4.1 Reporting & communications: Communication & reports Flashcards
Communication Paths: who are the primary contact for reporting?
The party responsible for handling the project for the target organization
● CISO
● CIO
● IT Director
● SOC Director
Communication Triggers: what Status Report for?
Used to provide regular progress updates to the primary, secondary, and technical contacts during an engagement
Communication Triggers: what a Critical Findings?
Occur when a vulnerability is found that could pose a significant risk to the organization
Communication Triggers: what Indicator of Compromise (IoC)?
▪ A residual sign that an asset or network has been successfully attacked or is being attacked
▪ If there are IoCs in the target network, pause the engagement and shift to an incident response or recovery mode
Reasons for Communication: what Situation Awareness as reason for communication?
▪ The perception of the different environment elements and events with respect to time or space, the comprehension of their meaning, and the projection of their future status
▪ Members need to communicate and share information to create a shared situational awareness amongst the team
Reasons for Communication: what De-confliction as reason for communication?
Used to determine if a detected activity is a real attacker acting against the target network or an authorized penetration tester
Reasons for Communication: what De-escalation ?
The process of decreasing the severity, intensity, or magnitude of a reported security alert
Reasons for Communication: what False positives?
Use a results validation process with the trusted agent to help identify what findings may be false positives
Reasons for Communication: what Criminal activity and Goal reprioritization?
o Criminal activity: In case of criminal activity, consult with your lawyer or legal counsel to determine the appropriate next steps
o Goal reprioritization: Realize that penetration tests are a fluid thing and priorities do change during the engagement
Presentation of Findings: define C Suite and how to present your findings to them?
▪ Refers to the top-level management inside of an organization:
● How vulnerable is their organization?
● What can they do to stop those vulnerabilities?
● How much money is it going to take?
● How many people is it going to take?
● How much time is it going to take?
▪ You need to put the cost associated with your findings
▪ You need to present them with the benefits
▪ Keep things at a broad, high level that is focused on the business and the cost
Presentation of Findings: what are the Third Party Stakeholders in the reporting phase?
People that are not directly involved with the organization or client, but still involved in the process related to the different penetration testing
Presentation of Findings: what are the Technical Staff in the reporting phase?
They’re going to be looking for details and ways that they can change things using different operations software or security patches
Presentation of Findings: what are the Developers in the reporting phase?
They’re looking for deeply technical information so they can change the code that’s runs those applications and prevent vulnerabilities from happening
Report Data Gathering: what should be the source of the data you gather during your pentest?
▪ Open-source intelligence
▪ Reconnaissance
▪ Enumeration
▪ Vulnerability scanners
▪ Attack and exploit tools
Report Data Gathering: what Normalization means?
The process of combining data from various sources into a common format and repository