Ethical Hacking and Penetration Testing

Questions and Answers

As an ethical hacker, what is your primary responsibility when you discover vulnerabilities in a client's network?

• Report the findings to the vendor or customer to help them secure the network. (correct)
• Publicly disclose the vulnerabilities to raise awareness.
• Sell the vulnerability information on the dark web for financial gain.
• Exploit the vulnerabilities to demonstrate the extent of the potential damage.

Why is penetration testing considered essential for organizations despite having multiple layers of security defenses?

• To replace the need for firewalls and intrusion prevention systems.
• To ensure the validity of the implemented security defenses and identify potential compromise paths. (correct)
• To avoid vendor lock-in to security solutions.
• To find ways to get around patching systems.

Which activity is a key objective when researching penetration testing careers, as mentioned in the module?

• Conducting social engineering attacks
• Developing new hacking tools.
• Bypassing security firewalls
• Analyzing penetration tester job requirements (correct)

An attacker that is looking to make a point or to further their beliefs, using cybercrime as their method of attack, can be described as what?

Hacktivists (C)

An ethical hacker discovers a vulnerability in a web application and discloses it publicly before informing the vendor. What is the primary ethical concern with this action?

It could lead to the compromise of networks/systems by malicious actors. (D)

An organization wants to assess the security posture of its network infrastructure, including firewalls and intrusion detection systems. What type environment is most appropriate?

Network Infrastructure Test (C)

What security concern is most directly addressed by the Shared Responsibility Model in cloud computing?

Defining the security responsibilities between the cloud provider and the customer. (A)

What step is essential to perform before unleashing tools on a customer network?

Testing the tools and techniques in a lab environment. (A)

A penetration tester is hired to simulate an external attacker with no prior knowledge of the target organization. Which type of approach is this?

Unknown-environment testing (D)

Which of the following resources provides a collection of different matrices of tactics, techniques, and sub-techniques used by adversaries?

MITRE ATT&CK (C)

What is meant by ethical hacking?

Using the same tools as nonethical hackers to find vulnerabilities in a system, reporting the findings to the vendor or customer to help make the system more secure. (A)

What should a security professional have a general reference of to explore descriptions of different job roles?

The National Initiative for Cybersecurity Careers and Studies (NICCS) Cyber Career Pathways Tool (D)

Which goal aligns with an ethical hacker's objective?

To analyze the security posture of a network in an effort to identify weaknesses. (B)

How do we know if those defenses really work and whether they are enough to keep out the bad guys? How valuable is the data that we are protecting, and are we protecting the right things?

Perform a penetration test (D)

What could happen is a tester performs work outside of the project scope?

All of the above (D)

Which of these is a function of ethical hacking or penetration testing?

Finding security vulnerabilities in systems and networks. (B)

What is a general description of a state-sponsored attacker?

They are governments around the world using cyber attacks to steal information. (D)

What does a penetration tester need to show when performing a penetration test for a customer?

That methods planned for testing are tried and true. (A)

Why would time and money be a factor in deciding what type of penetration test to complete?

To determine the scope of machines and networks to assess. (A)

Which of these tools might an ethical hacker use as part of a network infrastructure penetration test?

Tools bypassing firewalls and IPSs. (B)

When setting up a lab, what are you looking for with health monitoring?

Determine why something crashed. (D)

What does the acronym WSTG stand for?

Web Security Testing Guide. (C)

What is the primary goal of an ethical hacker regarding vulnerabilities?

Identifying and reporting vulnerabilities to improve security. (D)

A penetration tester is evaluating a company's cloud infrastructure. What considerations should be addressed?

Service level agreements, data integrity, and encryption. (B)

A penetration tester is preparing to assess a web application. What resource can assist with web application security testing?

The OWASP WSTG. (A)

A security team wants to simulate real-world attacks, including gathering open-source intelligence and exploiting weaknesses. Which framework is useful?

MITRE ATT&CK. (B)

What factor is the MOST important consideration in deciding whether to do unknown-environment, partially known environment, or known-environment testing?

A client's budget and timescale. (B)

A company wants to get recognition for helping improve the security of systems. Which program enables security researchers and penetration testers to get recognition (and often monetary compensation)?

Bug Bounty Programs. (B)

What element should be included in a solid password management strategy?

Password length and complexity requirements. (A)

The primary objective of which regulation is giving citizens control of their personal data?

GDPR (C)

What aspect related to penetration testing should you be aware of when hired in a different country?

