1
00:00:01,310 --> 00:00:01,550
All right.

2
00:00:01,550 --> 00:00:07,310
Hello and welcome back to the official start cop Ebonics and testing series.

3
00:00:07,580 --> 00:00:12,350
We're going to do an introduction to pen testing or penetration testing as it's more commonly known.

4
00:00:15,560 --> 00:00:17,960
And this is our table of contents or outline.

5
00:00:18,260 --> 00:00:20,720
We're going to cover what is penetration testing exactly.

6
00:00:21,200 --> 00:00:23,420
Why would companies want to conduct penetration testing?

7
00:00:23,810 --> 00:00:26,870
We're also going to look at the different security training exercises.

8
00:00:27,260 --> 00:00:30,140
We'll look at penetration testing methodologies.

9
00:00:30,860 --> 00:00:36,020
We'll look at how to plan for penetration testing and some of the legal considerations for it.

10
00:00:36,290 --> 00:00:40,310
Depending on where you are in the world, you may have different sets of rules or can testing.

11
00:00:40,970 --> 00:00:46,010
Also look at the different types of penetration tests and we'll cover some of the testing objectives

12
00:00:46,340 --> 00:00:51,140
as well as review questions at the end of the presentation.

13
00:00:52,250 --> 00:00:54,040
So penetration testing.

14
00:00:54,050 --> 00:00:56,190
So hackers are breaking into systems for profit.

15
00:00:56,570 --> 00:01:01,570
Before it was about intellectual curiosity, pursuit of knowledge and the thrill.

16
00:01:01,580 --> 00:01:04,250
And now hacking is big business, according to Kevin Mitnick.

17
00:01:04,730 --> 00:01:11,300
You might know from some of the great exploits in the eighties and nineties at a very young age, he

18
00:01:11,300 --> 00:01:16,970
was known to have acting skills and he's since reinvented himself as an ethical hacker.

19
00:01:17,330 --> 00:01:23,150
Works for a company called No Before, but in several books on hacking, he's probably the most famous

20
00:01:23,780 --> 00:01:28,160
hacker, at least of this particular timeframe.

21
00:01:30,870 --> 00:01:35,430
Some people are hacking for curiosity, the thrill of getting into the system.

22
00:01:35,820 --> 00:01:40,320
And now, of course, there's a lot of money to be made into it, especially with cybercrime.

23
00:01:42,660 --> 00:01:43,960
So what is penetration testing?

24
00:01:43,980 --> 00:01:50,910
Well, according to this special publication, 853, penetration testing is a specialized type of assessment

25
00:01:51,300 --> 00:01:54,630
conducted on information systems or individual system components.

26
00:01:54,990 --> 00:01:58,650
Identify vulnerabilities that could be exploited by adversaries.

27
00:01:59,160 --> 00:02:04,560
The testing can either be used to validate vulnerabilities or determine the degree of resistance.

28
00:02:04,890 --> 00:02:11,430
Organizational information systems have to adversaries with a set of specified constraints such as time,

29
00:02:11,700 --> 00:02:12,970
resources and or scale.

30
00:02:13,060 --> 00:02:14,190
So what does that tell you?

31
00:02:14,580 --> 00:02:16,890
Given enough time, given enough resources.

32
00:02:17,310 --> 00:02:19,290
Any system is vulnerable to an attacker.

33
00:02:20,100 --> 00:02:26,580
Penetration testing can be done to try and figure out what weaknesses you have or what vulnerabilities

34
00:02:26,580 --> 00:02:31,890
you might have that you want to make sure that attackers cannot be able to exploit.

35
00:02:31,900 --> 00:02:35,250
So it gets you into the mindset of the attacker.

36
00:02:38,880 --> 00:02:40,710
So some case studies here.

37
00:02:41,910 --> 00:02:45,090
So a British student who breached security at Facebook.

38
00:02:45,720 --> 00:02:46,760
It's been a couple of years now.

