assessment
report
debrief
external network pentest
open-source intelligence gathering
32-40h + 8-16h for report writing
internal network pentest
from inside of the network
active directory attacks
32-40h + 8-16h for report writing
web application pentest
web-based attacks and OWASP testing guidelines (Open Web Application Security Project)
32-40h + 8-16h for report writing
wireless network pentest
guest vs WPA2-PSK vs WPA2 entreprise
wireless adapter
4-8h per ssid + 2-4h report writing
physical pentest & social engineering
breaking in the building / cameras for end-user training
16-40h, 4-8h for report writing
mobile penetration, iot, red team engagments (a year sometimes), purple team engagements (working with a blue team: do you see me? define a baseline and improve it)...
report writing
within a week
technical/non tech audience (exec summary)
technical findings
recos for remediation (clear for executives and technical staff)
debrief
walk through your findings with tech and non tech people
opportunity for the client to ask questions and address any concerns
before the final report