In the Final Penetration Test Proposal Template, add previous submissions, make updates and corrections based on the feedback received from your instructor, and add the Maintaining Access and Covering Your Tracks plans.
So, your final proposal will include the following components:
Rules of Engagement (from Deliverable 1)
Reconnaissance Plan (from Deliverable 2)
Scanning Plan (from Deliverable 2)
Gaining Access Plan (from Deliverable 3)
Maintaining Access Plan (New)
Covering Your Tracks Plan (New)
Use the
Final Penetration Test Proposal template
to complete your work.
Please submit your work to the LEO submission box below.
Use the three files that I have attached and the attached Final Penetration Test Proposal template attached.
Penetration Test Proposal
Deliverable 2: Reconnaissance Plan and Scanning Plan
Cynthia Castellon
CMIT 321 7380 (2208)
Professor Balaguer
November 15, 2020
Reconnaissance Plan
Overview
Reconnaissance is also referred to as the preparatory phase, and it is a method where cyber
criminals collect information on a target before they decide to launch an attack (James, 2013).
Reconnaissance is accomplished in phases before manipulating the liabilities of the system. The
first stage of reconnaissance is dumpster diving, and it is where a hacker finds critical information
such as names, passwords and find a way of knowing how the business operates. After engaging
in the dumpster, the hacker undertakes a process referred to as footprinting to collect information
on security posture hence lowering the area being focused like particular IP addresses to find the
system vulnerabilities. In footprinting, a hacker gets a network map to locate the specific network
infrastructure and force their way in. through footprinting; a hacker gets important information
such as system names, UDP, TCP, and passwords.
Reconnaissance Methods
In Passive reconnaissance, a hacker tries to obtain material on beset networks and
computers without dynamically engaging the system (James, 2013). Passive reconnaissance takes
more direct procedures to obtain information on the targeted system. In this method, a hacker
comprises a target router and then degrades other paths to channel packets to the router that has
been compromised. In this case, an environment is altered to attack the targeted system. It utilizes
a vast amount of data present on the web, and when a hacker engages in passive reconnaissance,
they do not interact with the target. In this case, system owners do not record or know any activities
taking place. As a result, this type of reconnaissance helps to collect a lot of information.
In inactive reconnaissance, a hacker engages the targeted system to obtain data concerning
the vulnerabilities (James, 2013). The attack may be carried out through manual testing or
automated scanning through various tools such as Netcat, ping, and traceroute. The hacker in this
kind of attack affects the targeted system; hence owners may know what is happening, and as a
result, there are high chances of the attacker getting caught. Some of the tools utilized in this kind
of attack include Nmap, a network scanner created to know the details of the programs and system
running through it. The other tool being utilized is Metasploit, which is primarily created for
manipulation toolkit.
Scanning Plan
Overview
An attacker takes steps to single out possible areas to undertake attacks on their targets in
the scanning phase (Michael, 2016). It is also in this step where the target can identify an
attacker if they have appropriate security in place. A hacker first assesses network architecture
and then utilizes the scanning phase to identify the network’s hosts and devices. In this process,
other techniques such as internet control message protocol are used to get additional information
about the system. In such a process, protocols, open ports, and network masks are identified. The
main aim of the scanning phase is to find the vulnerabilities of the target system. As a result,
wireless scanning tools are utilized to assess and capture traffic from system networks.
Tactics, Techniques, and Procedures
A Trojan is a software used to gather information from the Haverbrook Investment
Group’s system (Palmer, 2019). The software is among the common infection vector that
hackers use to trick targeted people into clicking it through an email attachment or a file. A
Trojan is transmitted through a compromised account, and the intruder makes them look like
genuine files. This software is mostly delivered through emails or even clicking suspicious links
on Facebook, which allows a hacker to inject the software on the targeted computer. Once a
targeted individual clicks the link, the software is automatically installed in the computer, where
it creates back door and vulnerabilities that are used to steal data. Once Trojan is activated on the
personal computer, hackers can spy and steal personal information through backdoor access to
the system. The backdoor provides remote control over the targeted computer, and as a result, the
hacker can do anything, including sending, launching, receiving, and deleting files. The hackers
can also reboot the computer.