39
00:02:46,770 --> 00:02:51,210
He was sentenced to eight months in jail despite arguing that his intentions were not malicious.

40
00:02:51,880 --> 00:02:58,740
The judge, Alastair Mccreath, however, was not sympathetic to the argument that this individual Magnum

41
00:02:58,740 --> 00:03:03,780
was attempting to uncover security holes was not a bit of harmless experimentation.

42
00:03:04,140 --> 00:03:09,270
You access the very heart of a system of international business, of a massive size, the international

43
00:03:09,270 --> 00:03:13,000
meeting that covered multiple legal jurisdictions potentially.

44
00:03:13,020 --> 00:03:18,150
So this was not just dealing about in business records of some tiny business of real great importance.

45
00:03:18,660 --> 00:03:21,870
You required a great deal of sensitive and confidential information.

46
00:03:22,230 --> 00:03:23,550
You were not entitled to.

47
00:03:24,060 --> 00:03:27,210
So potentially this could have been disastrous for the company.

48
00:03:27,360 --> 00:03:28,800
None other than Facebook.

49
00:03:29,520 --> 00:03:31,150
So, of course, fast forward to today.

50
00:03:31,180 --> 00:03:33,790
We have things like the General Data Protection Act.

51
00:03:33,820 --> 00:03:35,820
We have the Electronic Consumer Privacy Act.

52
00:03:35,820 --> 00:03:36,240
We have.

53
00:03:37,580 --> 00:03:40,460
Many, many other governing bodies.

54
00:03:40,730 --> 00:03:44,000
We have regulatory compliance frameworks.

55
00:03:50,760 --> 00:03:55,350
So the main thing to keep in mind here is if you're going to go after a target or a company, you want

56
00:03:55,350 --> 00:03:57,180
to make sure that you have permission.

57
00:03:58,050 --> 00:04:02,880
You want to make sure that you have authorization because you can get in trouble as much as this person

58
00:04:03,630 --> 00:04:04,230
did here.

59
00:04:05,430 --> 00:04:06,630
So why pen testing?

60
00:04:06,630 --> 00:04:14,040
Well, and try to do testing attempts to duplicate actions that adversaries adversaries take in carrying

61
00:04:14,040 --> 00:04:16,770
out hostile cyber attacks against organizations.

62
00:04:17,100 --> 00:04:24,150
And it can provide a more in-depth analysis of security deficiencies besides just vulnerability testing

63
00:04:24,150 --> 00:04:24,480
alone.

64
00:04:24,780 --> 00:04:29,340
You can do penetration testing on hardware, software, firmware.

65
00:04:30,590 --> 00:04:32,840
Many different components of an information system.

66
00:04:35,040 --> 00:04:40,350
And you can look at it both from a physical security perspective and a technical security perspective

67
00:04:40,350 --> 00:04:40,770
as well.

68
00:04:43,270 --> 00:04:47,470
So let's first define security training, exercise.

69
00:04:47,810 --> 00:04:51,450
And in this case, this comes from the CSI.

70
00:04:52,480 --> 00:04:54,070
4009 series.

71
00:04:55,710 --> 00:05:01,920
A group responsible for defending an enterprise use of information systems by maintaining its posture

72
00:05:02,130 --> 00:05:03,420
against a group of Mok.

73
00:05:03,900 --> 00:05:04,090
That's.

74
00:05:05,420 --> 00:05:06,140
Attackers.

75
00:05:09,390 --> 00:05:15,790
So the red team, which are we have a group of people that are authorized and organized to emulate and

76
00:05:15,810 --> 00:05:21,450
adversaries attack or exploitation capabilities and enterprises security posture.

77
00:05:22,060 --> 00:05:27,750
The red teams objective is to improve enterprise cyber security by demonstrating the impacts of successful

78
00:05:27,750 --> 00:05:32,250
attacks and by demonstrating what works for the defenders such as the Blue Team.

79
00:05:33,950 --> 00:05:35,210
In an operational environment.

