Contents

Executive Summary 4

Overview 4

Goals 4

Constraints 4

Areas for more cohesive collaboration 4

Methodology for Determining Vulnerability Severity 4

Overview of Findings 5

Overall Findings 5

Insights 5

Recommendations 5

Abstract Penetration Testing Methodology 5

Overview 5

Scanning/Enumeration 5

Analysis 5

Exploitation 6

Reporting 6

Penetration Testing Findings Overview 6

Summary of Findings 6

External Network/Web Application Test 6

Summary 6

Assessment Findings 7

Internal Network Test 16

Summary 16

Assessment Findings 16

Physical Penetration Test 28

Overview 28

Assessment Findings 28

Wireless Penetration Test 31

Overview 31

Assessment Findings 31

Phishing Test 31

Overview 31

Templates 32

Landing Page 32

Assessment Findings 32

Tools Used For Testing 33

External/Web Application Penetration Test 33

Internal Penetration Test 33

Wireless Penetration Test 38

Phishing Test 39

Appendix 40

Scope of Work 40

Target Scope 40

Detailed Methodology 41

External/Internal Web Application 41

Internal 41

Physical 41

Wireless 41

Phishing 41

How to use Burp Proxy 41

URL 41

Intercepting Traffic 41

Sending Traffic to Intruder 41

Sending Traffic to Repeater 41

Executive Summary

Overview

Customer Engagement Summary

Goals

• Perform a grey-box penetration test of <CLIENT> operating environment to identify weaknesses that threat actors may exploit.