1.5 KiB
#|||ORG_NAME||| #internal #general
SCOPE
(paste scope from workbook)
On the call:
Introductions Let them know that their primary contact will be the PM and there should be
Go over general attack strategy/procedure.
We will get a beacon payload by the time the test starts
The beacon payload should be executed on a domain joined windows system.
If the system is not domain joined/no domain - let Seth know as this modifies the standard beacon
Select a user based on a department/role that they would like tested (Marketing, Sales, HR, IT)
This can be a test system with a cloned user, but then we don't get keylogging or screen grabs
The beacon is created using Cobalt Strike and communicates over HTTPS
Since Cobalt Strike is very well signatured, remind them that they may need to add an exclusion in antivirus and/or web filter
We will look at local privilege escalation, conduct portscans, password sprays, targeted vulnerability scanning (NOT NESSUS), lateral movement opportunities, and escalating to DOMAIN ADMIN privilege.
Ask if they want a focus on any particular assets. for example, an old time logging system, or remote access system.
Confirm On Prem AD vs NoAD or Azure AD -
Ask if they have any questions or concerns
Do they have a specific contact -
emergency contact method -
Email any follow-up items from the call to the PM
sensitive systems -
secondary objectives -