Penetration Test Proposal Deliverable : Rules of Engagement
Overview
As a malicious actor, while conduction techniques of Passive reconnaissance, I would engage in a targeted attack against Haverbrook Investment Group by the following methods:
- Wardriving: often known as point mapping, is the process of identifying the location of wireless connections and exploitation of these connections.
- Extracting information on discarded computer systems, hard drives and other devices.
- Disguising as an authorized user on authorized networks.
Scope
Through proper and thorough research, a malicious actor can easily identify if a company is present online or not. Companies have their own websites, portals and apps which easily let everybody know they exist. By hacking into the systems and gaining past records and intimate information, hackers pose as employees of an organization or employees from the bank and ask for personal information by taking the targeted companies into their confident. Once they have the information, the can easily gather information about the target’s personally identifiable information and use it for unethical purposes and stealing.
Checklist
The techniques I would use for foot printing would include not being connected to any system because in a passive reconnaissance information is gathered without direct interaction with the targeted systems. Moreover, I would gather the basic information about the target, identify the range of their network, determine their active machines, uncover the services on ports, discover if there are any open ports and/or access points and map and locate the network.
Ethical Considerations
The penetration testing would keep attackers at bay and will protect the private information of company and its employees. All the data will remain confidential and nobody will question the integrity of the company.
References
Process: Gaining and Elevating Access. (2017, January 24). Retrieved February 20, 2020, from https://resources.infosecinstitute.com/process-gaining-and-elevating-access/
RECONNAISANCE PLAN (TASK 1)
As a malicious actor, while conduction techniques of Passive reconnaissance, I would engage in a targeted attack against Haverbrook Investment Group by the following methods:
- War driving: often known as point mapping, is the process of identifying the location of wireless connections and exploitation of these connections.
- Extracting information on discarded computer systems, hard drives and other devices.
- Disguising as an authorized user on authorized networks.
The techniques I would use for footprinting would include not being connected to any system because in a passive reconnaissance information is gathered without direct interaction with the targeted systems. Moreover, I would gather the basic information about the target, identify the range of their network, determine their active machines, uncover the services on ports, discover if there are any open ports and/or access points and map and locate the network.
Through proper and thorough research, a malicious actor can easily identify if a company is present online or not. Companies have their own websites, portals and apps which easily let everybody know they exist. By hacking into the systems and gaining past records and intimate information, hackers pose as employees of an organization or employees from the bank and ask for personal information by taking the targeted companies into their confident. Once they have the information, the can easily gather information about the target’s personally identifiable information and use it for unethical purposes and stealing.
The penetration testing would keep attackers at bay and will protect the private information of company and its employees. All the data will remain confidential and nobody will question the integrity of the company.