Acquire Target

Pre Contract

'My Fence Is Broken'

When Hacker's own machine or software needs to be secured, obviously he/she wouldn't require to patch it up.

Unless it's a technology component not owned by you but given to you by a friend, client or organization.

In those scenarios you need to analyze if any contract was involved in granting that peice of technology to you.

'Got Hit, Tracing Back'

If your machine, account or any property senses any kind of digital attack... then I don't care what the law says and trace back the idiot for lame attempt which got noticed.

I believe this should be even a legal justification for it as a counter-attack to save one's own assets. For eg. I track back spams & phishing mails sent to me.

"As in killing the killer to save an Innocent life."

'I Came, I Saw, I Conquered'

Several (possible) flaws become evident while using different web/desktop applications

After confirming the exploit report it to respective authority privately and even if you go public with the news of flaw, don't publicize the bug or PoC until it's fixed.

Remember it should all be without any loss of time, money, or data of anyone other than you or one authorizing you.

'You Aint Got No Client'

You don't have any client and don't wanna wait for one.

Pick the technology you have most command on, and try seeing it's industrial implementation and possible flaws in it.

Or be real safe... pick the protocols involved in your field of work and try ripping them apart and picking spots to create anomaly.


Post Contract

Persistent Policy

Get a fixed policy in place for what all you are allowed to access & what all they require you to target while penetration test is being executed.

Remember that accessible resources & target are not same, several resources may be given to you for better understanding of the scenario but some may be critical enough to be saved from disruption caused even during mock attacks... make this clear to client as well before policy formation.

Make sure whom to contact for any access clearance, if required in course of your vulnerability assessment.

And a trustworthy 'handler' of client, who can be reported about any high-alert vulnerability even before presenting the entire analysis report at end.

PenTest Perimeter

For pentest boundaries "all" or "everything" shall not be accepted. As client might not even think of a particular seemingly unrelated resource as being part of attack & feel violated later.

Clarify the type of penetration tests desired by client... like just a basic analysis of provided target, detailed testing over every possible vulnerability, vulnerability report with all possible counter measures, mention of possible flaws on possible changes made, yada yada yada...

Payment Profile {if it's PAID!}

Be ready with modular price plans based on target type.

Have few ready service packages with price based on level of analysis done for different attack zones like Internal Network, Web Services, Data Security, etc.

Be ready with a very basic Quick Vulnerability Assessment plan for clients for their ease to decide if they require any intense penetration testing plan from you... if you do the job good, they surely will :)


results matching ""

    No results matching ""