80
00:05:35,210 --> 00:05:37,040
This is also known as the cyber red team.

81
00:05:38,060 --> 00:05:39,380
What is the science?

82
00:05:40,550 --> 00:05:44,090
This is the Committee on National Security Systems.

83
00:05:45,110 --> 00:05:52,010
They provide a forum for discussion of policy issues and are responsible for setting national level

84
00:05:52,010 --> 00:05:58,130
cyber security policies, directives, instructions, operational procedures, guidance and advisories

85
00:05:58,130 --> 00:06:04,940
for the U.S. government departments, as well as agencies that work with national security systems through

86
00:06:04,940 --> 00:06:08,120
the CNS issuance system.

87
00:06:13,050 --> 00:06:15,990
So let's talk about the penetration testing methodology.

88
00:06:18,030 --> 00:06:23,640
So there are different ways to go after a system based on either the full knowledge of the system.

89
00:06:25,100 --> 00:06:32,930
Or we have tests, identification of potential vulnerabilities, and we design tests to exploit those

90
00:06:32,930 --> 00:06:34,730
particular vulnerabilities.

91
00:06:35,150 --> 00:06:40,150
This is designed to be more of a white box testing environment.

92
00:06:42,160 --> 00:06:49,720
According to standard 15, you have the planning phase, you have the discovery and the attack phase,

93
00:06:49,720 --> 00:06:52,330
which feeds back into the reporting phase.

94
00:06:56,290 --> 00:06:59,530
This is from the Nest 815 series.

95
00:07:00,940 --> 00:07:02,740
The planning for a penetration test.

96
00:07:03,220 --> 00:07:09,010
The organisation will employ an independent penetration testing agent or penetration testing team,

97
00:07:09,700 --> 00:07:12,010
perform pan testing on the system or components.

98
00:07:12,640 --> 00:07:19,660
The idea is that the end testers will be impartial and they're free from any perceived or actual conflicts

99
00:07:19,660 --> 00:07:25,120
of interest with regard to development, operation or management of those systems that are the targets

100
00:07:25,120 --> 00:07:26,140
of the penetration testing.

101
00:07:26,140 --> 00:07:30,820
So ideally, you most likely won't have this expertise in-house and may have to outsource.

102
00:07:32,790 --> 00:07:34,860
The organization employees assignments.

103
00:07:38,260 --> 00:07:43,660
You stimulate attempts by adversaries to compromise organizational information systems in accordance

104
00:07:43,660 --> 00:07:46,480
with their own rules of engagement.

105
00:07:48,700 --> 00:07:53,830
There are some legal considerations with respect to an attrition test and red teams.

106
00:07:54,220 --> 00:08:01,090
There are certain contractual agreements where this is a legally enforceable agreement signed by authorized

107
00:08:01,090 --> 00:08:02,590
individuals from both parties.

108
00:08:03,070 --> 00:08:08,800
These agreements will outline each person's obligation in the process and will impose terms and conditions

109
00:08:08,800 --> 00:08:09,790
on the pen testing.

110
00:08:10,870 --> 00:08:16,330
U.S. export laws also prohibit the exporting of certain goods and services to other countries, and

111
00:08:16,330 --> 00:08:21,400
organizations will still need to comply with sanctions rules and things like anti-money laundering,

112
00:08:21,400 --> 00:08:22,660
amongst other restrictions.

113
00:08:23,260 --> 00:08:30,430
And of course, we know U.S. export laws cover other things like encryption and arms control and many

114
00:08:30,430 --> 00:08:31,360
other things like that.

115
00:08:32,580 --> 00:08:37,200
So of course, then we have the topic of non-disclosure agreements or ideas.

116
00:08:37,470 --> 00:08:39,270
These are confidentiality agreements.

117
00:08:39,270 --> 00:08:45,960
They protect the organization's competitive advantage or protecting its proprietary information and

118
00:08:45,960 --> 00:08:47,070
intellectual property.