Penetration testing laws vary from country to country. (D)

During a penetration test, what should the agreement contain in the event you are able to find passwords or details?

You must communicate and handle such data. (D)

What's an allow list?

A list of applications, systems, or networks that are in scope and should be tested. (B)

Your client says to you: Why do we need penetration testing if we have all these security technical and nontechnical controls in place? What concept should you explain to them?

That they need to know these controls are actually working as intended. (B)

You are asked to provide what level of compensation would be proper for the effort they are performing. What are you doing?

Building a proposal. (C)

Which term should be used to explain the uncontrolled growth of a project's scope?

All of the above (D)

What is the MOST critical factor differentiating ethical hacking from nonethical hacking?

The presence of malicious intent. (A)

Why is it important for ethical hackers to follow well-known standards?

To ensure a systematic and organized approach which brings credibility to their findings. (C)

Which of these different types of penetration tests focuses on weaknesses in enterprise grade applications?

Application-based tests (A)

What should you ensure when penetration testing in a cloud environment?

That the CSP's layers of security are the same as if you controlled the services. (A)

What is an important initial step in a penetration testing engagement?

Documenting the systems and networks that will be tested within the scope of testing. (C)

Which tool is MOST suited for performing social engineering testing campaigns?

Social-Engineer Toolkit (SET) (C)

In penetration testing, what does 'black box' testing primarily indicate?

The testers have limited info about the network. (B)

What is the definition of scope creep?

When a project's requirements grow beyond what was initially agreed upon. (C)

When should penetration testers test their tools and techniques within a lab environment?

Before running against a customer network, to understand the tool well, and its consequences. (C)

Why is it important to have a recovery method in your lab environment?

To quickly revert systems to their previous state after testing. (C)

What should you do with the findings discovered during a penetration test?

Report them to the vendor. (C)

What is the purpose of completing penetration testing for a company?

To validate whether implemented defensives work. (C)

What is a key difference between organized crime and hacktivists?

Organized crime is motivated by financial profit while hacktivists aim to further their beliefs. (B)

What security measure should be prioritized for a bare metal system?

Health monitoring. (D)

What is a key consideration when networks and systems are constantly changing?

Reevaluating the security posture often. (D)

What is the typical first step in a penetration testing to identify how an external attacker might gather information, and begin their attacks?

To find a target. (A)

Which document provides specifics regarding the activities to be performed during a penetration testing engagement?

Statement of Work (SOW). (D)

Which of the following describes the key objective of the General Data Protection Regulation (GDPR)?

To giving citizens control of their personal data. (A)

Why is a red team beneficial for penetration testing?

The red team exposes vulnerabilities and risks. (A)

If a company hires other companies to handle the storage of personal data, what are the hired companies expected to do?

The hired companies have the full responsibility of protecting personal data. (A)

According to organizations, what is the goal of a penetration test?

To comply with security standards. (A)

When there is data that must be kept confidential, what must you discuss?

Handling of confidential data. (B)

Why do companies conduct penetration tests on companies that are being acquired?

As part of the pre-merger process. (D)

What is key management?

Protecting keys from being accessed. (C)

What is the name of the document where the rules of engagement are located?

Rules of engagement document. (B)

How are GANTT charts used in penetration testing?

To demonstrate the timeline. (D)

As a penetration tester, how is an allow list utilized?

You must test all systems in the allow list. (B)

Which tool is a great resource for a penetration tester?

h4cker github. (B)

What should be part of a secure transfer?

Both A and B (C)

Other than the client, which stakeholders would provide answers to questions?

The stakeholders can also share with you the answers. (A)

Why should you limit the verbosity and invasiveness of your tests and tools?

For the client's systems and mission. (D)

Which type of activity would be considered unethical?

Exploiting systems outside of the project scope. (A)

Which type of tool might an ethical hacker use to test a companies network?

All of the above. (D)

What document should be included when performing penetration testing for a customer?

Penetration testing agreement. (D)

Which option should you use to explain the uncontrolled growth of a project's scope?

Scope creep. (B)

What is a state-sponsored attack?

An attack perpetrated by governments worldwide to disrupt or steal information from other nations. (D)

What kind of security weakness is evaluated by application-based penetration tests?

Logic Flaws. (B)

What characterizes a partially known environment penetration test?

The test is a hybrid approach between unknown and known environment tests. (B)

Which tool would be useful when performing network infrastructure penetration test?

bypassing firewalls and IPSs tool. (C)

What are two examples of sensitive authentification data associated with a payment card that requires compliance with the Payment Card Industry Data Security Standard (PCI DSS)?

