, user training
Physical Controls
* If you don’t know these you’re retarded
Structure of Pentest Report
- Executive Summary
- Scope Details
- Methodology
- Findings and Remediation
- Conclusion
- Appendix
Page 417 to 420
Post-Engagement Cleanup
- Remove shells installed on systems
- Remove tester-created accounts, credentials, or backdoors
- Remove any tools installed
Restore the system(s) to original, pre-test state in every single way