Penetration Testing mailing list archives

Re: Re: pentest documentation

From: krymson () gmail com
Date: 2 Oct 2006 19:31:41 -0000

For Windows, Camtasia is an excellent screen-recorder if you want to go that route. If you're doing some hands-on
things like taps or images or something that can't be put into a virtual machine (and screen-capped by the host
machine) you could use a digital video recorder if your engagement either requires this level of documentation or
allows you to do so. I guess physical security tests may be better documented with digital cameras, although I dunno if
I've ever seen that myself (physical pen-tests I don't see very often or hear much about other than theoretical reviews
of a site).

Other means that go beyond just providing a report:
- putting any confiscated material ("look what I found on this developer's machine, source code and client data
databases!") on a cd or USB device and then hash it and label appropriately.

- capture the packet output of any scans or actual attacks that you do and hash them. Try your best to get times as
close as possible, in case they want to correlate IDS entries with your scans/attacks, or a system went down during the
scan and they need to determine that you were the cause.

- capture the output of any scanning tools you use. Things like Nessus and nmap will have output files and reports.
Even though you likely recreate the reports in a more meaningful format for the client, turning over the raw data
itself is also good practice.

Be aware that you may be capturing sensitive information this way, so protect any captures you take with you for your
own review and be sensitive to what the client is going to be wanting you to provide to them.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Re: pentest documentation, (continued)
- - - Re: pentest documentation Andres Riancho (Oct 02)
    - Re: pentest documentation IndianZ (Oct 02)
    - Re: pentest documentation Jason Ross (Oct 02)
    - Re: pentest documentation Jürgen R. Plasser (Oct 03)
- Re: pentest documentation Andrew Hay (Oct 02)
- Re: pentest documentation espen (Oct 02)
- Re: pentest documentation Gareth Davies (Oct 02)
- Re: pentest documentation Sol Invictus (Oct 02)
  - Re: pentest documentation Tonnerre Lombard (Oct 03)
- RE: pentest documentation Jason M Frey (Oct 03)
- Re: Re: pentest documentation krymson (Oct 02)
- Re: pentest documentation David Ball (Oct 03)
- RE: Re: pentest documentation William Woodhams (Oct 03)
- Re: pentest documentation Ben Anderson (Oct 03)