Pentest 2

Uploaded by

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

6 views4 pages

Pentest 2

Uploaded by

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 4

Activity Sheet: Penetration Testing Scenarios

Disclaimer
This activity sheet is based on the learning objectives outlined by the CompTIA
PenTest+ certification. It is intended for educational purposes only and should be used
in a controlled environment under proper authorization. Unauthorized use of penetration
testing tools and techniques is illegal and unethical. Always adhere to your
organization’s policies and relevant legal frameworks.

Activity Objectives
By the end of this activity, participants will:
1. Be familiar with various scanning techniques, their purpose, and appropriate
tools.
2. Analyze reconnaissance results and explain the implications for penetration
testing.
3. Understand the use of post-exploitation techniques and wireless attack methods.
4. Identify and evaluate network traffic patterns and vulnerabilities.

Group Setup
 Number of participants: 6
 Time allocation: 1 hour
 Materials needed: Pen and paper or digital devices for note-taking.

Scenario-Based Activities
Part 1: Vulnerability Scanning and Reconnaissance (15 minutes)
Scenario:
You are part of a penetration testing team hired to assess a medium-sized e-commerce
company’s network. The initial discovery scan reveals open ports and potential web
application vulnerabilities.
Tasks:
1. Scan Comparison: Compare the results of a discovery scan with a port scan.
Identify discrepancies and explain why these differences might occur.
2. Stealth Mode: Discuss the potential benefits and risks of performing a stealth
scan in this scenario.
3. Web Server Scan: Identify what information you might uncover when scanning
the company’s web server and its APIs. Why is examining API requests
significant?

Part 2: Analyzing Reconnaissance Results (10 minutes)

Scenario:
Your reconnaissance exercise shows multiple vulnerabilities, including outdated
software versions and misconfigured firewalls.
Tasks:
1. Analyze the results and determine which vulnerability presents the highest risk.
Justify your reasoning.
2. Discuss how Nessus could assist the team in this scenario.
3. Explain how sniffing ARP traffic might reveal additional vulnerabilities.

Part 3: Wireless and Network Asset Analysis (15 minutes)

Scenario:
The client’s environment includes multiple wireless access points (WAPs) and IoT
devices.
Tasks:
1. Wireless Security: Why is it essential to test the security of the organization’s
WAPs? List three methods to do so.
2. Wardriving: Explain how wardriving might help in identifying vulnerable wireless
networks.
3. Antenna Comparison: Compare different antenna types and their use cases
during wireless penetration tests.

Part 4: Advanced Scanning Techniques (10 minutes)

Scenario:
During a deeper scan, your team is tasked with mapping the network and enumerating
active hosts.
Tasks:
1. Outline how Nmap could be used to map the network effectively.
2. Compare TCP and UDP scanning techniques and explain their significance in
host enumeration.
3. Discuss how to modify the intensity of a scan to balance speed and stealth.
4. List methods Nmap uses to fingerprint an operating system and determine the
target’s OS.

Part 5: Post-Exploitation and Reporting (10 minutes)

Scenario:
After gaining initial access to a system, your task is to perform post-exploitation
techniques while ensuring minimal impact on the client’s environment.
Tasks:
1. Explain two post-exploitation techniques your team might use in this scenario.
2. Discuss how to document your findings effectively for a client report, focusing on
actionable recommendations.

Discussion Guidelines
1. Assign a team leader to moderate the discussion for each scenario.
2. Divide into pairs or small groups for each part and rotate through scenarios.
3. Reconvene as a larger group to present findings and insights.

Wrap-Up
 Each group presents their solutions and justifications to the larger team.
 Reflect on the tools and techniques discussed.
 Highlight key takeaways and their real-world applications.

