[UC1IIS052] – Assessment Work

The move I've been sitting here, smashing my head in, I can't get my head around this assessment task. Much similar to the previous month, the assessment strikes me as being somewhat backwards. We are to write a report about the techniques we would use in penetration testing for a fictional scenario. I assume this to be expecting a rather introductionary, assuming sort of "what I believe I would do based upon tip-of-the-iceberg research on the field. Surely, the focus must be expected to circle around more general terms of techniques, rather than the specific step-by-step actions to perform each technique.

I'm going to have to talk to someone to get a fresh mind on the matter. Right now I'm trying to write down what I believe are basic steps during a penetration test process. Then I can tackle the ethical discussion separately.

Update - I spoke with my father, who is working in the IT security field and he shared some stories which helped relieve my issue a bit. I was having trouble imagining you could actually accidentally stumble across a different server than the specified targets during a pen-test, though this is partially due to it being a hypothetical scenario and we don't actually know exactly what the contract contains nor the exact context of the supposed job. Or what information we have from the get-go to work with. But apparently you can stumble across servers during a pen-test, but that's supposedly never an issue for the employer and they usually want you to include that in the test too if found. Or they could want it to be terminated in case of being for example a forgotten NAS-HDD that was supposed to be taken down but had been forgotten. Either way, it happens.

Leave a Reply

Notify of