It is now time to put all your knowledge and skills together to perform and document a complete penetration test. We will utilize the "SANS Institute Conducting a Penetration Test on an Organization" as our blueprint.
Download, install, and configure within VirtualBox or similar desktop virtualization software Testing Sandbox, the following Virtual Machines from VulnHub:
- De-Ice S1.100
- De-Ice S1.110
- De-Ice S1.120
- De-Ice S1.140
- De-Ice S2.100 (You really don’t have to do this one)
Use the "Corporate Scenario" resource. It is important that you follow the scenario in order.
Perform a complete Penetration Test against at least the first four of the specified VMs. Number 5 is for those students that want to go the extra mile.
Document findings under Phase Testing in the "PEN Testing Report Guidelines," located within the course materials. Refer to the SANS Institute industry standard "Writing a Penetration Testing Report" for examples of PEN Testing Report. ( https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343), (https://www.sans.org/reading-room/whitepapers/bestprac/paper/33343).
Complete each section (cover page through resources) of the PEN Testing Report for submission in reference to the "PEN Testing Report Guidelines." The report must include the complete Phasing Testing methodology.
Solid academic writing is expected, and documentation of sources should be presented using APA style.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
Sample Solution