Penetration testing rules of engagement example

Ethical Hacking Assignment
.
.

Start for Project 1:

For the next eight weeks, you will play the role of a penetration tester for a fictional company, Centralia Security Lab. Your task is to develop a penetration testing proposal for your new client, Haverbrook Investment Group, while also working toward gaining the knowledge required for the Certified Ethical Hacker certification.

Scenrio:

Welcome to Centralia Security Lab!

logo for Centralia Security Lab

Centralia Security Lab has been hired by Haverbrook Investment Group to perform penetration testing on its systems. As a pen tester, you have been assigned to write the plan for what Centralia will do in the testing.

Your proposal should include the "rules of engagement" (agreement outlining the framework for the penetration testing) and outline how you would go through the five phases of hacking.

Proposal Overview

Previous Next

A penetration test includes various activities to identify and exploit security vulnerabilities. Such a test can determine whether security measures are effective.

The process of penetration testing includes planning the test, collecting information and performing the tests, analyzing the information found, and finally, writing up and communicating your findings. This assignment focuses on the planning phase as you will be outlining what steps you would plan to take if you were to conduct a pen test.

Your proposal will be submitted in four deliverables. The final deliverable will include all the sections combined:

· Rules of Engagement (Week 1)

· Reconnaissance Plan and Scanning Plan (Week 3)

· Gaining Access Plan (Week 5)

· Maintaining Access Plan, Covering Your Tracks Plan, and Final Report (Week 7)

Haverbrook Investment Group, L.L.L.P.
Haverbrook Investment Group L.L.L.P. (HIG) was established in 1935 by Mark Haverbrook as a small-town bank located in Largo, Maryland. Because Mr. Haverbrook believed the customer always comes first, HIG has grown to 350 locations across the United States of America. Beth Haverbrook, granddaughter of Mark Haverbrook, is the current chief executive officer.

Haverbook specializes in financial services, offering a wide range of products, including loans, investment services, insurance, and personal banking.

Haverbrook Investment Group L.L.L.P. (HIG) files annual, quarterly, and current reports along with other information required by the Securities and Exchange Act of 1934, as amended with the Securities Exchange Commission (SEC).

Industry: Financial Services

HQ location: Largo, MD

Employees: 8,738

Global Revenue: $9.7 billion

Total Customers: 8.5 million

Total Products: 25 million

Haverbrook Investment Group, L.L.L.P. Organization chart with the CEO over the CIO, CISO, CFO, Director of HR, and the Director of Marketing. The System Admin reports to the CIO and CISO. The Controller and Director of Finance reports to the CFO. Admin reports to the Director of HR. The Creative Team reports to the Director of Marketing.

Haverbrook Investment Group, L.L.L.P. Organization Chart

Your second project deliverable will be due in Week 3. It will be two to four pages in length and will contain a Reconnaissance Plan and a Scanning Plan. We recommend starting the assignment this week by developing the Reconnaissance Plan. Next week, you can write the Scanning Plan.

he five phases of hacking; reconnaissance, scanning, gaining access, maintaining access, and covering your tracks. The reconnaissance phase is highlighted.

Project 1: Rules of Engagement (Question)

Instructions
The first deliverable of the Penetration Test Proposal is the rules of engagement (ROE) document, a formal document that outlines the objectives, scope, methodology, and overall test plan agreed upon by the penetration testers and client system administrators. Penetration testing can cause complications such as network traffic congestion, system downtime, and may cause the same vulnerabilities and compromises it was designed to prevent. Due to the potential consequences of penetration testing, it is vital to agree upon a comprehensive ROE before testing.

For your ROE deliverable, consider the following:

· How will you identify Haverbrook Investment Group's network characteristics, expectations, constraints, critical systems, and other relevant information?

· What are your preliminary engagement activities with regard to scheduling, scope, and key stakeholders?

· What will you use to establish a binding agreement between Centralia Security Lab and Haverbrook Investment Group?