CAV2/CVC2/CVV2/CID. (C), full magnetic strip data or equivalent data on a chip. (E)

Match the parts of Recommendation for Key Management in the NIST SP 800-57 to the description.

• A: Part 3: Application Specific Key Management Guidance

• B: Part 2: Best Practices for Key Management Organization

• C: Part 1: General

• Options:

• provides guidance on policy and security planning requirements for U.S. government agencies

• provides general guidance and best practices for the management of cryptographic keying material

• provides guidance when using the cryptographic features of current systems

Option 2 (A), Option 3 (B), Option 1 (C)

A company hires a cybersecurity professional to perform penetration tests to assess government regulation compliance. Which legal document should be provided to the cybersecurity professional that specifies the expectations and constraints, including quality of work, timelines, and cost?

statement of work (SOW). (D)

Other than the client, who would you document the answers to all the relevant stakeholders?

In your cybersecurity governance. (A)

When a tester is in need to account for all the items, to avoid going over what item in the penetration testing?

The budget. (D)

When determining the scope of a penetration test, what are the potential consequences of failing to consider local laws?

It could result in the penetration tester being accused of violating laws. (A)

A company that is undergoing a penetration test handles credit card transactions. Which of the following standards should the penetration tester be aware of during the engagement?

PCI DSS (Payment Card Industry Data Security Standard) (A)

An organization is hiring a penetration tester and wants to ensure the tester does not disclose sensitive findings with other entities. Which legal instrument should be used?

Non-Disclosure Agreement (NDA) (C)

Why is it important for a penetration testing company to perform background checks on its employees?

To ensure client data and systems are protected from malicious insiders. (A)

During a penetration test, you discover a system that has already been compromised by an attacker. What is your MOST important next step?

Report the criminal activity immediately according to agreed upon protocols. (C)

Flashcards

Ethical Hacker

A person who acts as an attacker to evaluate security posture.

Penetration testing

Finding weaknesses to determine if compromise is possible.

Hacking is NOT a Crime

A nonprofit organization that attempts to raise awareness about the pejorative use of the term hacker.

Organized Crime

Well-funded, motivated attacker groups focused on financial gain; they use the latest techniques.

Hacktivists

Attackers motivated by beliefs, using cybercrime to make a point and stealing/revealing data.

State-Sponsored Attackers

Cyber war and espionage using cyber attacks to steal information and cause disruption.

Insider Threats

A threat coming from inside an organization, with motivations like revenge or money.

Penetration Testing Methodology

Following well-known methods and standards to approach pentesting engagements in an organized, systematic way.

Why Follow Penetration Testing Methodology?

Scope creep is one potential pitfall, utilizing a specific methodology helps avoid.

Network Infrastructure Tests

Evaluating the network's security posture and its ability to defend against attacks.

Application-Based Tests

Testing for security weaknesses in enterprise applications, such as misconfigurations and injection issues.

Penetration Testing in the Cloud

Testing security and compliance responsibilities in cloud services considering different cloud models..

Physical Security Test

A test that helps expose weaknesses in physical security beyond cyber security measures.

Unknown-Environment Test

A penetration test method where the tester has limited information.

Known-Environment Test

A penetration test method where testers have diagrams, credentials, etc.

Partially Known Environment Test

A penetration test utilizing some credentials but lacking full documentation.

MITRE ATT&CK

A framework useful for learning an adversary's tactics, techniques, and procedures (TTPs).

OWASP WSTG

A comprehensive guide focused on web application testing, covering phases and attack vectors.

NIST SP 800-115

NIST document providing organizations guidelines on planning/conducting info security testing.

OSSTMM

Document that lays out repeatable and consistent security testing.

PTES

Provides info on the types of attacks/methods and the latest tools available.

ISSAF

A penetration testing methodology similar to the others with some additional phases.

Kali Linux

A Linux distribution that includes penetration testing tools and resources for security tasks.

Closed Network

Ensuring access is controlled to the lab and restricted from the internet.

Virtualized Computing Environment

Allows for easy deployment and recovery of devices being tested in the environment.

Realistic Environment

The staging of an environment that is close to the real environment as possible.

Health Monitoring

Determining why something happened by being able to determine why it happened.

Sufficient Hardware Resources

Make sure that a lack of resources is not the cause of false results.

What to consider about a lab environment

Penetration testing is not suitable without the testing environment.

PCI DSS

The processing of credit card payments and other types of digital payments is maintained.

HIPAA regulations

Electronic health information in such a way that regulations are upheld.