119
00:08:47,730 --> 00:08:53,270
Contracting entity will have a sworn duty to ensure that any vulnerabilities discovered during a pen

120
00:08:53,280 --> 00:08:57,930
test is not used or disclosed inappropriately by the vendor or the contractor.

121
00:08:59,400 --> 00:09:05,130
So the main thing to remember is that you disclose any foreign bodies that are found or in the penthouse.

122
00:09:05,460 --> 00:09:06,210
Responsibly.

123
00:09:06,240 --> 00:09:09,330
Don't tell the world there's a right way to do this.

124
00:09:09,510 --> 00:09:14,700
You also may even need security clearances to be able to conduct a penetration test, or at the very

125
00:09:14,700 --> 00:09:16,220
least, a national background check.

126
00:09:27,770 --> 00:09:31,730
Now there are some other legal considerations, like a master service agreement.

127
00:09:32,120 --> 00:09:35,900
Now, this is an overreaching contract that's entered into between two or more parties.

128
00:09:36,290 --> 00:09:41,690
This governs the period of future in-game engagements and includes things like payment terms.

129
00:09:41,690 --> 00:09:46,820
Any warranties, intellectual property ownership due to.

130
00:09:49,690 --> 00:09:57,940
A proper way to resolve disputes as well as the allocation of risks and usually an indemnification clause.

131
00:09:59,750 --> 00:10:05,180
Then we have the statement of work, which is the formal document which outlines the project specific

132
00:10:05,180 --> 00:10:07,580
work to be executed by a vendor.

133
00:10:07,910 --> 00:10:10,480
These may be included in the Master Service Agreement.

134
00:10:11,090 --> 00:10:17,180
The statement of work may include the scope, location of work periods and deliverables that are required

135
00:10:17,480 --> 00:10:23,180
and any industry standards as well as any special requirements and payment schedule.

136
00:10:25,210 --> 00:10:26,920
So then we have the rules of engagement.

137
00:10:27,190 --> 00:10:31,210
Think of this like a borrowed military term, because that's exactly what it is.

138
00:10:31,450 --> 00:10:37,180
All parties have to agree to the rules of engagement before commencing any penetration testing scenarios.

139
00:10:37,540 --> 00:10:43,360
Organizations will correlate and testing rules of engagement with the tools, techniques and procedures

140
00:10:44,200 --> 00:10:49,330
or TTPs that are anticipated to be employed by adversaries carrying out the attacks.

141
00:10:49,990 --> 00:10:56,470
Additionally, organizational risk assessments will guide decisions based on the level of autonomy or

142
00:10:56,470 --> 00:11:00,070
independence required for personnel conducting penetration testing.

143
00:11:02,010 --> 00:11:07,830
But to put this, in other words, the rules of engagement, what may be dependent upon production systems

144
00:11:08,070 --> 00:11:13,500
may also be dependent upon the risk appetite of the organization, how much risk they are willing to

145
00:11:13,500 --> 00:11:20,470
assume to their production equipment or their applications, as most organizations care about downtime.

146
00:11:20,490 --> 00:11:23,700
How are the rules of engagement going to impact their.

147
00:11:24,690 --> 00:11:27,600
Employees, their production systems and things like that.

148
00:11:29,430 --> 00:11:31,860
The rules of engagement will typically have the following.

149
00:11:32,220 --> 00:11:37,110
They'll have an introduction the purpose, the scope, any assumptions, any limitations?

150
00:11:37,980 --> 00:11:41,730
Are there any logistics for the testing personnel for the test site?

151
00:11:42,800 --> 00:11:45,650
And there needs to be a communication strategy.

152
00:11:53,210 --> 00:12:00,500
The communication strategy applies to general communication, which discusses the frequency of and methods

153
00:12:00,500 --> 00:12:01,340
of communication.

154
00:12:01,350 --> 00:12:06,680
For example, identify the meeting, schedule, locations and conference call information.