References
James. (, 2013). Passive reconnaissance – an overview | ScienceDirect Topics. Retrieved from
Sciencedirect.com website: https://www.sciencedirect.com/topics/computerscience/passive-reconnaissance
Michael. (, 2016). Scanning Phase – an overview | ScienceDirect Topics. Retrieved November 9,
2020, from www.sciencedirect.com website:
https://www.sciencedirect.com/topics/computer-science/scanning-phase
Palmer, D. (2019, December 3). This trojan malware is being used to steal passwords and spread
ransomware. Retrieved from ZDNet website: https://www.zdnet.com/article/this-trojanmalware-is-being-used-to-steal-passwords-and-spread-ransomware/
Running Head: ROE OF PEN TEST
Penetration Test Proposal
Deliverable 1: Rules of Engagement
Cynthia Castellon
CMIT 321 7380 (2208)
Professor Balaguer
October 27, 2020
2
ROE OF PEN TEST
Rules of Engagement
Overview
Haverbrook Investment Group L.L.L.P. (HIG) Company has requested the conducting of
pen testing process. The company is involved in handling sensitive information because it deals
with the financial services provision which is one of the delicate processes of an information
system. Therefore, the penetration testing process is of great importance to the organization to
profile its risk and vulnerability state. Rules of Engagement stands to be an essential
documentation before the actual pen test is conducted because it would outline the pledge on
expectations based on ethical principles (Johansen et al., 2016).
The penetration testing process will subsequently result to the formation of security
measures which will prevent the exposure of the organization to attacks. The penetration testing
process will involve the analysis of the network of the organization, the nodes connected, the
servers and the remote access activities. Information gathering process such be conducted which
shall help in the active pen test activities. Vulnerabilities of the systems shall be analyzed and
document. The exploitation of some of the vulnerabilities shall also be performed to identify the
strength of the existing security measures. Finally, a report shall be presented documenting the
whole pen testing process and recommendation on mitigations procedures.
The network characteristics will be discovered by studying the existing documents
concerning the network architecture of the organization. There is a document provided by the
organization which outlines how the network resources are connected together and how IP
addressing is done on the devices and servers. It will provide information on how the penetration
testing activities will be performed in the organization based on the architecture of the network.
3
ROE OF PEN TEST
Scope
The penetration testing process shall cover the critical network infrastructure of the
organization. It shall involve only the intranet of the organization with some of the remote access
activities engaged during the process of the network connection to the organization. The
individual PCs and servers shall be analyzed for potential vulnerabilities.
The preliminary engagement activities which will be involved regarding scheduling, key
stakeholders and scope will involve the formation of a joint meeting. The joint meeting is
essential in ensuring that appropriate measures are followed up when coming up with the
proposed project. The joint meeting will be appropriate for setting up the pace which will be
required to effectively come up with implementation procedures for the project (Shimonski,
2020). It will help in planning for the stakeholders and what team will be involved in what
activities.
It is an essential process that will help in planning the scope and scheduling on the
operations which will be required to meet the organization objectives. The joint meeting will
help in scheduling the operations which shall be conducted during the pen testing process. It
shall also entail the assignment of roles and duties to the various stakeholders in the penetration
testing process of the organization (Coignard et al., 2018). Each of the member will be assigned
roles and responsibility in the penetration testing activity.
Running Head: ROE OF PEN TEST
Checklist
The testing requirements used in the penetration testing process include;
1. Testing on the permeability of the information systems through brute force or access to
the passwords. The activity will help to determine if there is any weakness in the
authentication activities of the system and if there are strong password policies.
2. To have access to the network subnetting structure and the overall network architecture.
The activity is essential for mapping the network resources and testing every host
computer in the organization.
3. Establishing the risk profile of the organization. After all the testing activities, there
will be an overall summary of the risk exposure as high, medium or low which will
help to determine on what the organization can do towards management of the risks.
4. Identification of the vulnerabilities in the systems. The requirements of the testing
process is to identify the weaknesses that can be potentially exploited.
5. Actual exploitation of the vulnerabilities. The activity will involve the actual probing
of the system and exploiting of the vulnerabilities identified in the vulnerability
analysis stage of the pen test.
6. Pen test executive summary. It will be the final deliverable of the pen test which will
document on the pen testing activity including the vulnerabilities found, possible
exploitations performed and recommendations on the mitigation process.
Running Head: ROE OF PEN TEST
For the penetration testing process to be successful, then the following requirements should be
met;
1. Approval by the chief information offer. The approval by the appropriate parties as
represented by the CIO is necessary for the pen test to be conducted. A formal report
shall be written with the approval details including the signature for approving the
initiation of the pen testing process shall be done.
2. Provision of network architecture. It is necessary for the organization to portray the
network architecture and structure of the subnet during the active penetration process.
3. Escalation of privileges. It will be necessary sometimes to have an administrative
permissions for the testing of specific servers and nodes in the network.
4. Penetration testing resources. There will be a need for the acquisition of software
programs such as Nessus, nmap among others which shall help in profiling the network
and conducting the information gathering process.
Ethical Considerations
Penetration testing is one of the processes that requires a strict adherence to ethical
principles else the activity will be considered black hacking (Partridge & Allman, 2016). Hence,
this report considers ways through which pen test will be conducted without the violation of the
ethical principles.
Confidentiality is one of the principles for which this penetration testing will adhere to. No
information gathered shall be disclosed to people who are not authorized or used for personal use.
The login details used in the process shall not be shared by unauthorized parties. Autonomy
6
ROE OF PEN TEST
principle shall be maintained where users in the organization shall not be limited or disrupted from
their normal activities in the organization without being informed.
The tools that will be involved in the penetration testing will not violate the privacy rules
and compliance of the industrial standards. Normally, the ethical expectations of the pen test is
that there will be an initial permission request from the organization to begin the penetration testing
in the organization. No embarking will be done without the approval of the executives or Chief
information officer. Whenever there is the need to access privileged details, then permission shall
be requested.
Also, to maintain ethical consideration, the penetration testing shall work to ensure that the
data being accessed remains secure and unaltered. No sensitive data or information in the
organization’s database shall be read by the penetration testing team without the permission being
granted. The handling of sensitive databases shall be done properly and in a secure manner. After
the penetration testing process, the clone files shall be shredded and removed out of the reach of
other parties which are not authorized. All reporting concerning the penetration testing findings
will be done only to the targeted executive members and IT professionals in the organization so
that the weaknesses identified in the system shall not leak to potentially exploiting parties.
Conclusion
The ROE presented here portrays the requirements of the pen testing process. It is
recommended that a reading should be made for the Haverbrook Investment Group L.L.L.P. (HIG)
Company’s workforce on it to understand the requirements of the pen test process. Then the
approval should be made to ensure that the pen testing process starts.
7
ROE OF PEN TEST
References
Coignard, J., Nouidui, T., Gehbauer, C., Wetter, M., Joo, J. Y., Top, P., … & Stewart, E. (2018,
August). Cyder-a co-simulation platform for grid analysis and planning for high
penetration of distributed energy resources. In 2018 IEEE Power & Energy Society
General Meeting (PESGM) (pp. 1-5). IEEE.
Johansen, G., Allen, L., Heriyanto, T., & Ali, S. (2016). Kali Linux 2–Assuring Security by
Penetration Testing. Packt Publishing Ltd.
Partridge, C., & Allman, M. (2016). Ethical considerations in network measurement
papers. Communications of the ACM, 59(10), 58-64.
Shimonski, R. (2020). Penetration Testing For Dummies. John Wiley & Sons.
Running Head: GAINING ACCESS PLAN
Penetration Test Proposal
Deliverable 3: Gaining Access Plan_Rewrite
Cynthia Castellon
CMIT 321 7380 (2208)
Professor Balaguer
December 7, 2020
1
GAINING ACCESS PLAN
2
Gaining Access Plan
Overview
While people often use easy-to-remember and simple passwords across multiple accounts,
a dictionary attack can help access Haverbook’s system easily because it requires fewer resources
to execute. People often reuse passwords and vary them slightly; thus, a dictionary attack technique
will explore the organization’s information and create relevant passwords to access the system. In
essence, the password dictionary list will be developed based on keyboard runs, the organization’s
profile, and common names. A Trojan will help access the network because it targets online users
and influence them to install the malware on computer systems.
Vulnerable Resources
Lack of administrative privileges can help perform a protected operation since the
organization might have poor password management. Information about the organization’s
payments, intellectual property, and personal data will enhance a dictionary attack technique’s
effectiveness. For instance, Wang & Wang (2017) suggests that some managers use personal
passwords in organizations’ systems. Thus, managers’ personal information can help guess the
actual password for Haverbook’s system.
Furthermore, while many users browse on the internet and communicate via email, the
Trojan can be injected into the user easily. According to Wang & Wang (2017) , the software can
spy on the system’s activities without the users’ knowledge and even perform some breaches.
Albazzaz et al. (2016) state that the Trojan horse takes advantage of users’ behavior of opening
unfamiliar sites and files. Thus, the software will help access the network.
GAINING ACCESS PLAN
3
Techniques and Software
A dictionary attack will help utilize the information to gain access to Haverbook’s systems.
According to Wang & Wang (2017), a dictionary attack is a brute-force technique, whereby
attackers run through common phrases and words, like those from a dictionary, to guess passwords.
