Prepare a Pentest Report
PENTEST ENGAGEMENT LETTER
You have been given physical access to a machine and are allowed to test what it is connected to. If you find an Internet connection somewhere, you are not authorised to do any penetration testing on that network or beyond. You are also not permitted to perform any penetration testing on network switches or routers.
Employee Peter Cry has been behaving suspiciously and bought an expensive car all of a sudden when he kept complaining he didn't have much money. See if you can find any evidence to back up your suspicions.
How is Peter able to get the information out to the internet? There is suspicion he is using local pc accounts in some way.
The server team believe that the website and usernames are secure. We want to test if this is possible
The list of authorised users on the domain are as follows:
Andrew.Sad
Hackers.A
Jane.Doe
Peter.Cry
Sue. Weep
Tom.Smith
Since you will be testing during business hours, please do not perform any password resets that may impact the above users.
We also have some linux servers. Please advise how and if they need to be secured any further.
We look forward to receiving your in-depth pen test report at the end of next week.