Professional Documents
Culture Documents
04 CLPT en ExF V1.2.2 20151119GP
04 CLPT en ExF V1.2.2 20151119GP
Exercises
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
Basing yourself on this information, determine and explain the three greatest
advantages for implementing a programme of pro-active penetration testing. Also
please explain how these benefits could be measured.
Advantage 1) .................................................................................................................
.......................................................................................................................................
How can the organization measure this advantage?.....................................................
.......................................................................................................................................
.......................................................................................................................................
Advantage 2)..................................................................................................................
.......................................................................................................................................
How can the organization measure this advantage?.....................................................
.......................................................................................................................................
.......................................................................................................................................
Advantage 3)..................................................................................................................
.......................................................................................................................................
How can the organization measure this advantage?.....................................................
.......................................................................................................................................
.......................................................................................................................................
www.pecb.com
Page 2 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
1. During the penetration test the a member of the IT team requests your permission
to use the notes you have collected and raw scan results to conduct a case study
exercise on penetration testing for their university studies. You have been
assured that the information will be sanitized and that no vulnerability details will
be shared externally.
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
2. The client has contracted the penetration testing team to amongst other systems
test a specific wireless network. According to the network design and architecture
documents there is only one wireless network that belongs to the client in the
building. You identify this network but also identify a number of other wireless
networks which have SSIDs very similar to the client’s name. You speak with the
client’s IT Manager and they tell you they know nothing about these other
networks but ask that you test them anyway as they want to know more about
what these networks are and the levels of security they offer.
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
www.pecb.com
Page 3 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
3. You identify during the testing that a number of servers appear to be running
unlicensed software. The IT Manager confirms that this is the case and advises
that the situation is due to budget constraints but that the software will be
correctly licensed as soon as the new annual budget is made available in the next
two months.
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
4. You discover a large quantity of pornographic photos involving children on one of
the organization’s servers.
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
www.pecb.com
Page 4 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
6. Your client is an outsourcing company. You have been advised by the clients’
Head of IT before the test of a specific system that the testing has been
commissioned upon the demands of their customer. The Head of IT has stated
the number of vulnerabilities in the report and the severity of them will affect
whether their customer allows the new service to go live. She advises that failure
to go live will cost the outsourcing company a significant sum of money.
You conduct the test of the system and find multiple serious vulnerabilities. Upon
reviewing the report the Head of IT states that she is not happy with the number
of “high” findings and that this will have a negative impact when it is shown to
their customer. She asks if you would be willing to create a separate report for
their customer which would not include some of the issues (which she believes
are irrelevant to the customer) and would show some of the issues in a less
serious light.
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
www.pecb.com
Page 5 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
#1
#2
Exercise 3
www.pecb.com
Page 6 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
#1
#2
www.pecb.com
Page 7 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
#1
www.pecb.com
Page 8 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
#2
www.pecb.com
Page 9 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
…………………………………………………………………………………….
www.pecb.com
Page 10 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
Exercise 5:
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
……………………………………………………………………………………
…………………………………………………………………………………….
Exercise 6: Mapping
www.pecb.com
Page 11 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
www.pecb.com
Page 12 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
……………………………………………………………………………………
………………………………………………………………
Exercise 7: Burp Suite
In groups please map the attack surface and entry points of www.pecb.org using
BURP Suite
Discuss Scoping strategy based on your discoveries.
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………..
www.pecb.com
Page 13 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
Burp licenses aren’t available at the time, please run a DEMO from the trainer’s PC
or run the VIDEO
A more detailed Web Application Assessment is beyond the scope of this course and
a more specific Web Application Course will be delivered in the future to cover other
more specific vulnerabilities.
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
www.pecb.com
Page 14 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
……………………………………………………………………………………………………………
www.pecb.com
Page 15 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
You have received a plan for corrective actions. Evaluate the adequacy of the proposed
corrective actions. If you agree with the corrective actions, explain why. If you disagree,
explain why and propose what you think would be adequate corrective actions.
1. A finding was raised because a Microsoft Windows server had over 12 months of
patches missing.
Proposed action plan: Organise a formal change to apply all relevant patches and
test accordingly.
Justification:
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
2. A finding has been raised because the tester could boot an internal PC into LINUX
using a CD and then override local security settings. They could also steal the
Windows SAM file and crack passwords offline.
Proposed action plan: Disable the ability to boot from the CD rom on the PC.
Justification:
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
www.pecb.com
Page 16 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
3. A finding has been raised because the tester could access resources on the local
CITRIX server by using the command line. The CITRIX server was meant to host a
specific application and a standard user should not have access to the command
line. Through this the tester (with a standard user logon account) managed to
access a number of local files on the server which contained highly sensitive
information.
Proposed action plan: Disable the command line on the local CITRIX server.
Justification:
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
4. A finding was raised because the penetration tester was able to obtain a number
of passwords through social engineering. The tester made telephone calls to a
number of users profiled through social networking sites, in the calls he posed as a
member of IT support stating the passwords were required for emergency support
work.
Proposed action plan: Send an email to all staff reminding them never to reveal
passwords to anyone including IT support.
Justification:
.......................................................................................................................................
.......................................................................................................................................
www.pecb.com
Page 17 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
5. Several findings were raised because the penetration tester was able to gain
unauthorised access to a key office. Once in the building they were able to freely sit
at a desk, connect their machine and conduct a number of activities such as sniffing
local network traffic. During this sniffing exercise they captured credentials to a
number of key systems. When accessing the building they reported to the main
reception and claimed to be an IT support engineer. They were immediately sent to
the relevant floor of the office. They were then allowed through the main door of the
office by tail-gaiting a member of staff who had a key fob access card.
Proposed action plan: Several actions have been proposed by the client:
Implement a procedure where all visitors to the main reception are reported to
a relevant contact in the office. The office contact will be required to collect
the visitor from reception hand them a visitors badge, check their ID and
escort them at all times.
Justification:
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
.......................................................................................................................................
www.pecb.com
Page 18 of 19
Certified Lead Pen Test Professional
Exercises Form
© 2015 Parker Solutions Group and Sysca Consulting
Notes
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
…………………………………………………………………………………………………
……………………………………………………………..................................................
www.pecb.com
Page 19 of 19