Sample Question Paper Assistant Director IT Cadre 20240729
No ratings yet
Sample Question Paper Assistant Director IT Cadre 20240729
17 pages
SAP Functional Testing Test Case
No ratings yet
SAP Functional Testing Test Case
6 pages
01 NFV Fundamental Introduction
No ratings yet
01 NFV Fundamental Introduction
42 pages
pt0-002-05
No ratings yet
pt0-002-05
33 pages
pt0-002-06
No ratings yet
pt0-002-06
30 pages
It20153540 - Aia 2
No ratings yet
It20153540 - Aia 2
15 pages
Mastering Nmap - A Guide to Network Scanning & Security: Security Books
From Everand
Mastering Nmap - A Guide to Network Scanning & Security: Security Books
Erwin Dirks
No ratings yet
VAPT Methodology Report
No ratings yet
VAPT Methodology Report
3 pages
Laboratory 5
No ratings yet
Laboratory 5
7 pages
CompTIA PenTest+ Exam Summary
No ratings yet
CompTIA PenTest+ Exam Summary
15 pages
PentestPlus Comparison 003 002
No ratings yet
PentestPlus Comparison 003 002
34 pages
Core Cybersecurity Skills With EC
No ratings yet
Core Cybersecurity Skills With EC
11 pages
CST8602 Lab04 - Recon & Footprinting
No ratings yet
CST8602 Lab04 - Recon & Footprinting
12 pages
Lab_5_Identifiying_Threats_Vulnerabilities_and_exploits
No ratings yet
Lab_5_Identifiying_Threats_Vulnerabilities_and_exploits
5 pages
unit 3 hs pdf
No ratings yet
unit 3 hs pdf
11 pages
CompTIA Pentest Plus Study Notes
No ratings yet
CompTIA Pentest Plus Study Notes
94 pages
Untitled
No ratings yet
Untitled
772 pages
Certificate Candidate'S Declaration: "In-Depth Vulnerability Scanning With Metasploitable2" Iidt Blackbucks Cybersecurity
No ratings yet
Certificate Candidate'S Declaration: "In-Depth Vulnerability Scanning With Metasploitable2" Iidt Blackbucks Cybersecurity
27 pages
Lession 3.2
No ratings yet
Lession 3.2
35 pages
Lab Manual UPDATED
No ratings yet
Lab Manual UPDATED
22 pages
3.1. Notes [ ± 60 min ] _ Eduvos
No ratings yet
3.1. Notes [ ± 60 min ] _ Eduvos
4 pages
Cybersecurity Threat Actors
No ratings yet
Cybersecurity Threat Actors
14 pages
IA 422 Lab 1 Assignment
No ratings yet
IA 422 Lab 1 Assignment
4 pages
Learning NAGIOS 3.0
From Everand
Learning NAGIOS 3.0
Wojciech Kocjan
No ratings yet
Laboratory5
No ratings yet
Laboratory5
7 pages
4.1. Notes [ ± 60 min ] _ Eduvos
No ratings yet
4.1. Notes [ ± 60 min ] _ Eduvos
3 pages
Vulnerability Assessment Tools
No ratings yet
Vulnerability Assessment Tools
12 pages
Lecture 2 - Penetration Testing, Rules of Engagement and Vulnerability Scanning
No ratings yet
Lecture 2 - Penetration Testing, Rules of Engagement and Vulnerability Scanning
37 pages
Semester 2
No ratings yet
Semester 2
4 pages
Ptva Imp QS
No ratings yet
Ptva Imp QS
18 pages
Exp10 2022301002 VirajBhalerao
No ratings yet
Exp10 2022301002 VirajBhalerao
7 pages
Lesson 3 Performing Security Assessments
No ratings yet
Lesson 3 Performing Security Assessments
15 pages
Certified-Ethical-Hacking_Networking_Linux_Course-Content_Asquare-Technologies
No ratings yet
Certified-Ethical-Hacking_Networking_Linux_Course-Content_Asquare-Technologies
35 pages
PenTest 04 2014 Teaser
No ratings yet
PenTest 04 2014 Teaser
29 pages
Unit III
No ratings yet
Unit III
35 pages
Ethical Hacking and Penetration Testing Lecture 1
100% (1)
Ethical Hacking and Penetration Testing Lecture 1
19 pages
Laboratory5_Cao_Duc_Anh_HE180550_IAA202
No ratings yet
Laboratory5_Cao_Duc_Anh_HE180550_IAA202
9 pages
George G. McBride - RSA03-The Art of Penetration Testing
No ratings yet
George G. McBride - RSA03-The Art of Penetration Testing
59 pages
Hacking Steps
No ratings yet
Hacking Steps
29 pages
4 Penetration Testing Proposal (Contract:Scope of Work (SoW) )
No ratings yet
4 Penetration Testing Proposal (Contract:Scope of Work (SoW) )
1 page
Aia2 IT21270024
No ratings yet
Aia2 IT21270024
17 pages
Requirement For Creating A Pentest Lab
No ratings yet
Requirement For Creating A Pentest Lab
8 pages
