CompTIA Pentest+
Domain 1.0
Planning and Scoping; "A Viking Approach"
One of the best ways to learn study material is to either teach about it or write about it. Others may feel differently about their own study habits. There are after all many other ways to become more confident in the material that is required for your study. In either event it forces you to prepare your own material when the time comes to share it with others. There is a time recorded in history of a group of Vikings that moved their smaller Longships across massive bits of land to the Dnepr River. That was a decision molded through confidence, experience and complete determination. Those same Vikings wanted to sail straight over to the Black Sea in order to obtain what they wanted, even if it meant clearing a mile of trees to roll their ships across it. If you truly want something in life you'll discover ways around you that work best in your favor in order to obtain it. We all realize that there are certain standards required across many institutions that teachers have to adopt in order to deliver in an effective manner to their students. The method of that delivery is up to the teachers, well in most cases. There are boot camps out there created to deliver material from what most students refer to as "drinking from a fire hose". A small school situated within the city of Coeur d'Alene Idaho possesses one of the best teachers known around the CISCO community. His method of teaching is all about repetition. He will spend all day going over the same networking problems and the next morning he would review what was discussed the previous day. If you didn't grasp the material then he would host an evening study group. Thinking back on that school completely supports the InfoSec Vine methodology. Repetition of course material, cultivating and offering support for those wishing to take root within their career.
It was only two days since you've made that long grueling trek across the land with your longship, then finally up the Dnepr River. You are now crouched low with many others on the field of battle holding a shield wall. By now your chieftan has already sent the clan's trance infused berserkers. Just ranks behind your shield wall equally and bravely stands the clans best archers equipped with their specialized longbows...
CompTIA's PenTest+ certification exam objectives (PT0-002) encompasses five domains. The first one; Domain 1.0 Planning and Scoping will be discussed for this post. Usually when it comes to exam objectives most individuals will skim through them and jump right into the course material. No harm no foul in executing that habit, that's a typical course of action for someone that wants to jump right into it. Later down the road within the course work you can always re-visit the exam objectives. You can relate these exam objectives to a college syllabus in a way. The syllabus is great to read ahead of time to give you an idea of what's to come throughout the entire semester. Most students will look through it well enough in advance to see if they even want to take the class. Taking an initial glance through Domain 1.0 Planning and Scoping you can clearly see that it makes up a stealthy total of 14%. This domain has the least percentage total as the rest of the domains. Don't be mislead by this, it's an extremely important component of CompTIA's PenTest+ certification exam objectives (PT0-002). When you get down to studying Domain 3.0 Attacks and Exploits you will indeed find out why the first domain is very important.
1.1 Compare and contrast governance, risk, and compliance concepts.
Just a few pages lurking within Domain 1.0 Planning and Scoping lies 1.1 "Compare and contrast governance, risk, and compliance concepts." This section falls in like a cascade of Viking arrows released by the archer's longbows directly behind you. Each one striking down on the persistent threat as they approach your shield wall. A complete horde of regulatory compliance's and restrictions that you wouldn't think of when it comes to hacking and cracking your way into company secrets. Many folks are lead to believe that when it comes to hacking into someone's system that it's just as simple as using a tool downloaded from the internet and running with it. Sure, if you're a script kiddie. Even if you're one of the best white hat hackers in the world there are "legal concepts" looming over each action (if you're a black hat hacker, you just don't care). Within these legal concepts there is a service-level agreement (SLA), statement of work (SOW), non-disclosure agreement (NDA), master service agreement (MSA) and "permission to attack". Do you feel like berserking your way through an unsuspecting company network now? Whatever you do, don't break from the shield wall yet because the next section 1.2 explains the importance of scoping customer requirements first.
1.2 Explain the importance of scoping and organizational/customer requirements.
Feeling the adrenaline and thinking of your next move from beyond the shield wall you steady your shield and spear as the enemy ranks approach. Between the long bows and the berserkers many of enemy ranks have been depleted already. Sharing the formidable shield wall with you are shield maidens and children just at the age of fourteen, all driven by the common goal in obtaining new land and the spoils it offered...
Breaking the shield wall without the command from your chieftan only brought punishment later, if you survived the battle. Which is why there are certain rules of engagement when it comes to white hat hacking or ethical hacking as some people like to use. Believe it or not but there are certain times of day and types of hacking methods that are only permitted depending on which company you're hired to conduct the penetration test with. Validating the scope of the engagement is another important requirement to consider once you are hired to conduct a penetration test. There are contracts to review, time management and not to mention strategy. A penetration tester might be asked to conduct a black box assessment where you have absolutely no knowledge of the company's network baseline. Compared to a gray box or white box assessment the black box test is more time consuming and more expensive. These are just some examples of the scope of engagement that you as a pentester would be involved with.
1.3 Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity.
At last the next enemy rank finally met your unbreakable shield wall. With one adrenaline charged thrust from your battle proven spear you and many others in repetition began to send the next enemy ranks straight to Valhalla.
Limiting the use of tools to a certain engagement is part of the hackers mindset. Knowing which tools to use based off the corporation's weakness gives you the ultimate edge in a thorough penetration assessment. As discussed earlier certain tools might not be permitted to be utilized during the assessment. All those details would be discussed in what's called the Statement of Work and also within the Master Service Agreement. There are risks with everything you do as a penetration tester. There have been stories circulating around the penetration testing community that involve destroying company servers while using certain tools. As long as the right paperwork has been introduced at the beginning of the assessment there shouldn't be anything to be concerned about on your end. Furthermore, most companies perform backups for everything well in advance. Keeping all the rules in mind that come with an authorized penetration assessment you can still portray a hackers mindset.
Take this scenario for example;
You've been requested to perform a black box assessment on a well known finance firm. Realizing that a black box assessment means no knowledge of any internal network infrastructure. Putting on that hacker mindset means that you need to do a little information gathering first. You apply for a job at a local vending machine servicing company that the finance firm utilizes often. On the next replenishing job at the firm you gain positive intelligence and have even effortlessly obtained a badge from an employee. On the next vending run you were able to learn based off of hallway conversation which employee was on vacation for the next two weeks. You locate that vacationing employee's workstation and insert a LAN Turtle behind the workstation. This allows you to harvest the information you need from the network and will even give you the ability to execute man-in-the-middle attacks. This particular plan eliminates the need to take painstaking time to scan the network with additional tools. At this point you've already jumped to the step where you gain access. This stage in the process you need to maintain access and not get caught. This is also known as moving laterally within the company network. Fortunately for you the finance firm subcontracts their IT support services from another company. They're not due back into the firm until the following month for the typical patches and anti virus updates. By then you will have all that you need in order to move forward in obtaining your end goal. This given scenario may or may not work within certain corporate settings. However it's just an example of obtaining a "Hackers mindset" in what could happen and the extent of the motivation behind such action. In conclusion, there can be quite a bit of time involved when it comes to planning and scoping an attack. Once your assessment is complete you are then required to brief the company of your findings. This includes recommendations on how to improve not just their network defenses but also their physical security and employee awareness program.
References:
http://www.vikingorm.nl/en_page_vikingfeiten_vervoer.htm
https://www.ign.com/articles/2016/04/08/how-vikings-pulled-off-that-impressive-boat-moving-sequence
Comments