CMIT 321 Ethical Hacking (2198)/ CMIT 321Reconnaissance Plan and Scanning Plan 3 UMUC.

Document Content and Description Below

This document will serve as a Statement of Work (SOU) outlining Centralia Security Lab’s (CSL) proposed plan of action during the scanning phase of the penetration test. The below sections will deta... il the scope for both the reconnaissance plan as well as the scanning plan, to include tools to be used and mediation of vulnerabilities. The deliverables after this point of the penetration test will include a full technical report with details regarding all discovered vulnerabilities, the tools that were used, and what was gained or could be gained by exploiting said vulnerabilities. Reconnaissance Plan Overview The reconnaissance phase of a penetration test is one of the most important aspects. Reconnaissance is the act of gathering preliminary data or intelligence on your target. The data is gathered in order to better plan for your attack (Cybrary, 2015). There are two different types of reconnaissance, active and passive. Active reconnaissance involves gathering information about the target with direct contact, such as performing traceroute analysis, extracting DNS information, social engineering, etc. Passive reconnaissance involves information gathering with no direct contact, through means such as finding information from a search engine or social networking sites, monitoring website traffic, gathering financial information about the target through financial services, etc (EC-Council, 2019). Both means are important and can provide valuable information to help further down the road. The information gathered will help to form a strategy. Reconnaissance Methods As stated above, there are several reconnaissance methods available to gain information on a target such as Haverbrook Investment Group (HIG). To begin with, passive techniques such as utilizing search engines and social media websites are fairly simple and may provide information on things such as technology platforms used, login pages, contact information, physical locations and more. A fake social media account can be created to lure in company employees. Once they accept a friend request, their account profile can reveal even more potentially exploitable information. This can also lead to locating more employees who can also be harvested for information. [Show More]

Last updated: 1 year ago

Preview 1 out of 4 pages