Penetration Test Proposal Deliverable : Rules of Engagement

Overview

As a malicious actor, while conduction techniques of Passive reconnaissance, I would engage in a targeted attack against Haverbrook Investment Group by the following methods:

• Wardriving: often known as point mapping, is the process of identifying the location of wireless connections and exploitation of these connections.
• Extracting information on discarded computer systems, hard drives and other devices.
• Disguising as an authorized user on authorized networks.

Scope

Through proper and thorough research, a malicious actor can easily identify if a company is present online or not. Companies have their own websites, portals and apps which easily let everybody know they exist. By hacking into the systems and gaining past records and intimate information, hackers pose as employees of an organization or employees from the bank and ask for personal information by taking the targeted companies into their confident. Once they have the information, the can easily gather information about the target’s personally identifiable information and use it for unethical purposes and stealing.

Checklist

The techniques I would use for foot printing would include not being connected to any system because in a passive reconnaissance information is gathered without direct interaction with the targeted systems. Moreover, I would gather the basic information about the target, identify the range of their network, determine their active machines, uncover the services on ports, discover if there are any open ports and/or access points and map and locate the network.

Ethical Considerations

The penetration testing would keep attackers at bay and will protect the private information of company and its employees. All the data will remain confidential and nobody will question the integrity of the company.

References

Process: Gaining and Elevating Access. (2017, January 24). Retrieved February 20, 2020, from https://resources.infosecinstitute.com/process-gaining-and-elevating-access/

RECONNAISANCE PLAN (TASK 1)

As a malicious actor, while conduction techniques of Passive reconnaissance, I would engage in a targeted attack against Haverbrook Investment Group by the following methods:

• War driving: often known as point mapping, is the process of identifying the location of wireless connections and exploitation of these connections.
• Extracting information on discarded computer systems, hard drives and other devices.
• Disguising as an authorized user on authorized networks.

The techniques I would use for footprinting would include not being connected to any system because in a passive reconnaissance information is gathered without direct interaction with the targeted systems. Moreover, I would gather the basic information about the target, identify the range of their network, determine their active machines, uncover the services on ports, discover if there are any open ports and/or access points and map and locate the network.

Through proper and thorough research, a malicious actor can easily identify if a company is present online or not. Companies have their own websites, portals and apps which easily let everybody know they exist. By hacking into the systems and gaining past records and intimate information, hackers pose as employees of an organization or employees from the bank and ask for personal information by taking the targeted companies into their confident. Once they have the information, the can easily gather information about the target’s personally identifiable information and use it for unethical purposes and stealing.

The penetration testing would keep attackers at bay and will protect the private information of company and its employees. All the data will remain confidential and nobody will question the integrity of the company.