4.1 Reporting & communications: Communication & reports Flashcards

1
Q

Communication Paths: who are the primary contact for reporting?

A

The party responsible for handling the project for the target organization
● CISO
● CIO
● IT Director
● SOC Director

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Communication Triggers: what Status Report for?

A

Used to provide regular progress updates to the primary, secondary, and technical contacts during an engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Communication Triggers: what a Critical Findings?

A

Occur when a vulnerability is found that could pose a significant risk to the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Communication Triggers: what Indicator of Compromise (IoC)?

A

▪ A residual sign that an asset or network has been successfully attacked or is being attacked
▪ If there are IoCs in the target network, pause the engagement and shift to an incident response or recovery mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Reasons for Communication: what Situation Awareness as reason for communication?

A

▪ The perception of the different environment elements and events with respect to time or space, the comprehension of their meaning, and the projection of their future status
▪ Members need to communicate and share information to create a shared situational awareness amongst the team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Reasons for Communication: what De-confliction as reason for communication?

A

Used to determine if a detected activity is a real attacker acting against the target network or an authorized penetration tester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Reasons for Communication: what De-escalation ?

A

The process of decreasing the severity, intensity, or magnitude of a reported security alert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Reasons for Communication: what False positives?

A

Use a results validation process with the trusted agent to help identify what findings may be false positives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Reasons for Communication: what Criminal activity and Goal reprioritization?

A

o Criminal activity: In case of criminal activity, consult with your lawyer or legal counsel to determine the appropriate next steps
o Goal reprioritization: Realize that penetration tests are a fluid thing and priorities do change during the engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Presentation of Findings: define C Suite and how to present your findings to them?

A

▪ Refers to the top-level management inside of an organization:
● How vulnerable is their organization?
● What can they do to stop those vulnerabilities?
● How much money is it going to take?
● How many people is it going to take?
● How much time is it going to take?
▪ You need to put the cost associated with your findings
▪ You need to present them with the benefits
▪ Keep things at a broad, high level that is focused on the business and the cost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Presentation of Findings: what are the Third Party Stakeholders in the reporting phase?

A

People that are not directly involved with the organization or client, but still involved in the process related to the different penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Presentation of Findings: what are the Technical Staff in the reporting phase?

A

They’re going to be looking for details and ways that they can change things using different operations software or security patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Presentation of Findings: what are the Developers in the reporting phase?

A

They’re looking for deeply technical information so they can change the code that’s runs those applications and prevent vulnerabilities from happening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Report Data Gathering: what should be the source of the data you gather during your pentest?

A

▪ Open-source intelligence
▪ Reconnaissance
▪ Enumeration
▪ Vulnerability scanners
▪ Attack and exploit tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Report Data Gathering: what Normalization means?

A

The process of combining data from various sources into a common format and repository

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Report Data Gathering: what Dradis?

A

A framework used to gather and share data and findings amongst the penetration testing team

17
Q

Written Reports: what is the Executive Summary in a report?

A

▪ A high-level overview written for the management and executives
▪ The executive summary must have a conclusion statement

18
Q

Written Reports: what is the Scope Details in a report?

A

Reiterates the agreed-upon scope during the engagement

19
Q

Written Reports: what is the Methodology in a report?

A

▪ A high-level description of the standards or frameworks followed during the penetration test
▪ The methodology section also includes a brief attack narrative:
1. Reconnaissance
2. Footprinting
3. Enumeration
4. Vulnerability scanning
5. Initial attack
6. Lateral movement and Pivoting
7. Persistence

20
Q

Written Reports: what is Findings in a report?

A

▪ A full or summarized list of issues found during an engagement
▪ The findings section will most likely cover the bulk of the report
● Findings
● Recommendation
● Threat level
● Risk rating
● Exploitation

21
Q

Written Reports: define Metrics and Measures

A

▪ Metric: A quantifiable measurement that helps to illustrate the status or results of a process. What’s the amount
▪ Measure: A specific data point that contributes to a given metric. What to measure

22
Q

Written Reports: define Remediation

A

▪ Summarizes the biggest priorities the organization should focus on to remediate vulnerabilities
▪ This allows the organization to make educated decisions based on your recommendations

23
Q

Securing and Storing Reports: how to secure and store reports? How long a report should be stored?

A

o Store reports in an offline server or in an encrypted format
o Ensure the reports are only to be seen by those with a “need to know”: Proper access control, Secure encryption
o Maintain an audit trail to track the copies made of the report
o Make sure to know the lifecycle of all documents and evidence: A period of 12 to 24 months should be enough, in most cases