What Are Some Of The Actions You Would Take At Conduct A Red Team Assessment?

1619 Words Dec 3rd, 2016 7 Pages
1a. What are some of the actions you would take to conduct a Red Team assessment?

According to the book “Penetration Testing, A hands-on Introduction to Hacking (Weidman,
2014)”, there are six phases of the penetration testing process. The six phases are pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation and reporting.
Pre-engagement
During the pre-engagement phase, I would interact and plan out the testing scenario with the client. We would discuss their expectations, versus reality and their goals for performing the pentest. Additionally, we would engage in discussions detailing the project scope to define responsibilities of the red team and the responsibilities of the organization. As well, we would discuss left and right boundaries regarding actions and reactions to situations that may occur as a result of the pentest scenario. Finally, after all expectations, goals, responsibilities and project scope are clearly identified and agreed upon we would need to discuss what type of reporting mechanism the client prefers. Some clients may prefer a more discreet reporting platform, informing only a select few employees . Other organizations may prefer a more widespread dissemination of the pentest findings to use as an awareness and teaching mechanism for their employees.

Information Gathering During the Information-gathering phase, I would begin Open Source Research…

More about What Are Some Of The Actions You Would Take At Conduct A Red Team Assessment?

Open Document