| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
The process of collecting evidence during a penetration test is rife with pitfalls, but when done effectively greatly increases the effectiveness of the testing itself and communication of the results to the customer. In fact, careful notation can sometimes illuminate the foothold needed to compromise a network that would otherwise have gone unnoticed.
While many tools exist to assist with the collection of data they do not inherently engender a methodology leaving the assessor to work out their own process. We will review some effective documentation strategies as applied to real world penetration tests and how they have helped with the success of the engagement itself as well as greatly improving all follow on communications with the customer. We will use a set of scripts (presented with the talk) and the DOT language as a simple and extensible way to assist in this goal.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast