Skip to content

Latest commit

 

History

History
50 lines (28 loc) · 3.22 KB

1 - Kickoff Call.md

File metadata and controls

50 lines (28 loc) · 3.22 KB

General Questions

  • Ensure all questionnaire information has been completed. Need in-scope IP addresses the business day before testing. If scope IP addresses have been provided:

  • Confirm that ALL IP addresses provided are in-scope, especially if they provided subnet ranges (i.e. 10.0.0.0/24, where /# is a subnet range).

  • Check to see if the scope is for a max of 'X' number of hosts but the client handed you a larger number of hosts. In that case, you'll need to remind the client of the scope and ask them to narrow the target hosts/networks down to match what they paid for and the assessment window. Don't let the client pay for a small scope to save money and then hand you a huge number of hosts. Don't give away free work. Your job/bonus may depend on it.

  • Are any targets legacy or fragile systems which may need additional care to preserve uptime?

  • What is your biggest priority in protecting? (Even though it is asked in questionnaire, customer's responses on a call can provide greater insight)

  • What is your account lockout policy? Should we encounter a login interface and attempt password spraying attacks, we would like to avoid causing lockout disruptions. Note: The easiest way for the client to find this if unknown is to open a cmd prompt and enter net accounts.

Parts of the lockout policy needed:

Lockout threshold
Lockout duration
Lockout observation window

  • Does your network or any web application store/process PII data? How about PCI data?

  • Does the network have any segmentation that we should be aware of?

  • Will a valid domain user account be provided for testing, simulating the initial compromise of a single employee's credentials/workstation? (not required).

PTK/Dropbox Related Questions

  • Has the PTK been deployed yet? If not, can it be deployed at latest the final business day before testing begins? We would like to ensure that no issues arise during deployment.

  • Is the PTK on a laptop/workstation or in a VSphere environment?

  • If deployed on a workstation, has the virtual NIC been configured to be in 'Bridged' mode?

  • Does the PTK have full access to all hosts in scope on the network?

  • Is the PTK deployed on the same subnet as employee workstations? If the intended scenario is conducting an internal pen test from a compromised employee workstation, we request that the PTK be placed in such a subnet.

Onsite Related Questions

  • When onsite, are we permitted to interact with unlocked employee workstations?

  • Will we be facing controls such as Cisco ISE or NAC (Network Access Controls)? If yes - are we allowed to physically bypass these controls by moving around the building and searching for unsecured ports / hijacking ports from other devices such as printers/phones/audio equipment?

  • Can we test into the evening / after normal business hours?

  • On arrival to the site, should we immediately introduce ourselves to a receptionist? Or are we permitted to simply walk in, see if we are stopped, and if not find a desk/open network port and begin initial testing? (This is a value add if the customer permits it).

  • Dress code? Unless you're doing Physical Social Engineering, Always dress at the high end of their dress code. Remember, you're a consultant and you represent your employer!