· How will you determine the services, targets, expectations, and other logistics that will be covered during the Rules of Engagement section?

· How will you explain to Haverbrook that the tools and techniques to be used in the penetration test will not corrupt data, violate privacy, and are in compliance with industry standards and any applicable laws and regulations?

Use the Rules of Engagement Template to record your work.

Please submit your work to the LEO submission box below.

Start for Project 2:

Scenario:

Active Reconnaissance

logo for Centralia Security Lab

Now that you have set the rules of engagement for your penetration test of Haverbrook Investment Group's system, you can begin planning the first phase of hacking, reconnaissance, for your proposal. These activities will help you gain insight into your target, Haverbrook Investment Group.

Here, you will engage in active reconnaissance, including gathering information to create a blueprint or map of the target's network and systems. You will also want to check the latest vulnerabilities on lists such as the National Vulnerability Database (NVD) and the levels of severity as defined by the Common Vulnerabilities and Exposures (CVE) list to see if anything applies to Haverbrook's systems.

The next deliverable will describe your plans for the scanning phase of hacking.

The five phases of hacking; reconnaissance, scanning, gaining access, maintaining access, and covering your tracks. The scanning phase is highlighted.

Scenario:

Scanning

logo for Centralia Security Lab

You have just completed your reconnaissance plan describing how you would gather information on Haverbrook Investment Group. Now you will continue your Penetration Test Proposal by submitting your plans for scanning the target systems.

In this phase, you know you have to execute more specific scanning methodologies to identify targets of opportunity and vulnerabilities to be exploited.

As a pen tester, you are going to continue to scan for vulnerabilities, test for open ports, and check for live systems. You know a few ways to do this, including performing IP sweeps, which might include protocols such as ICMP, UDP, and TCP, or using techniques such as banner grabbing or OS fingerprinting.

Ultimately, you know that to exploit Haverbrook's systems, you need a structured and ordered approach.

Project 2: Reconnaissance and Scanning Plans
Instructions
Outline and discuss specific use cases to discover and enumerate information that could be used for potential exploitation. Some examples of information that you are gathering from Haverbrook Investment Group's systems are usernames, machine names, shares, and services from a system. Identify any software, applications, or scripts that will be needed and provide a description of how this software will be used to gather information about Haverbrook's systems.

As you are developing the Scanning Plan, keep these questions in mind:

· How would you detect active systems?

· How would you determine the best attack vector you wish to exploit?

· How would you prioritize different targets of opportunity?

· What tools would you be using for scanning and enumeration of systems and vulnerabilities?

Be sure to identify any needed software and provide a description of how it will be used to gather information about the systems.

Use the Reconnaissance and Scanning plans template from last week to finish your deliverable.

When you are finished with both your Reconnaissance and Scanning plans, upload it to the LEO submission box below.

Start of Project 3

This week, you can begin thinking about how you gain access to the target systems.The five phases of hacking; reconnaissance, scanning, gaining access, maintaining access, and covering your tracks. The gaining access phase is highlighted

Scenario:

Gaining Access

logo for Centralia Security Lab

Up to this point, as a pen tester for Centralia Security Labs, you have set the rules of engagement, detailed how you plan to collect all the cyber intelligence needed, and mapped Haverbrook's network by scanning its systems.

Now, you can begin to plan how you would gain access to the target systems. You know that there are many open source and commercial tools available to gain access. You could also create custom exploits using programming languages.

Scenario:

Accessing Networks and Applications

logo for Centralia Security Lab

You have been proactive as a pen tester for Centralia Security Lab. You have exploited the network and taken control of a system within the target environment. As an effective penetration tester, you also know that you need to figure out how to maintain control of the system. To have a clear execution plan, you need to think about the best techniques and procedures when pivoting to obtain access and control of the targeted system.

You know that you have to be careful because if your actions are detected, network security administrators will isolate you and ultimately remove you from their network. Once you alert them, gaining access again becomes much more difficult.

