Press 's' to show speaker notes…
This slide deck is intended to be edited and used in a pitch to a partner, client or customer and is released under the Creative Commons Zero v1.0 license.
Thank you to all the contributors that make these documents amazing.
|
Note
|
Please, use this pitch however you wish. If you have any questions or want to add something and can’t figure out how please email me, [email protected] |
Engagement type that targets a computer, network or web application infrastructure for a company.
This type of engagement focuses on the prevention security layer. Finding, testing, classifying, and verifying vulnerabilities in the company’s environment
Team based engagements that includes the IT, social, and physical verticals. This type of engagements focus on all three layers of security defense, prevention, detection, and response. Findings focus on systemic, broad spectrum vulnerabilities in narrative format.
(1 week)
-
Loud (no stealth)
-
Techniques
-
Login brute forcing
-
Fast / Large port range Nmap scanning
-
Vuln scanning / Web vuln scanning
-
SPAM style phishing
-
-
Separating attack techniques by day for ease of identification
-
Login Attempts
-
Company web login interfaces
-
VPN / Remote Access interfaces
-
Email interfaces
-
External / Cloud interfaces (Office365, Dropbox, Box, etc)
-
External / Cloud infrastructure (AWS, Azure)
-
-
Attempts to obtain code execution
-
If obtained, post-exploitation is in-scope to better identify impact of scenario
-
-
Identify authentication leak risk to the enterprise via stolen, backdoored, or disgruntled employee
-
Identify previously unknown authentication interfaces
-
Test prevention security layer
-
2-Factor Authentication / Multi-Factor Authentication
-
-
Test detection security layer
-
Foreign / suspicious login identification / alerting
-