-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreport-pentest-modern.tex
executable file
·373 lines (285 loc) · 21 KB
/
report-pentest-modern.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
\documentclass[a4paper, 12pt]{article} % Formato de la plantilla
\usepackage{titlesec}
\usepackage[utf8]{inputenc} % UTF8 Encoding
\usepackage[margin=2cm, top=2cm, includefoot]{geometry} % Geometría
\usepackage{graphicx} % Inserción de imagenes
\usepackage[table,xcdraw]{xcolor} % Detección de colores
\usepackage[most]{tcolorbox} % Inserción de cuadros en la portada
\usepackage{fancyhdr} % Estilo de la página
\usepackage[hidelinks]{hyperref} % Gestión de hipervínculos
\usepackage{listings} % Inserción de código
\usepackage{parskip} % Tabulación del documento
\usepackage[figurename=Figure]{caption} % Para cambiar el nombre del caption de las fotos
\usepackage{smartdiagram} % Inserción de diagramas
\usepackage{zed-csp} % Inserción de esquemas
\usepackage{float} % Para la colocación de imagenes y tablas, sirve para H
\usepackage{colortbl} % Colores de tablas
\usepackage{tabularx} % Mejores tablas
%\usepackage{bidi} % Bidirectional typsetting bugs of XeTeX
\usepackage{apacite}
\usepackage{anyfontsize}
% Define Colors
% Colors from color picker: https://www.google.com/search?q=color+picker
\definecolor{green}{HTML}{69A84F}
\definecolor{gray}{HTML}{B8B6B4}
\definecolor{yellow}{HTML}{acba0f}
\definecolor{red}{HTML}{f70000}
\definecolor{blue}{HTML}{0370ff}
\definecolor{pink}{HTML}{ff03d1}
% Font
\renewcommand{\familydefault}{\sfdefault}
% Tables
% Table generator: https://www.latex-tables.com/
\renewcommand{\contentsname}{Table of Contents}
\renewcommand{\arraystretch}{1.5}
\renewcommand{\tabularxcolumn}[1]{>{\small}m{#1}}
% Header & Footer
\setlength{\headheight}{40.2pt}
\pagestyle{fancy}
\fancyhf{}
\lhead{\includegraphics[height=0.5cm]{media/avatar/avatar.png}}
\rhead{Application Security Review}
\renewcommand{\headrulewidth}{1pt}
\renewcommand{\headrule}{\hbox to\headwidth{\color{gray}\leaders\hrule height \headrulewidth\hfill}}
\lfoot{CompanyName Confidential}
\cfoot{Copyright © CompanyName}
\rfoot{Page \thepage}
\renewcommand{\footrulewidth}{1pt}
\renewcommand{\footrule}{\hbox to\headwidth{\color{gray}\leaders\hrule height
\footrulewidth\hfill}}
% Hypertext
\hypersetup{
% colorlinks=true, Enable Colors for Links
% linkcolor=blue, All Links will have the color declared
filecolor=magenta,
urlcolor=cyan
}
% Sections
\setcounter{secnumdepth}{5}
\titleformat{\paragraph}
{\normalfont\normalsize\bfseries}{\theparagraph}{1em}{}
\titlespacing*{\paragraph}
{0pt}{3.25ex plus 1ex minus .2ex}{1.5ex plus .2ex}
% Colors for Code Listings
\definecolor{codegreen}{rgb}{0,0.6,0}
\definecolor{codegray}{rgb}{0.5,0.5,0.5}
\definecolor{codepurple}{rgb}{0.58,0,0.82}
\definecolor{backcolour}{rgb}{0.95,0.95,0.92}
\lstdefinestyle{mystyle}{
backgroundcolor=\color{backcolour},
commentstyle=\color{codegreen},
keywordstyle=\color{magenta},
numberstyle=\tiny\color{codegray},
stringstyle=\color{codepurple},
basicstyle=\ttfamily\footnotesize,
breakatwhitespace=false,
breaklines=true,
captionpos=b,
keepspaces=true,
numbers=left,
numbersep=5pt,
showspaces=false,
showstringspaces=false,
showtabs=false,
tabsize=2
}
\lstset{style=mystyle}
% Start of the Document
\begin{document}
% Cover Page
\begin{titlepage}
\centering
\vfill
\begin{figure}[t]
\centering
\includegraphics[width=\textwidth]{media/avatar/avatar.png}
\end{figure}
\vfill
\begin{center}
\vspace*{\fill}
{\fontsize{20}{10}\selectfont\textbf{Client Company Name}}\par
{\fontsize{20}{10}\selectfont\textbf{Security Assessment Report}}\par
\vspace{5cm}
\Huge Business Confidential\par
\vspace{1cm}
\begin{flushleft}
\small\textit{Date: May, 17, 2021}\par
\small\textit{Project: 898-21}\par
\small\textit{Version: 1.0}\par
\end{flushleft}
\vspace{5pt}
\vfill
\end{center}
\end{titlepage}
\clearpage
% ---------------------
% Table of Contents
\clearpage
\tableofcontents
\clearpage
% ----------------------
\section{Confidentiality Statement}
This document is the exclusive property of Client Company and CompanyName). This document contains proprietary and confidential information. Duplication, redistribution, or use, in whole or in part, in any form, requires consent of both Client Company and CompanyName.