003 Penetration Testing Report
No ratings yet
003 Penetration Testing Report
10 pages
Red Team Plan
No ratings yet
Red Team Plan
3 pages
He181243 Phạm Huy Hoàng Ia1807 Iaa202 Lab05
No ratings yet
He181243 Phạm Huy Hoàng Ia1807 Iaa202 Lab05
13 pages
Learning Plan CompTIA Pentest+
No ratings yet
Learning Plan CompTIA Pentest+
14 pages
Lab 6- Vulnerability Analysis (1) (2)
No ratings yet
Lab 6- Vulnerability Analysis (1) (2)
5 pages
PenTestPlus PT0-002 CourseOutline
No ratings yet
PenTestPlus PT0-002 CourseOutline
20 pages
Certified Ethical Hacker (CEH v12) Exam Preparation
From Everand
Certified Ethical Hacker (CEH v12) Exam Preparation
Georgio Daccache
No ratings yet
Lab4 IAM
No ratings yet
Lab4 IAM
3 pages
scs file (2)
No ratings yet
scs file (2)
4 pages
Csf-3203 (Intrusion Detection and Ethical Hacking) Project Output (25%)
0% (1)
Csf-3203 (Intrusion Detection and Ethical Hacking) Project Output (25%)
11 pages
Network Scanning Rushikesh Kharchan ECE a 67
No ratings yet
Network Scanning Rushikesh Kharchan ECE a 67
13 pages
Contenido Temático Curso Ethical Hacker PDF
No ratings yet
Contenido Temático Curso Ethical Hacker PDF
15 pages
Practical Pentesting Guide: Preparation for Certification and Ethical Hacking
From Everand
Practical Pentesting Guide: Preparation for Certification and Ethical Hacking
Evan Blake
No ratings yet
Security Assessment Vs Penetration Testing
100% (1)
Security Assessment Vs Penetration Testing
3 pages
Cybersecurity Exercise
No ratings yet
Cybersecurity Exercise
5 pages
Network VAPT?
No ratings yet
Network VAPT?
7 pages
HE182570_NguyenDucAnh_Lab05_Identifiying_Threats_Vulnerabilities_and_exploits
No ratings yet
HE182570_NguyenDucAnh_Lab05_Identifiying_Threats_Vulnerabilities_and_exploits
7 pages
Mastering Nikto: A Comprehensive Guide to Web Vulnerability Scanning: Security Books
From Everand
Mastering Nikto: A Comprehensive Guide to Web Vulnerability Scanning: Security Books
Erwin Dirks
No ratings yet
Comptia Cyber
No ratings yet
Comptia Cyber
552 pages
CEH IT Security Penetration Testing Step
67% (3)
CEH IT Security Penetration Testing Step
42 pages
CISSP - Certified Information Systems Security Professional Exam Preparation Study Guide
From Everand
CISSP - Certified Information Systems Security Professional Exam Preparation Study Guide
Georgio Daccache
5/5 (1)
terraform_lambda
No ratings yet
terraform_lambda
5 pages
Academic Year 25_26
No ratings yet
Academic Year 25_26
3 pages
PMI Official_Group_PMPv3
No ratings yet
PMI Official_Group_PMPv3
5 pages
Training Outline_Partyrock
No ratings yet
Training Outline_Partyrock
4 pages
AWS_SPARK
No ratings yet
AWS_SPARK
3 pages
PMP Group Activity Booklet_Official PMI_v0.1 (1)
No ratings yet
PMP Group Activity Booklet_Official PMI_v0.1 (1)
23 pages
OUDREY THOMAS ASSIGNMENT AWS_Oudrey
No ratings yet
OUDREY THOMAS ASSIGNMENT AWS_Oudrey
2 pages
Elliana Yasmin_Assignment
No ratings yet
Elliana Yasmin_Assignment
1 page
Progress and Update Term 3 2024_2025
No ratings yet
Progress and Update Term 3 2024_2025
8 pages
Job Design (Job Analysis & Job Description) (1 Day)
No ratings yet
Job Design (Job Analysis & Job Description) (1 Day)
4 pages
Sagemaker Studio_EMR_Glue_macarious
No ratings yet
Sagemaker Studio_EMR_Glue_macarious
2 pages
Aidel Azhar Assignment
No ratings yet
Aidel Azhar Assignment
1 page
3-Day IT Architecture Business Technology Requirement Architecture Training Course Plan
No ratings yet
3-Day IT Architecture Business Technology Requirement Architecture Training Course Plan
2 pages
mb300andER__sent
No ratings yet
mb300andER__sent
2 pages
Assignment Bedawi
No ratings yet
Assignment Bedawi
1 page
Dinellie D_Assignment
No ratings yet
Dinellie D_Assignment
1 page
Chang_Si_Ju
No ratings yet
Chang_Si_Ju
2 pages
[PO] IT Architecture for JKT
No ratings yet
[PO] IT Architecture for JKT
1 page
Microssoft PL600 Activity Booklet Day 1
