The challenge
The lab has been set up, connections verified; it is time to put the information gained throughout the book to work. Challenge yourself to perform a full penetration test from start to finish on this environment. That includes the following items:
Determine the scope (the administrator only allows you to have two hours on his VPN).
Understand the reason why the client wants a penetration test. This is critical to being able to truly meet the user's needs. For some professions this is easy, but for penetration testers this is not always the case. Determine if your customer wants a penetration test or something more closely aligned with a general vulnerability analysis.
Rules of engagement documentation:
Use the provided information to create a practical rules of engagement document.
Determine and document the scope within the ROE.
Solidify any assumptions about the test within the ROE.
A clearly defined goal. What do you need to do to prove success? The days of simply showing a screenshot...