CompanyName may share this document with auditors under non-disclosure agreements to demonstrate penetration test requirement compliance.
\section{Disclaimer}
A penetration test is considered a snapshot in time. The findings and recommendations reflect the information gathered during the assessment and not any changes or modifications made outside of that period. Time-limited engagements do not allow for a full evaluation of all security controls. CompanyName prioritized the assessment to identify the weakest security controls an attacker would exploit. CompanyName recommends conducting similar assessments on an annual basis by internal or third-party assessors to ensure the continued success of the controls.
\section{Contact Information}
\begin{table}[H]
\centering
\begin{tabular}{|>{\raggedright\arraybackslash}m{23mm}|m{60mm}|m{60mm}|}
\hline
\rowcolor[rgb]{0.498,0.498,0.498} Name & Title & Contact Information \\
\hline
\multicolumn{3}{|l|}{{\cellcolor[rgb]{0.851,0.851,0.851}}Client Company} \\
\hline
John Smith & VP, Information Security (CISO) & Office: (555) 555-5555\newline
Email: [email protected] \\
\hline
Jim Smith & IT Manager & Office: (555) 555-5555\newline
Email: [email protected] \\
\hline
Joe Smith & Network Engineer & Office: (555) 555-5555\newline
Email: [email protected] \\
\hline
\multicolumn{3}{|l|}{{\cellcolor[rgb]{0.851,0.851,0.851}}Company Name} \\
\hline
John Smith & Lead Penetration Tester & Office: (555) 555-5555\newline
Email: jsmith@company\_name.com \\
\hline
Bob Smith & Penetration Tester & Office: (555) 555-5555\newline
Email: bsmith@company\_name.com \\
\hline
Rob Smith & Account Manager & Office: (555) 555-5555\newline
Email: rsmith@company\_name.com \\
\hline
\end{tabular}
\caption{Contact}
\end{table}
\clearpage
\section{Assessment Overview}
From June 20th, 2021 to June 29th, 2021, Client Company engaged CompanyName to evaluate the security posture of its infrastructure compared to current industry best practices that included an external penetration test. All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
Phases of penetration testing activities include the following:
\begin{itemize}
\item Planning – Customer goals are gathered and rules of engagement obtained.
\item Discovery – Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.
\item Attack – Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.
\item Reporting – Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.
\end{itemize}
\subsection{Assessment Components}
\textbf{External Penetration Test}
An external penetration test emulates the role of an attacker attempting to gain access to an internal network without internal resources or inside knowledge. A CompanyName engineer attempts to gather sensitive information through open-source intelligence (OSINT), including employee information, historical breached passwords, and more that can be leveraged against external systems to gain internal network access. The engineer also performs scanning and enumeration to identify potential vulnerabilities in hopes of exploitation.
\clearpage
\section{Finding Severity Ratings}
The following table defines levels of severity and corresponding CVSS score range that are used throughout the document to assess vulnerability and risk impact.
