Take a look at the example penetration testing report by Offense Security in the

Take a look at the example penetration testing report by Offense Security in the resources. Conduct a writeup similar in nature for the vulnerabilities we discovered today. This writeup must include images as seen in the example so that the customer can easily see what was found. Your paper must discuss each of the vulnerabilities we covered in this week’s lab, as well as two additional vulnerabilities that we did not discuss.
In the resources section, you’ll see a list of vulnerabilities in Metasploitable3. Review this list to determine which additional vulnerabilities you want to exploit. When documenting these in your paper, you will need to document how you found this vulnerability. Do not state that you used a vulnerability listing for Metasploitable3. Instead, discuss the process used to identify the vulnerability (nmap scans to find open ports, Nessus to find vulnerability). Ensure that your paper revolves around the following scenario.
This week’s discussion post had fellow peers make recommendations for your paper. Include any recommendations you believe could improve your paper.
Acme Corporation hired you to validate a new system added to its network. They believe this system is secure and ready to be added, but company policy requires a completed penetration test to verify security. The policy dictates that the penetration test be conducted first as a white-box test to ensure that the system can be completely verified. As such, the project manager at Acme Corp has provided you with the credentials to the box. This allows you not only to conduct an uncredentialed scan, but also a credentialed scan.
They want the test to start as if the hacker has access to the internal network, but does not know anything. As such, the test must start with only barebones information (you know the subnet you are on, but you do not know credentials). After you get an initial scan of the network using no credentials, they request that you use the provided credentials to get more accurate scans and more accurate testing.
Paper Requirements:
Written Communication: Write in a professional manner using APA 7th Edition and formatting with correct grammar, usage, and mechanics.
Narrative: The Narrative must start as if you do not know any username and password. As such, an uncredentialed scan must run, as well as nmap scans. After you get the initial uncredentialed scans, you must use the credentials to scan the VMs.
APA Formatting: Any resources and citations used are formatted according to APA 7th Edition.
Length: 3-5 Pages (not including Title Page, References, and any Abstract/Executive Summary)
Font and font-size: Any of the acceptable APA7 fonts.
Vulnerabilities: 5 Vulnerabilities are discussed. Those that we found in the Lab this week, and two additional ones you discovered by yourself.
Example Penetrational Test Report: https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
List of Vulnerabilities in Metasploitable3: https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities
Tips for Creating a Strong Cybersecurity Assessment Report: https://zeltser.com/security-assessment-report-cheat-sheet/

Leave a Reply