155
00:12:07,990 --> 00:12:13,110
If appropriate, then you have the incident handling and response process.

156
00:12:13,120 --> 00:12:19,450
This section is critical in the rules of engagement because in the event an incident occurs on the network

157
00:12:19,450 --> 00:12:25,060
while testing is in progress, criteria for halting the information security testing should be provided,

158
00:12:25,690 --> 00:12:30,670
as well as details on the testing its course of action in the event that a test procedure negatively

159
00:12:30,670 --> 00:12:32,590
impacts the network or an adversary.

160
00:12:33,900 --> 00:12:39,260
Attacks the organization while the testing is underway, the organization's incident response call tree

161
00:12:39,560 --> 00:12:43,550
slash chain of command should be provided in a quick reference format.

162
00:12:45,080 --> 00:12:49,430
Process for reinstating the testing and resuming testing should also be provided.

163
00:12:50,030 --> 00:12:53,000
And we have a number four target system in our network.

164
00:12:53,510 --> 00:12:59,540
This identifies systems and or networks to be tested throughout the information security testing process.

165
00:12:59,930 --> 00:13:05,650
Information said include authorised and unauthorised IP addresses or other distinguishing identifiers

166
00:13:05,660 --> 00:13:06,410
if appropriate.

167
00:13:06,980 --> 00:13:13,820
The systems, servers, workstations, firewalls, etc. operating systems and any applications to be

168
00:13:13,820 --> 00:13:14,300
tested.

169
00:13:14,750 --> 00:13:15,770
This should also.

170
00:13:16,730 --> 00:13:20,570
Include any system that is not authorized for testing.

171
00:13:20,900 --> 00:13:23,750
This could be called something like the excluded list.

172
00:13:24,470 --> 00:13:26,330
Then you have the testing execution.

173
00:13:26,660 --> 00:13:32,900
This is specific to the testing type and scope, which should detail what is allowed and what is disallowed,

174
00:13:32,910 --> 00:13:36,710
and also a description of the information security testing methodology.

175
00:13:37,280 --> 00:13:42,230
If necessary, you might have a separate plan that could be developed that complements the rules of

176
00:13:42,230 --> 00:13:45,590
engagement as an appendix or a separate document.

177
00:13:49,730 --> 00:13:52,160
Then you have the data handling components.

178
00:13:52,520 --> 00:13:58,010
This is the guidelines for gathering, storing, transmitting and destroying test data and establishes

179
00:13:58,010 --> 00:14:01,250
detailed, unambiguous requirements for data handling.

180
00:14:02,090 --> 00:14:08,030
Keep in mind that any data that's going to be generated during this information security test will identify

181
00:14:08,030 --> 00:14:10,400
vulnerabilities that an adversary can exploit.

182
00:14:10,670 --> 00:14:12,920
It should be considered sensitive.

183
00:14:14,000 --> 00:14:16,130
And then we have the reporting phase.

184
00:14:16,430 --> 00:14:22,400
These are details and reporting requirements and the report deliverables that are expected to be provided

185
00:14:22,850 --> 00:14:25,070
throughout the testing process and its conclusion.

186
00:14:25,880 --> 00:14:32,480
Minimum information to be provided in each report such as vulnerabilities and expected mitigation techniques,

187
00:14:32,900 --> 00:14:38,420
as well as the frequency with which the reports will be delivered, such as daily status report should

188
00:14:38,420 --> 00:14:39,260
also be included.

189
00:14:39,740 --> 00:14:48,050
The template may be provided as an appendix to the Rules of engagement to demonstrate specific formatting

190
00:14:48,050 --> 00:14:48,980
and content.

191
00:14:52,370 --> 00:14:54,200
Then there is lastly the signature page.

192
00:14:54,200 --> 00:14:58,670
So the accountable party or the person is responsible such as the C.

193
00:14:58,670 --> 00:15:05,720
So the CIA or the CSO should sign the rules of engagement stating that they understand the test, scope

194
00:15:05,720 --> 00:15:06,530
and boundaries.