Wang & Wang (2017) suggest that a dictionary attack is more improved than a brute-force attack.
Where a brute-force attack tries every possible combination to break through authentication
controls, a dictionary attack uses a large and limited number of pre-selected phrases and words.
In this case, a dictionary attack will help go through all possible combinations, breaking
through passwords that might seem complicated. A password dictionary list will be created from
the Haverbook’s information. For example, the dictionary attack list may contain words like
Haverbooks2020, Haver2020, books2020, etc. Wang & Wang (2017) argue that many dictionary
attack tools include common passwords obtained from information breaches and common
variants of specific phrases or words such as # and @. These variant symbols can enhance the
dictionary attack’s technique. Thus, the password dictionary list may include Haverbooks@2020,
haverbooks#2020, @haverbooks2020, etc.
A Trojan is useful in gaining access to the network because the user cannot detect it.
According to Albazzaz et al. (2016), a Trojan is computer software that appears useful but has
hidden and malicious functions that evade security mechanisms. In this case, the Trojan horse will
be sent via emails; therefore, users will download and install it on the system. The software will
help break through the system’s passwords. Albazzaz et al. (2016) suggest that the Trojan horse
can be an innocent-looking email free download or attachment. When the user clicks on the
downloads or attachments, the malware enters the system and performs the intended function.
GAINING ACCESS PLAN
4
Spamming techniques can help send emails to the system users to spread the Trojan horse.
Once the users download the software, it will run automatically for a long time. Albazzaz et al.
(2016) argue that the Trojan horse resides undetected until the user takes a specific action.
Depending on how the Trojan is created, it can delete itself after completing its mission. In this
sense, Trojan is the most effective software to access the system because users might not detect it.
The software is also automated and can delete itself before the user detects.
Running Head: GAINING ACCESS PLAN
5
References
Albazzaz, J. M. A., & Almuhanna, N. E. (2016). Avoiding computer viruses and malware
threats. International Journal of Advanced Research in Computer and Communication
Engineering, 5(11), 288-291. https://www.ijarcce.com/upload/2016/november16/IJARCCE%2061.pdf
Wang, D., & Wang, P. (2017). Offline dictionary attack on password authentication schemes
using smart cards. In Information security (pp. 221-237). Springer, Cham.
https://eprint.iacr.org/2014/208.pdf
Penetration Test Proposal
Deliverable 4: Final Penetration Test Proposal
Name:
Course Number and Section:
Instructor:
Date:
Rules of Engagement
Overview
Include a brief description of the penetration test project.
Scope
Discuss the scope of the penetration test (pen test).
Checklist
Provide a list of the testing requirements.
Ethical Considerations
Describe how you will apply appropriate ethical principles throughout the penetration testing
process.
Reconnaissance Plan
Overview
Provide a summary of the Reconnaissance phase.
Reconnaissance Methods
Identify specific methods and demonstrate a structured and ordered methodology while
gathering key information that could be used to penetrate the network and systems of
Haverbrook Investment Group. Discuss in detail both passive and active methods of
reconnaissance.
Scanning Plan
Overview
Provide a summary of the Scanning phase.
Tactics, Techniques, and Procedures
Outline and discuss specific use cases to discover and enumerate information that could be
used for potential exploitation. Some examples of information that you are gathering from
Haverbrook Investment Group’s systems are usernames, machine names, shares, and services
from a system. Identify any software, applications, or scripts that will be needed and provide a
description of how this software will be used to gather information about Haverbrook’s systems.
Gaining Access Plan
Overview
Provide a summary of the Gaining Access phase.
Vulnerable Resources
Identify the resources where vulnerabilities can be located and include a brief description of
those resources. Be sure to include a reference to the vulnerability, i.e., NVD.
Techniques and Software
Provide the techniques and any software, applications, or scripts that will be used in gaining
access to the network(s) or system(s) along with a description of each technique. Refer to
Chapter 6 in the textbook for additional information.
Maintaining Access Plan
Overview
Provide a summary of the Maintaining Access phase.
Techniques and Software
Identify the techniques used to maintain network and/or system access. Provide a brief
summary of each technique. Include any software, applications, or scripts that may be needed
to maintain access in the network or system(s). Refer to Chapter 6 in the textbook for additional
information.
Covering Your Tracks Plan
Overview
Provide a summary of the Cover Your Tracks phase.
Techniques and Software
Identify the methods, software, applications, scripts and any other means of covering your
tracks. Provide a brief description of how each of these will be used to hide from the system
administrator. Refer to Chapter 6 in the textbook for additional information.
References
Purchase answer to see full
attachment