FeDRamp

Compliance with the federal governments standards.

Rules of engagement

The rules of engagement document specifies the conditions under which the security penetration testing engagement will be conducted

limiting invasiveness

The ability of the company to keep the penetration tester to there given scope.

Confidentiality of data

The report after penetration is completed and the data is gathered

Study Notes

• Protego Security Solutions welcomes new employees and aims to enhance their cybersecurity skills.
• The course covers penetration testing and building a practice lab environment.
• Understanding core concepts of hacking, the difference between ethical and unethical hacking, current threats, and attacker motivations is crucial before performing penetration testing.
• Effectiveness in penetration testing requires methodological approach and understanding of different testing types and industry methods.
• Hands-on experience is gained by building a lab environment for testing.

Key Module Components

• Introduction to Ethical Hacking and Penetration Testing is the module's title.
• The module aims to explain the significance of ethical hacking and penetration testing using methodologies.
• The topics cover understanding ethical hacking, exploring penetration testing methodologies, and building a personal lab.
• The learning objective is to understand ethical hacking and penetration testing importance.
• Exploring penetration testing methodologies aims to explain types of penetration testing methodologies and frameworks.
• Building your own lab focuses on configuring a virtual machine for penetration testing learning.

Protego's Approach to Penetration Testing

• Alex from Protego will mentor employees to prepare them for customer engagements, enhancing their skills.
• A strong understanding of the company's purpose is required to understand objectives.
• An ethical hacker acts as an attacker to minimize computer network risks.
• The NIST Computer Security Resource Center (CSRC) defines a hacker as someone with unauthorized access to an information system.
• Ethical vs nonethical hacking depends on the intent.
• Permission to attack, known as "the scope," avoids legal issues.
• Security researchers disclosing vulnerabilities to vendors are ethical hackers.
• Exploiting vulnerabilities for unauthorized access would be considered nonethical hacking
• Publicly disclosing vulnerabilities without vendor coordination is also nonethical.
• Ethical hackers use the same tools as nonethical hackers but report findings and avoid destructive tests.
• The goal of ethical hacking is to analyze network security and identify weaknesses.
• Penetration testing assesses security posture to determine potential compromises.
• Hacking is NOT a Crime is a nonprofit that aims to combat the negative perception of hackers, portraying them as curious individuals who want to secure systems.
• Defensive techniques such as antivirus software, firewalls, and IPS are implemented for network security.
• Penetration testing validates the effectiveness of security defenses.
• Penetration testing helps answer if defenses work, data is protected adequately and the proper assets are secured.
• Penetration tests determine what needs protecting and defense effectiveness against threats.
• Networks and systems change, which requires reevaluating security.
• The NICCS Cyber Career Pathways Tool provides descriptions of different cybersecurity job roles.
• Ethical hacking jobs are compared to understand their role in the profession.

Network Infrastructure Tests

• Assessing the actual network infrastructure is the focus of network infrastructure tests, which includes switches, routers, firewalls, AAA servers, and IPSs.
• Wireless infrastructure testing may be part of a network infrastructure test or a separate assessment.
• Wireless security testers attempt to breach networks via wireless.
• Testing wireless infrastructure finds network weaknesses including exposure and signal strength.

Application Based Tests

• Application security flaws, including flaws including miseconfigurations, input validation errors, injection issues, and logic flaws are the focus of pen testing for enterprise apps.
• Web application testing sometimes includes back-end databases to focus on access via web app compromises
• The Open Web Application Security Project (OWASP) is a great resource for secure coding.

Penetration Testing in the Cloud

• Cloud service providers (CSPs) ensure security and compliance.
• Amazon's Shared Responsibility Model outlines customer and Amazon responsibilities.
• Cloud security responsibilities rely on which cloud model is used: SaaS, PaaS, or laaS.
• In laaS, the cloud consumer manages data, apps, VMs, and operating systems.
• Both clients and providers must ensure security, prior to signing contracts.
• Agreements should address disaster recovery, SLAs, data integrity, and encryption
• Encryption end-to-end or just at the cloud is an important consideration.
• It is important to establish who manages encryption keys which will either be the CSP or the client.

Environmental Considerations

• Pen tests can be combined or done as individual assessments.
• It is important to ensure CSPs offer similar security you would have under local control.
• Understand what is permissible when penetration testing in the cloud.
• CSPs offer security assessments and penetration testing guidelines. Potential threats remain when moving to the cloud: data is still in a physical place
• Cloud providers provide agreed security in writing to customers.
• Amazon's policy for penetration testing is available online.