195
00:15:09,060 --> 00:15:12,240
So now let's talk about some of the different types of penetration tests.

196
00:15:17,140 --> 00:15:19,000
First you have blackbox testing.

197
00:15:19,300 --> 00:15:21,520
This is essentially going in blind.

198
00:15:21,880 --> 00:15:26,950
This is where there's no confidential information given to the security consultant except what's outlined

199
00:15:26,950 --> 00:15:28,930
within the scope and the rules of engagement.

200
00:15:30,180 --> 00:15:35,730
This is from the perspective of an attacker, not from the perspective of an insider.

201
00:15:36,390 --> 00:15:38,910
Then you have the white box testing.

202
00:15:40,180 --> 00:15:45,190
Which is where the consultants given complete knowledge to the organisation, complete access to any

203
00:15:45,190 --> 00:15:47,890
information they might need for the test.

204
00:15:56,150 --> 00:15:56,780
The white box.

205
00:15:56,780 --> 00:15:59,690
Texting could be things like source code.

206
00:15:59,700 --> 00:16:00,380
This could be.

207
00:16:02,190 --> 00:16:05,910
Usernames and passwords, network diagrams, things of that nature.

208
00:16:06,270 --> 00:16:07,620
With grey box testing.

209
00:16:07,740 --> 00:16:11,340
You get some information, but not complete information.

210
00:16:12,270 --> 00:16:17,820
White box techniques will tend to be more efficient and cost effective for finding security defects,

211
00:16:18,150 --> 00:16:22,350
especially with customized applications versus black box testing.

212
00:16:24,180 --> 00:16:25,680
Many tests will use both.

213
00:16:26,580 --> 00:16:28,950
And this is known as grey box testing.

214
00:16:32,450 --> 00:16:35,570
There are some different testing objectives to be aware of as well.

215
00:16:39,840 --> 00:16:46,380
Penetration tests or engagements can be goal based or objective based to identify security shortcomings.

216
00:16:46,830 --> 00:16:52,350
It can be many different objectives or why you might want to test out your network to see where your

217
00:16:52,350 --> 00:16:53,310
weaknesses lie.

218
00:16:53,820 --> 00:17:01,140
You can also do pain tests based on compliance reasons, such as if you're dealing with health care

219
00:17:01,140 --> 00:17:07,500
data, such as and you have to comply with HIPA regulations, or maybe you have to comply with payment

220
00:17:07,500 --> 00:17:08,400
card industry.

221
00:17:09,300 --> 00:17:10,500
Data Security Standard.

222
00:17:10,830 --> 00:17:11,760
Compliance based.

223
00:17:13,080 --> 00:17:13,830
Regulations.

224
00:17:13,830 --> 00:17:18,210
And lastly, you might just have testing out your red team.

225
00:17:22,550 --> 00:17:26,570
So let's talk about the individual examples here.

226
00:17:26,780 --> 00:17:31,970
So goal based, this type of penetration testing, attempts to evaluate the security by conducting a

227
00:17:31,970 --> 00:17:35,270
simulated cyber attack as if it were actually occurring.

228
00:17:36,050 --> 00:17:42,350
The objectives must be clearly defined and they can assess people, processes and technology.

229
00:17:42,650 --> 00:17:49,040
This could be what is the likelihood of an attacker getting root level access to a web server?

230
00:17:50,230 --> 00:17:55,060
These objectives will help the organization learn about the various assets.

231
00:17:56,420 --> 00:18:03,470
Then you have compliance based like PCI, DSS, which requires that a penetration test which validates

232
00:18:03,470 --> 00:18:09,920
the scope and effectiveness of segmentation controls to be done every six months or after any changes

233
00:18:10,340 --> 00:18:11,100
in those controls.

234
00:18:11,130 --> 00:18:12,980
So we're talking about segmenting the network.

