Jump to content

Company Penetration Test


TuX^

Recommended Posts

Hi guys,

I was wanting to carry out a penetration test at work and just wanted to know the process of going about it.

Specifically: Do I need to have any certification

Who do I need to contact to get permission

How do I find out about local laws about such actions etc etc.

Can anybody help me with this?

I must stress that I have not started doing anything other than a little research into the processes of a pen-test. I want to equip myself with as much knowledge as possible and get permission before I try and do anything.

Thanks,

TuX^

Link to comment
Share on other sites

Get permission in writing from as high up in the company as possible, just because your boss says it is OK over lunch get it written down and preferably by his boss or his bosses boss just in case.

As for certs, you don't need anything here in the UK. Your company looks like it is a pretty tech based one so they would hopefully welcome it.

I would however suggest before you do anything on a real network that you practise it and learn all about it in a lab environment first, it is very easy to go wrong somewhere an accidentally take out a network or machine.

Link to comment
Share on other sites

Yeah, I know you have to get written permission about it.

In regards to laws in the UK about it, is there anything I should be aware of?

This may seem like a daft question but how do you know that my company is tech based? ...

TuX^

Link to comment
Share on other sites

There are no specific UK laws beyond the computer misuse act and data protection laws which you won't be coming near if you are on networks you have permission for.

And you are posting messages from your work IP. A whois on the IP shows a company name, google that name and you get a website.

Link to comment
Share on other sites

  • 2 weeks later...

you should also scope out exactly what you are going to be testing and the times that you will be testing, and if exploitation is authorized. As a side note and best practice, you will want to write down everything that you do and take as many screen shots as possible when performing the test. <---- extremely important

by having an extremely detailed set of notes, you can save loads of time, and have all your evidence ready when you are starting your final report.

Link to comment
Share on other sites

Or if you want even more in depth look at PTES http://www.pentest-standard.org/index.php/Main_Page

We did a talk on it at Derbycon as well explaining the reasons behind it and what it hoped to achieve.

Was going to recommend PTES but you beat me to it.

Link to comment
Share on other sites

Was going to recommend PTES but you beat me to it.

Link to the video:

http://www.irongeek.com/i.php?page=videos/derbycon1/the-penetration-testing-execution-standard-ptes-panel

God I love irongeek for posting all the hackercon videos...we need to get his ass in these forums. If you know him digininja, send him a note saying

1. To quit getting hacked ;)

2. To get in on hak5 forums - he may already be his own media mogul, but he should join this crew too!

telot

Link to comment
Share on other sites

Link to the video:

http://www.irongeek.com/i.php?page=videos/derbycon1/the-penetration-testing-execution-standard-ptes-panel

God I love irongeek for posting all the hackercon videos...we need to get his ass in these forums. If you know him digininja, send him a note saying

1. To quit getting hacked ;)

2. To get in on hak5 forums - he may already be his own media mogul, but he should join this crew too!

telot

Not sure how long you been following Hak5, but hes been on the forums since the beginning of the show and been on the show a number of times. Hes good friends with Darren and the crew.

Link to comment
Share on other sites

Not sure how long you been following Hak5, but hes been on the forums since the beginning of the show and been on the show a number of times. Hes good friends with Darren and the crew.

http://forums.hak5.org/index.php?showuser=4191

Last active :(

telot

Link to comment
Share on other sites

Easiest way to speak with Adrian these days, is Twitter. If you really need to ask him a question, ping him @irongeek_adc.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...