Certified Lead Pen Test Professional

Exercises
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Exercise 1: Reasons to undertake penetration testing

Please read the following parts of the case study provided for this course:
• History of the business enterprise
• Main services

Basing yourself on this information, determine and explain the three greatest
advantages for implementing a programme of pro-active penetration testing. Also
please explain how these benefits could be measured.

Advantage 1) .................................................................................................................
.......................................................................................................................................
How can the organization measure this advantage?.....................................................
.......................................................................................................................................
.......................................................................................................................................

Advantage 2)..................................................................................................................
.......................................................................................................................................
How can the organization measure this advantage?.....................................................
.......................................................................................................................................
.......................................................................................................................................

Advantage 3)..................................................................................................................
.......................................................................................................................................
How can the organization measure this advantage?.....................................................
.......................................................................................................................................
.......................................................................................................................................

www.pecb.com
Page 2 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Exercise 2: Penetration Testing and Ethics

Please review the 5 scenarios below and state how you may respond to these
situations as a Lead Penetration Tester. Please justify your answer considering the
Ethical Principles discussed in this section. Prepare to discuss your answers during a
class discussion.

1. During the penetration test the a member of the IT team requests your permission
to use the notes you have collected and raw scan results to conduct a case study
exercise on penetration testing for their university studies. You have been
assured that the information will be sanitized and that no vulnerability details will
be shared externally.

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

2. The client has contracted the penetration testing team to amongst other systems
test a specific wireless network. According to the network design and architecture
documents there is only one wireless network that belongs to the client in the
building. You identify this network but also identify a number of other wireless
networks which have SSIDs very similar to the client’s name. You speak with the
client’s IT Manager and they tell you they know nothing about these other
networks but ask that you test them anyway as they want to know more about
what these networks are and the levels of security they offer.

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

www.pecb.com
Page 3 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

3. You identify during the testing that a number of servers appear to be running
unlicensed software. The IT Manager confirms that this is the case and advises
that the situation is due to budget constraints but that the software will be
correctly licensed as soon as the new annual budget is made available in the next
two months.

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
4. You discover a large quantity of pornographic photos involving children on one of
the organization’s servers.

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

5. An ex-employee of an organization you are about to test contacts you to inform

you that this organization has several security problems that they are trying to
conceal before your penetration test. He states that they need a good clean report
to win a contract hence the motivation to conceal issues. This employee proposes
to send documentation to prove the facts he is putting forward.

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

www.pecb.com
Page 4 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

6. Your client is an outsourcing company. You have been advised by the clients’
Head of IT before the test of a specific system that the testing has been
commissioned upon the demands of their customer. The Head of IT has stated
the number of vulnerabilities in the report and the severity of them will affect
whether their customer allows the new service to go live. She advises that failure
to go live will cost the outsourcing company a significant sum of money.

You conduct the test of the system and find multiple serious vulnerabilities. Upon
reviewing the report the Head of IT states that she is not happy with the number
of “high” findings and that this will have a negative impact when it is shown to
their customer. She asks if you would be willing to create a separate report for
their customer which would not include some of the issues (which she believes
are irrelevant to the customer) and would show some of the issues in a less
serious light.

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

www.pecb.com
Page 5 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Asset1 : Background Checking Service

Risk Impacts
scenarios Threat Vulnerability C I A

#1

#2

Exercise 3

www.pecb.com
Page 6 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Asset 2 : Corporate Network and Servers

Risk Impacts
scenarios Threat Vulnerability C I A

#1

#2

www.pecb.com
Page 7 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Asset 2 : Corporate Network and Servers

Risk Impacts
scenarios Threat Vulnerability C I A
Asset 3 : Recruitment Service
Risk Impacts
scenarios Threat Vulnerability C I A

#1

www.pecb.com
Page 8 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Asset 2 : Corporate Network and Servers

Risk Impacts
scenarios Threat Vulnerability C I A

#2

www.pecb.com
Page 9 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Exercise 4: Test Types

In groups please discuss and identify the advantages and disadvantages

of for each of the test types:
• White Box
• Black Box
• Grey Box
• Internal
• External
• Announced
• Unnanouced

In what circumstances would you recommend these particular test

types?