Now you can finalize the specifics of how you would gain access to the target systems. Your report will include how you plan to collect enough information to access Haverbrook's systems, web applications, and networks, including the target resources you would focus on and techniques you would use to gain access to them.

Project 3: Gaining Access Plan

Previous Next

Instructions
After collecting enough information about the target during Deliverable 2 (Reconnaissance and Scanning Plan), you will describe how to use that information to gain access to Haverbrook's systems. Your one- to two-page plan on gaining access should include:

· details of the gaining access process in regards to the techniques commonly used to exploit low-privileged user accounts by cracking passwords through techniques such as brute-forcing, password guessing, and social engineering, and then escalate the account privileges to administrative levels, to perform a protected operation.

· an implementation outline of any software that will be used in gaining access to the network(s) or system(s) You may include open source and commercial tools available to execute the actual exploit: Burp Suite, Cain and Abel, Core Impact, John the Ripper, Metasploit, and others. You can also use some programming languages, such as Javascript, Perl, Python, Ruby, or C++, if you choose to develop custom exploits.

As you are developing the Gaining Access Plan, keep these questions in mind:

· How would you escalate your privileges?

· How would you establish a command and control communication channel?

Refer to Chapter 6 in the textbook for the different techniques that can be used to gain access to the system.

Use the Gaining Access Plan template to record your work. Please submit your work to the LEO submission box below.

Start of Project 4:

Scenario:

Maintaining Access

logo for Centralia Security Lab

Now that you have come up with a plan to gain access to Haverbrook's target systems, it's time to start planning how you will maintain that access once you get it.

You know that attempt will be useless unless you can not only extract the information you were looking for but stay unnoticed, and you also need to able to get back inside as needed.

A big part of managing a network is to secure it; therefore, you should take nothing for granted. You have to have a well-defined plan to get back into the target environment at will; second chances are much harder since they will be expecting you at that point.

As a penetration tester, you need to figure out how you will maintain control of the system. To have a clear execution plan, you need to think about the best techniques and procedures when pivoting to obtain main access and control of the targeted system.

Some of the command and control techniques you may use are methods of pivoting, such as elevation of privilege, password cracking, impersonation, DNS cache poisoning, and IP spoofing.

It's now time to describe the plans for the final phases of hacking, including how you will maintain access and cover your tracks.

The five phases of hacking; reconnaissance, scanning, gaining access, maintaining access, and covering your tracks. The covering your tracks phase is highlighted.

Scenario:

Covering Your Tracks

logo for Centralia Security Lab

Your penetration test into Haverbrook's systems is nearly complete. After planning how you would exploit the target's network, now you have to consider how you would cover your tracks within those systems. Your training and experience provides you with options to do so.

You know there are tools available in the operating system to perform cleanup. For instance, you can hide any malicious files introduced during exploitation by using steganographic techniques or NTFS streams to maintain future access to the target.

Additionally, you will make sure all the point of entries are accounted for, and you will keep track of any modifications you made. You will remove any malware, tools, or other nonnative files you placed on the system. You know that you can delete these files throughout an intrusion, keeping your footprint low, or remove them as part of the postintrusion cleanup process.

You will put all of the details of your penetration test into a final proposal to be delivered to Haverbrook's stakeholders.

Project 4: Final Penetration Test Proposal

Previous Next

Instructions
In the Final Penetration Test Proposal Template, add previous submissions, make updates and corrections based on the feedback received from your instructor, and add the Maintaining Access and Covering Your Tracks plans.

So, your final proposal will include the following components:

· Rules of Engagement (from Deliverable 1)

· Reconnaissance Plan (from Deliverable 2)

· Scanning Plan (from Deliverable 2)

· Gaining Access Plan (from Deliverable 3)

· Maintaining Access Plan (New)

· Covering Your Tracks Plan (New)

Use the Final Penetration Test Proposal template to complete your work.

Please submit your work to the LEO submission box below.