235
00:18:13,190 --> 00:18:20,060
PCI DSS, however, does not require a penetration test or even a vulnerability scan, but it does require

236
00:18:20,060 --> 00:18:25,340
a risk analysis which effectively requires an organization to test out their security control.

237
00:18:26,300 --> 00:18:30,890
Two of the most important ways of doing that are vulnerability scanning and penetration testing.

238
00:18:30,890 --> 00:18:32,450
So it's kind of an implied task.

239
00:18:32,870 --> 00:18:34,790
And thirdly, you have the Fisman.

240
00:18:36,520 --> 00:18:42,130
Act four federal government information systems, which requires penetration testing to demonstrate

241
00:18:42,130 --> 00:18:50,680
compliance with missed special publication 853 and to be able to obtain a PRISMA verification.

242
00:18:52,670 --> 00:18:53,990
So now we have a case study.

243
00:18:54,360 --> 00:18:59,870
The Bank of Jumanji is a multinational financial conglomerate with branches in the U.S. and branches

244
00:18:59,870 --> 00:19:01,130
in the Netherlands and Canada.

245
00:19:01,490 --> 00:19:07,370
Recently, the bank has come under attack from cybercriminals and has lost over 400,000 records in a

246
00:19:07,370 --> 00:19:08,240
recent attack.

247
00:19:09,480 --> 00:19:14,610
Is a penetration test recommended and what will be the perceived benefits of conducting a penetration

248
00:19:14,610 --> 00:19:15,030
test?

249
00:19:30,260 --> 00:19:31,940
So now we have some review questions.

250
00:19:32,120 --> 00:19:37,610
So Mark is defined in the scope of penetration testing, engagement to assess the vulnerability of his

251
00:19:37,610 --> 00:19:39,980
organization's branch office in Seattle, Washington.

252
00:19:40,550 --> 00:19:46,100
The organization will provide basic network information and its desire to see how much more information

253
00:19:46,100 --> 00:19:47,570
Mark can discover on his own.

254
00:19:47,990 --> 00:19:51,860
What type of test is best recommended to achieve this objective?

255
00:20:02,420 --> 00:20:06,770
In this case, the this question describes a black box test.

256
00:20:06,800 --> 00:20:11,450
They don't give him very much information at all and want to see how much information he can discover

257
00:20:11,450 --> 00:20:11,910
on his own.

258
00:20:11,930 --> 00:20:13,880
So the correct answer to this would be a.

259
00:20:14,870 --> 00:20:16,790
Now let's look at number two.

260
00:20:17,090 --> 00:20:22,610
Junior is entering into an engagement with Pen Tester LLP and is desirous of protecting his organization's

261
00:20:22,610 --> 00:20:25,460
proprietary information and intellectual property.

262
00:20:25,760 --> 00:20:28,420
Which legal document best achieves this objective?

263
00:20:35,940 --> 00:20:37,710
So we're talking about intellectual property.

264
00:20:38,100 --> 00:20:39,000
We're talking about.

265
00:20:40,260 --> 00:20:41,940
Of course, the nondisclosure agreement.

266
00:20:43,230 --> 00:20:48,630
Number three, when conducting a penetration test, which the following documents will outline the requirement

267
00:20:48,630 --> 00:20:50,070
to visit different sites.

268
00:20:51,760 --> 00:20:51,980
Ms..

269
00:20:52,220 --> 00:20:54,970
QUESTION The best answer is statement.

270
00:20:54,980 --> 00:21:00,650
A work statement work will identify the requirement to visit different sites.

271
00:21:01,370 --> 00:21:03,050
Let's go to question number four.

272
00:21:03,590 --> 00:21:09,950
Duga is a defense contractor of software applications and requires a penetration test to be inducted,

273
00:21:10,750 --> 00:21:14,450
which requires the contractor as security clearance before conducting the penetration test.

274
00:21:14,960 --> 00:21:19,490
Which of the following is the most justified explanation for this requirement?

275
00:21:33,080 --> 00:21:34,280
So in this case, we have.

