0% found this document useful (0 votes)
6 views4 pages

Pentest 2

Uploaded by

d
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
6 views4 pages

Pentest 2

Uploaded by

d
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Activity Sheet: Penetration Testing Scenarios

Disclaimer
This activity sheet is based on the learning objectives outlined by the CompTIA
PenTest+ certification. It is intended for educational purposes only and should be used
in a controlled environment under proper authorization. Unauthorized use of penetration
testing tools and techniques is illegal and unethical. Always adhere to your
organization’s policies and relevant legal frameworks.

Activity Objectives
By the end of this activity, participants will:
1. Be familiar with various scanning techniques, their purpose, and appropriate
tools.
2. Analyze reconnaissance results and explain the implications for penetration
testing.
3. Understand the use of post-exploitation techniques and wireless attack methods.
4. Identify and evaluate network traffic patterns and vulnerabilities.

Group Setup
 Number of participants: 6
 Time allocation: 1 hour
 Materials needed: Pen and paper or digital devices for note-taking.

Scenario-Based Activities
Part 1: Vulnerability Scanning and Reconnaissance (15 minutes)
Scenario:
You are part of a penetration testing team hired to assess a medium-sized e-commerce
company’s network. The initial discovery scan reveals open ports and potential web
application vulnerabilities.
Tasks:
1. Scan Comparison: Compare the results of a discovery scan with a port scan.
Identify discrepancies and explain why these differences might occur.
2. Stealth Mode: Discuss the potential benefits and risks of performing a stealth
scan in this scenario.
3. Web Server Scan: Identify what information you might uncover when scanning
the company’s web server and its APIs. Why is examining API requests
significant?

Part 2: Analyzing Reconnaissance Results (10 minutes)


Scenario:
Your reconnaissance exercise shows multiple vulnerabilities, including outdated
software versions and misconfigured firewalls.
Tasks:
1. Analyze the results and determine which vulnerability presents the highest risk.
Justify your reasoning.
2. Discuss how Nessus could assist the team in this scenario.
3. Explain how sniffing ARP traffic might reveal additional vulnerabilities.

Part 3: Wireless and Network Asset Analysis (15 minutes)


Scenario:
The client’s environment includes multiple wireless access points (WAPs) and IoT
devices.
Tasks:
1. Wireless Security: Why is it essential to test the security of the organization’s
WAPs? List three methods to do so.
2. Wardriving: Explain how wardriving might help in identifying vulnerable wireless
networks.
3. Antenna Comparison: Compare different antenna types and their use cases
during wireless penetration tests.

Part 4: Advanced Scanning Techniques (10 minutes)


Scenario:
During a deeper scan, your team is tasked with mapping the network and enumerating
active hosts.
Tasks:
1. Outline how Nmap could be used to map the network effectively.
2. Compare TCP and UDP scanning techniques and explain their significance in
host enumeration.
3. Discuss how to modify the intensity of a scan to balance speed and stealth.
4. List methods Nmap uses to fingerprint an operating system and determine the
target’s OS.

Part 5: Post-Exploitation and Reporting (10 minutes)


Scenario:
After gaining initial access to a system, your task is to perform post-exploitation
techniques while ensuring minimal impact on the client’s environment.
Tasks:
1. Explain two post-exploitation techniques your team might use in this scenario.
2. Discuss how to document your findings effectively for a client report, focusing on
actionable recommendations.

Discussion Guidelines
1. Assign a team leader to moderate the discussion for each scenario.
2. Divide into pairs or small groups for each part and rotate through scenarios.
3. Reconvene as a larger group to present findings and insights.

Wrap-Up
 Each group presents their solutions and justifications to the larger team.
 Reflect on the tools and techniques discussed.
 Highlight key takeaways and their real-world applications.

You might also like