APA (edition "APA 6") Computer Science

Final Penetration Test Proposal

Maintaining Access

logo for Centralia Security Lab
Now that you have come up with a plan to gain access to Haverbrook’s target systems, it’s time to start planning how you will maintain that access once you get it.

You know that attempt will be useless unless you can not only extract the information you were looking for but stay unnoticed, and you also need to able to get back inside as needed.

A big part of managing a network is to secure it; therefore, you should take nothing for granted. You have to have a well-defined plan to get back into the target environment at will; second chances are much harder since they will be expecting you at that point.

As a penetration tester, you need to figure out how you will maintain control of the system. To have a clear execution plan, you need to think about the best techniques and procedures when pivoting to obtain main access and control of the targeted system.

Some of the command and control techniques you may use are methods of pivoting, such as elevation of privilege, password cracking, impersonation, DNS cache poisoning, and IP spoofing.

Covering Your Tracks

logo for Centralia Security Lab
Your penetration test into Haverbrook’s systems is nearly complete. After planning how you would exploit the target’s network, now you have to consider how you would cover your tracks within those systems. Your training and experience provides you with options to do so.

You know there are tools available in the operating system to perform cleanup. For instance, you can hide any malicious files introduced during exploitation by using steganographic techniques or NTFS streams to maintain future access to the target.

Additionally, you will make sure all the point of entries are accounted for, and you will keep track of any modifications you made. You will remove any malware, tools, or other nonnative files you placed on the system. You know that you can delete these files throughout an intrusion, keeping your footprint low, or remove them as part of the postintrusion cleanup process.

You will put all of the details of your penetration test into a final proposal to be delivered to Haverbrook’s stakeholders.