276
00:21:37,460 --> 00:21:38,690
The government restriction.

277
00:21:39,560 --> 00:21:40,750
Let's look at number five.

278
00:21:40,760 --> 00:21:46,670
ABH LLP has engaged your services as a penetration tester.

279
00:21:46,670 --> 00:21:51,720
The bank currently processes online credit card payments for health care facilities throughout the world.

280
00:21:51,740 --> 00:21:54,440
What type of penetration test do you believe the bank is requesting?

281
00:21:57,200 --> 00:22:01,680
Because it says they are a bank and they also process credit card payments.

282
00:22:01,700 --> 00:22:08,540
Most likely they're going to have to comply with it as well as the payment card industry, PCI, DSS.

283
00:22:08,730 --> 00:22:13,640
So the correct answer would be the number six during a penetration testing exercise.

284
00:22:13,670 --> 00:22:17,540
James accidentally gains access to a segment of the network that's classified.

285
00:22:18,170 --> 00:22:21,200
The SIM of the organization triggered off an alarm.

286
00:22:21,230 --> 00:22:23,840
It's now apparent the incident had taken place on the network.

287
00:22:24,230 --> 00:22:28,850
Which document should James and the organization consult to address this issue?

288
00:22:28,940 --> 00:22:30,770
That would be the rules of engagement.

289
00:22:34,750 --> 00:22:35,440
Or be.

290
00:22:36,450 --> 00:22:37,350
Let's do number seven.

291
00:22:37,350 --> 00:22:40,540
You're conducting a penetration test engagement for a client.

292
00:22:40,560 --> 00:22:48,300
The rules of engagement clearly defines that you should be accessing the network 1726.0.0 slash 16.

293
00:22:48,690 --> 00:22:57,000
During the executing of the engagement, you were also asked to add the network 196168110 such 24,

294
00:22:57,300 --> 00:23:02,750
which is used by the wireless network which the following best explains the situation in.

295
00:23:05,420 --> 00:23:08,240
In this case, it would be scope creep.

296
00:23:12,240 --> 00:23:17,400
Because they're adding extra things after the current rules of engagement.

297
00:23:19,720 --> 00:23:24,370
Remember, you're conducting a penetration testing engagement which requires you to have validated authentication

298
00:23:24,370 --> 00:23:27,730
and other information was granted you intimate knowledge of the networking environment.

299
00:23:28,090 --> 00:23:30,310
Which of the testing are you likely to be conducting?

300
00:23:30,580 --> 00:23:36,100
And that is white box testing because you're given intimate knowledge of network.

301
00:23:37,240 --> 00:23:39,040
On the perspective of an insider.

302
00:23:40,120 --> 00:23:42,310
Number nine, you're conducting a penetration test.

303
00:23:42,610 --> 00:23:47,260
When the blue team identifies your scans and sets a rule on the IPS to block all traffic on the network

304
00:23:47,260 --> 00:23:52,620
from your IP address, which is the following would be a best response to the situation.

305
00:24:06,290 --> 00:24:12,170
Best practice would be to re scan the network using IPS evasion techniques and continue the engagement

306
00:24:12,170 --> 00:24:14,420
because you want to provide the best solution.

307
00:24:14,420 --> 00:24:21,710
Just don't take the first blocked IP because you can clearly obtain another IP address and move on.

308
00:24:23,850 --> 00:24:28,080
Number ten, which of the following stakeholders are involved running a penetration, testing engagement?

309
00:24:28,980 --> 00:24:31,110
And of course, your stakeholders are usually.

310
00:24:32,930 --> 00:24:34,430
Your executive management.

311
00:24:35,860 --> 00:24:37,540
Because they are the ones that are in charge.

312
00:24:37,540 --> 00:24:42,580
They're the ones that are in control of the decision to accept the risk or not.

313
00:24:44,860 --> 00:24:51,880
That is the end of our introduction to penetration testing and we will see you in the next module.