% \usepackage{colortbl}
\begin{table}[H]
\centering
\begin{tabular}{|>{\raggedright\arraybackslash}m{23mm}|m{40mm}|m{90mm}|}
\hline
\rowcolor[rgb]{0.502,0.502,0.502} Severity & CVSS V3 Score Range & Definition \\
\hline
{\cellcolor[rgb]{0.753,0,0}}Critical & 9.0-10.0 & Exploitation is straightforward and usually results in system-level
compromise.~ It is advised to form a
plan of action and patch immediately. \\
\hline
{\cellcolor{red}}High & 7.0-8.9 & Exploitation is more difficult but could cause elevated privileges
and potentially a loss of data or downtime.~
It is advised to form a plan of action and patch as soon as possible. \\
\hline
{\cellcolor[rgb]{1,0.753,0}}Moderate & 4.0-6.9 & Vulnerabilities exist but are not exploitable or require extra steps
such as social engineering.~ It is
advised to form a plan of action and patch after high-priority issues have
been resolved. \\
\hline
{\cellcolor{yellow}}Low & 0.1-3.9 & Vulnerabilities are non-exploitable but would reduce an
organization’s attack surface.~ It is
advised to form a plan of action and patch during the next maintenance
window. \\
\hline
{\cellcolor[rgb]{0,0.439,0.753}}Informational & N/A & No vulnerability exists.~
Additional information is provided regarding items noticed during
testing, strong controls, and additional documentation. \\
\hline
\end{tabular}
\caption{Severity Ratings}
\end{table}
\clearpage
\section{Scope}
\begin{table}[H]
\centering
\begin{tabular}{!{\color{black}\vrule}l|l!{\color{black}\vrule}}
\hline
\rowcolor[rgb]{0.498,0.498,0.498} Assessment & Details \\
\hline
External Penetration Test & 192.168.0.0/24,
192.168.1.0/24 \\
\hline
\end{tabular}
\caption{Scope}
\end{table}
\subsection{Scope Exclusions}
Per client request, CompanyName did not perform any X attacks during testing.
Client Allowances
ClientCompany did not provide any allowances to assist the testing.
\section{Executive Summary}
CompanyName evaluated ClientCompany’s external security posture through an external network penetration test from June 20th, 2019 to June 29th, 2019. By leveraging a series of attacks, CompanyName found critical level vulnerabilities that allowed full internal network access to the ClientCompany headquarter office. It is highly recommended that Client Company address these vulnerabilities as soon as possible as the vulnerabilities are easily found through basic reconnaissance and exploitable without much effort.
\section{Attack Summary}
The following table describes how CompanyName gained internal network access, step by step:
Lorem ipsum
\subsection{Security Strengths}
SIEM alerts of vulnerability scans
During the assessment, lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\subsection{Security Weaknesses}
\subsubsection{Missing Multi-Factor Authentication}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\subsubsection{Weak Password Policy}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\subsubsection{Unrestricted Logon Attempts}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\subsubsection{Credentials Reuse}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\clearpage
\section{External Penetration Test Findings}
\textbf{Insufficient Lockout Policy - Outlook Web App}
\begin{table}[H]
\centering
\begin{tabular}{|>{\raggedright\arraybackslash}m{20mm}|m{130mm}|m{60mm}|}
\hline
{\cellcolor[rgb]{0.816,0.808,0.808}}Description: & DC allowed unlimited logon attempts against their Outlook
Web App (OWA) services. This configuration allowed brute force and password
guessing attacks in which CompanyName used to gain access to ClientCompany internal network. \\
\hline
{\cellcolor[rgb]{0.816,0.808,0.808}}Impact: & Critical \\
\hline
{\cellcolor[rgb]{0.816,0.808,0.808}}System: & 192.168.0.5 \\
\hline
{\cellcolor[rgb]{0.816,0.808,0.808}}References: & NIST SP800-53r4 AC-17 - Remote Access\newline
NIST
SP800-53r4 AC-7(1) - Unsuccessful Logon Attempts \\
\hline
\end{tabular}
\caption{Vulnerability name}
\end{table}
\textbf{Exploitation Proof of Concept}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\begin{figure}[H]
\centering
\includegraphics[width=\textwidth]{media/img/test.png}
\caption{Vulnerability Name Exploit in Action Phase 1}
\end{figure}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\begin{figure}[H]
\centering
\includegraphics[width=\textwidth]{media/img/test.png}
\caption{Vulnerability Name Exploit in Action Phase 2}
\end{figure}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\begin{figure}[H]
\centering
\includegraphics[width=\textwidth]{media/img/test.png}
\caption{Vulnerability Name Exploit in Action Result}
\end{figure}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\textbf{Remediation}
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed scelerisque sapien id risus tristique, vel molestie erat dapibus. Maecenas eleifend nunc sit amet purus aliquam, eu placerat sem dapibus. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque rhoncus commodo ultricies. Mauris quis quam ut tellus finibus lobortis. Donec dapibus leo a consectetur mollis. Donec nec mi euismod, vehicula tortor eu, feugiat massa. Curabitur at risus sed lorem fringilla auctor non pellentesque sem. Suspendisse urna arcu, sodales in risus sed, interdum accumsan mauris.
\end{document}