No ratings yet
Microssoft PL600 Activity Booklet Day 1
5 pages
Labs_ER_v2
No ratings yet
Labs_ER_v2
23 pages
Microsoft PL600 Activity Booklet Day 3
No ratings yet
Microsoft PL600 Activity Booklet Day 3
4 pages
Problem+Formulation+Exercise+Solutions
No ratings yet
Problem+Formulation+Exercise+Solutions
3 pages
mb300andER
No ratings yet
mb300andER
2 pages
Lab 3 ML
No ratings yet
Lab 3 ML
19 pages
Linux
No ratings yet
Linux
4 pages
Attach EI
No ratings yet
Attach EI
3 pages
Outline Splunk
No ratings yet
Outline Splunk
3 pages
Case Studies ML
No ratings yet
Case Studies ML
21 pages
MySql Student companion_day 3
No ratings yet
MySql Student companion_day 3
2 pages
Module Preprocesing_MLPipeline
No ratings yet
Module Preprocesing_MLPipeline
7 pages
CIAM Program Overview-V2
No ratings yet
CIAM Program Overview-V2
6 pages
Attacktive Dierctory Report
No ratings yet
Attacktive Dierctory Report
5 pages
Timers and Counters
No ratings yet
Timers and Counters
5 pages
Student File Upload and Print Health Record User Guide
No ratings yet
Student File Upload and Print Health Record User Guide
9 pages
Dumpsys ANR WindowManager
No ratings yet
Dumpsys ANR WindowManager
2,582 pages
Scratch Programming and Digital Literacy - Worksheet
No ratings yet
Scratch Programming and Digital Literacy - Worksheet
5 pages
IOT Unit 2
No ratings yet
IOT Unit 2
54 pages
Overview of Algorithm Design
No ratings yet
Overview of Algorithm Design
9 pages
ALV Reports Using FM
No ratings yet
ALV Reports Using FM
32 pages
Linux Foundation Passleader Cks Exam Dumps 2024-Feb-04 by Noah 18q Vce
No ratings yet
Linux Foundation Passleader Cks Exam Dumps 2024-Feb-04 by Noah 18q Vce
9 pages
Graphics Processing Unit
No ratings yet
Graphics Processing Unit
22 pages
mehnat
No ratings yet
mehnat
62 pages
Security and Privacy in Communication Networks 16th EAI International Conference SecureComm 2020 Washington DC USA October 21 23 2020 Proceedings Part I Noseong Park - The ebook with all chapters is available with just one click
100% (2)
Security and Privacy in Communication Networks 16th EAI International Conference SecureComm 2020 Washington DC USA October 21 23 2020 Proceedings Part I Noseong Park - The ebook with all chapters is available with just one click
68 pages
Osa Lab Manual
No ratings yet
Osa Lab Manual
89 pages
Maze Solving Vehicle
0% (1)
Maze Solving Vehicle
92 pages
Tutorial Recurrent Neural Networks
No ratings yet
Tutorial Recurrent Neural Networks
20 pages
tls sec
No ratings yet
tls sec
56 pages
Sheetal Project Report
No ratings yet
Sheetal Project Report
68 pages
Messages Sent To QSYSMSG
No ratings yet
Messages Sent To QSYSMSG
4 pages
Poster Design in CorelDraw PDF
No ratings yet
Poster Design in CorelDraw PDF
72 pages
CC113a Freduard V. Manlapaz Subject Instructor
No ratings yet
CC113a Freduard V. Manlapaz Subject Instructor
14 pages
Vodacom Fibre - Application Form CPD - 23 August 2018
No ratings yet
Vodacom Fibre - Application Form CPD - 23 August 2018
8 pages
Grievance Status
No ratings yet
Grievance Status
2 pages
Future Software Training System: Villupuram
No ratings yet
Future Software Training System: Villupuram
3 pages
Private Cloud Appliance X8-2 - Full Components List
No ratings yet
Private Cloud Appliance X8-2 - Full Components List
8 pages
Mvi69E-Mbs: User Manual
No ratings yet
Mvi69E-Mbs: User Manual
161 pages
Fabricpath - Part 1, Introduction: Conversational Mac Addresses Learning
No ratings yet
Fabricpath - Part 1, Introduction: Conversational Mac Addresses Learning
11 pages

Pentest 2

Uploaded by

Pentest 2

Uploaded by

Activity Sheet: Penetration Testing Scenarios

Part 2: Analyzing Reconnaissance Results (10 minutes)

Part 3: Wireless and Network Asset Analysis (15 minutes)

Part 4: Advanced Scanning Techniques (10 minutes)

Part 5: Post-Exploitation and Reporting (10 minutes)

You might also like