Penetration Testing Types

• Physical security testing, often enjoyed by testers, assesses facility security.
• These tests expose weaknesses and security through assessment of external physical security controls.
• Social engineering is used in the majority of compromises.
• Testing employee responses to social engineering is important.
• It is important to assess security awareness program and avoid singling out those who fail. Dave Kennedy's Social-Engineer Toolkit (SET) is useful for social engineering testing.
• Bug bounty programs offer recognition and compensation for vulnerability discoveries.
• Microsoft, Apple, Cisco, and the DoD use bug bounty programs.
• Third-party platforms like HackerOne, Bugcrowd, Intigriti, and SynAck connect businesses with security professionals.
• A GitHub repository provides bug bounty tips: https://github.com/The-Art-of-Hacking/h4cker/tree/master/bug-bounties
• Pen testing is categorized by perspective: unknown, known, or partially known environments.
• Testers with only domain names and IP addresses conduct unknow-environment tests.
• The external attacker perspective involves gathering information without target knowledge.
• The target's network personnel might not be informed of the test, creating a defense exercise
• Testers with significant information, like network diagrams and credentials use the known-environment.
• Testing finds as many security holes, while unknown-environment tests identify a route into the company.
• Internal configuration audits and desktop scanning is more common in " known-environment"
• Budget, timelines, and company concerns factor in deciding which test to conduct.
• Companies with specific server or application concerns can offer data to narrow the test scope.
• Networks will become comprised, therefore a white-box approach is recommended. Partially known environments blend unknown and known tests. Testers access client machines to pivot through the network. Compromises often begin at the client, and affect the rest of the network A good plan would be for testers to start inside the network and evaluate impact of a breach

Security Standards and Methodologies

• Penetration testing methods are continually updated to address new threats.
• Offensive security teams use the MITRE ATT&CK framework.
• It is used by both penetration testers and incident responders/threat hunters.
• The MITRE ATT&CK framework organizes adversary tactics, techniques, and procedures (TTPs).
• Enterprise ATT&CK Matrix, Network, Cloud, ICS, and Mobile list adversary tactics.
• Preparation for attacks involves gathering information (OSINT) and people weakness exploitation.
• The OWASP Web Security Testing Guide (WSTG) focuses on web application testing.
• The OWASP WSTG is a comprehensive manual with different phases of web application security testing.
• The WSTG details attack vectors for cross-site scripting (XSS), XML external entity (XXE) attacks, cross-site request forgery (CSRF), SQL injection attacks, and how to prevent them.
• NIST SP 800-115 gives guidelines for information security testing. It is an industry benchmark for penetration testing guidelines.
• The Open Source Security Testing Methodology Manual (OSSTMM) is a guide for repeatable and consistent security.

OSSTMM Key Sections

• Operational Security Metrics
• Trust Analysis
• Work Flow
• Human Security Testing
• Physical Security Testing
• Wireless Security Testing
• Telecommunications Security Testing
• Data Networks Security Testing
• Compliance Regulations
• Reporting with the Security Test Audit Report (STAR)
• The PTES gives info on attack types, methods, and the latest tools.
• Pre-engagement interactions are a component.
• Intelligence gathering is an importnant consideration in evaluating threat actors.
• Threat modeling, where testers mimic malicious actors, uncovers types of threat they would pose.
• Vulnerability analysis is a large consideration when testing cyber infrastructure.
• Exploitation and Post-exploitation
• Information gathering and Network mapping
• Vulnerability identification and Gaining access and privilege escalation
• Enumerating further and Compromising remote users/sites
• Maintaining access and Covering the tracks are key phases of exploitation.

Building a Lab

• Practice is essential for skills development, maximizing contributions to Protego teams.
• Certain sites on the open internet can be practiced on, and simulated target networks with granted access,
• Some ethical hacking tools can be seen as illegal if not given access. The definition of what is legal or illegal varies by location.
• Assess the legality of planned activities prior to ethical hacking.
• A virtual machine (VM) with Kali Linux and ethical hacking tools can be explored.
• A proper lab environment is important to develop skills
• Types of tools vary based on the testing you are doing.
• A lab environment is needed for testing on a customer network if penetration testing on a customer network, your own network or a device is occurring.
• Customer-staging environments are targeted as those are the environments that are of concern
• Your tools must be tried and true because it is a critical environment,
• Always test the lab tools and techniques before running them against a customer network as tools can break applications
• Determine what to expect before unleashing tools on a customer network.
• A closed network for testing is needed if testing a specific device/solution.

