- Ensure Rules of Engagement (ROE) is signed by client
- Add IPs in scope to Scope tab
- Verify customer scope
- Send kickoff email
- Conduct vulnerability scanning with Nessus
- Identify emails/users/pass in breach databases (DeHashed, Leakpeek)
- Identify employees & email address format (hunter.io, clearbit)
- Identify client’s website(s) and search for any data useful to help attack
- job posting, system information, password policy
- Attempt to enumerate any accounts on portals, password reset functions, etc
- Outlook, Office 365, SharePoint
- VPN, login on a website
- Run web app scans, if necessary
- Conduct manual testing and exploitation on targets
- Validate scanning tool vulnerabilities
- Conduct password spraying guessing and brute force on login portals
- Escalate access from external to internal
- Validate previous year findings have been resolved
- Cleanup
Search