……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
…………………………………………………………………………………….

www.pecb.com
Page 10 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Exercise 5:

From the information provided in the case study, please provide a

proposed scope for the penetration test including details of the relevant
boundaries. The scope should add value but be limited where possible to
manage the associated costs.

……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
…………………………………………………………………………………….

Exercise 6: Mapping

www.pecb.com
Page 11 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

In groups please map a public application such as www.pecb.org using

all public resources
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………

www.pecb.com
Page 12 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

……………………………………………………………………………………
………………………………………………………………
Exercise 7: Burp Suite
In groups please map the attack surface and entry points of www.pecb.org using
BURP Suite
Discuss Scoping strategy based on your discoveries.
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………..

Exercise 8: Web Application Vulnerabilities

In groups please run a web application scanner against our Web App VM using
Nessus Web App scanner option and more targeted scanning using Burp Scanner. If

www.pecb.com
Page 13 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Burp licenses aren’t available at the time, please run a DEMO from the trainer’s PC
or run the VIDEO
A more detailed Web Application Assessment is beyond the scope of this course and
a more specific Web Application Course will be delivered in the future to cover other
more specific vulnerabilities.
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………

Exercise 9: Social Engineering

In groups please consider some scenarios where you may use social engineering in a
penetration test and explain the techniques you may use.

……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………

www.pecb.com
Page 14 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Exercise 10: Information Gathering

Using tools such as google, Shodan and other public information sources please find as
much information as possible about PECB. In particular can you identify:
 Details of physical locations
 Details of where certain systems maybe hosted
 Names of key individuals
 Other useful information

……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………

Exercise 11: Corrective action plan

www.pecb.com
Page 15 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
You have received a plan for corrective actions. Evaluate the adequacy of the proposed
corrective actions. If you agree with the corrective actions, explain why. If you disagree,
explain why and propose what you think would be adequate corrective actions.

1. A finding was raised because a Microsoft Windows server had over 12 months of
patches missing.

Proposed action plan: Organise a formal change to apply all relevant patches and
test accordingly.

Acceptable (If No please provide recommendation):

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

Justification:
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

2. A finding has been raised because the tester could boot an internal PC into LINUX
using a CD and then override local security settings. They could also steal the
Windows SAM file and crack passwords offline.

Proposed action plan: Disable the ability to boot from the CD rom on the PC.

Acceptable (If No please provide recommendation):

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

Justification:
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

www.pecb.com
Page 16 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

3. A finding has been raised because the tester could access resources on the local
CITRIX server by using the command line. The CITRIX server was meant to host a
specific application and a standard user should not have access to the command
line. Through this the tester (with a standard user logon account) managed to
access a number of local files on the server which contained highly sensitive
information.

Proposed action plan: Disable the command line on the local CITRIX server.

Acceptable (If No please provide recommendation):

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

Justification:
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

4. A finding was raised because the penetration tester was able to obtain a number
of passwords through social engineering. The tester made telephone calls to a
number of users profiled through social networking sites, in the calls he posed as a
member of IT support stating the passwords were required for emergency support
work.

Proposed action plan: Send an email to all staff reminding them never to reveal
passwords to anyone including IT support.

Acceptable (If No please provide recommendation):

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

Justification:
.......................................................................................................................................
.......................................................................................................................................

www.pecb.com
Page 17 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

5. Several findings were raised because the penetration tester was able to gain
unauthorised access to a key office. Once in the building they were able to freely sit
at a desk, connect their machine and conduct a number of activities such as sniffing
local network traffic. During this sniffing exercise they captured credentials to a
number of key systems. When accessing the building they reported to the main
reception and claimed to be an IT support engineer. They were immediately sent to
the relevant floor of the office. They were then allowed through the main door of the
office by tail-gaiting a member of staff who had a key fob access card.

Proposed action plan: Several actions have been proposed by the client:

 Implement a procedure where all visitors to the main reception are reported to
a relevant contact in the office. The office contact will be required to collect
the visitor from reception hand them a visitors badge, check their ID and
escort them at all times.

 Send an email to all staff reminding them of the risks of tailgating.

 Implement MAC address filtering to prevent unauthorized machines from

connecting to the network.

Acceptable (If No please provide recommendation):

.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

Justification:
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................

Exercise 12 – 14 Capture the Flag

www.pecb.com
Page 18 of 19
 Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting

Notes
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
……………………………………………………………..................................................

www.pecb.com
Page 19 of 19