Linux Distributions

• Kali Linux, Parrot OS, and BlackArch include tools and resources for pen testing
• Deploy a testing lab by using couples of VM
• Parrot security requires: Host-only network and Virtual Switch
• Vulnerable Windows System requires: Hypervisor (Virtual Box) and bare metal

WebSploit Labs

• WebSploit labs provide 450 exercises.
• There is guidance for building penetration testing labs to practice skills.
• A customized version of Omar Santos' lab environmennt is available.

Requirements and Guidelines for Labs

• Closed network: Controlled access helps to restrict access from the Internet.
• Virtualized: Easy deployment and recovery
• Realistic: Matching of the environment helps when testing
• Health: Helps to indicate if an error have happened
• Sufficient hardware: Ensures lack of resources does not exist
• Multiple operating: Testing or validating from one system or another with different parameters
• Duplicate: Testing or validating to see an error

Penetration Testing Tools

• It's not possible to utilize one section. The tools depend on the type of testing you are doing.
• Evaluating various attack surfaces is part of a customer environment for testing. Surfaces include: network infrastructure, wireless infrastructure, web servers, database servers, Windows systems, or Linux systems.
• Network: Sniffing, traffic manipulation, or devices flooding
• Wireless testing: WPA/WAP cracking, deauthorizing network devices
• Automated tools can locate vulnerabilities to access SQL injections. Fuzzing tools test the robustness of protocols.
• A GitHub repository by Omar Santos includes numerous cybersecurity resources
• Building Your Own Cybersecurity Lab and Cyber Range for guidance is provided.

Lab Best Practicies

• Ensure closed access to the network and internet.
• Create a virtualized computing environment.
• Provide sufficient hardware resources to ensure valid results.
• Being able to recover your lab environment is important because you will break things.
• Use virtual machines.
• Full back up.
• Kali Linux tools and practice is used for pen testing techniques. It contains all the Kali tools plus targets
• You can use the simulated targets and other networks such as you home network.

Planning and Scoping

• Planning and scoping is required so that they are aware of the legal compliance documents.
• Planning and scoping requires: Local Law and legal concepts.

Compliance based assessment

• Compliance-based assessment requires: To verify the audit the security, which should be the following : PCI DSS and HIPAA.
• You are hired to conduct such work with the local, service agreement, and service of work.

Regulations In The Financial Sector

• Financial assets or material used for financial transaction must be maintained for those engaging in banking.
• Section 501(b), which contains: Interagency guideline: Fed financial
• The Federal and NY department service is a: FDIC Safeguards Acts, and NY DFS cyber security.

Key Parts Of Title V, Section 501(b)

• Check Cashing, Payday lenders
• Mortgage, and nonbank lenders
• Companies that use info about people to offer loans
• Educational tools that give people money who need it
• People who get money and financial assets such as real estate
• Business such as retailers.
• Enforced by federal trade such as insurance for lenders. FDIC covers this also

Encompassing Data

• Fed Ramp- It requires to make sure they meet the standard compliance.
• The data of privacy is strengthened with GDPR to enhance the exports of personal data outside

Considerations in Penetration Testing

• You might be traveling to another country with different local laws and restrictions.
• Pen testers were accused and even arrested for allegedly the act.
• You need documentation about local, technical constraints and the tech used. Such as GPDR, CCPOA

Service level Agreements

SLA that is documented for the expectations or constrained related to certain timelines and costs

Confidentiality

You must agree on what can't be shared or handled during testing

Statement of Work

Specifies the timeline. It includes all aspects of the work

Master Service Agreement

They are the main contracts with the company

Non-disclosure agreement

It is a illegal binder that has information

Various Background Checks

• Unilateral: Only has information for both parties
• Bilateral: It also has information by either parties
• Multi Land Trail: Has other parties

Rules Of Engagement

• Needs to specify the rules of an engagement with the client
• Needs to be a rules of engagement that is in a document. Gantt charts or something similar
• Must have all the documents.
• Should have many support such as the network documentation and the api documentation.

Scoping

Important to validate with contracts the target audiences. For reporting is a good way

Time management

Need to consider when to communicate

Ethical Code and Mindset

• Hacking is legal and must come with certain ethics
• Important to have an ethical code

Ethical Guidelines

• Background, agreement, and the usage tools all depend on the engagement being done.

Data Protection

• Must be private and protected and kept confidential.

Financial Info

• The client could potentially have financial information with your client. You should ensure that they follow the specific financial laws