Project Management

1. Schedule a project kick-off call between all critical parties involved in the assessment.
2. Define the parameters to be tested during the assessment.
3. Define a timeline for conducting the assessment exercises, including testing times and notification methods.
4. Exchange contact information between all resources involved in the assessment.
5. Develop a framework to be used during the assessment phase that is consistent with the Client’s current infrastructure.
6. If applicable:
   1. Conduct interviews to determine configuration requirements for internal device deployment for penetration testing.
   2. Prepare a remote testing device to be used during the internal testing portion of the engagement.
   3. Coordinate device shipping and installation with the Clients team.
   4. Verify connection to the internal testing device.

Project Analysis

1. Collect documentation from the testing activities.
2. Catalog screen captures and evidentiary materials.
3. Carefully review all findings (documentation, screen captures, and evidentiary materials).
4. Conduct research to support the findings and provide insight into potential improvement options.
5. Conduct a careful measure of the Client’s business objectives against the current security posture.

Report and Management Debriefing

1. Prepare an Executive Summary Report tailored for the senior management audience.
2. Prepare a comprehensive document including details of the assessments and testing performed.
3. Submit a roadmap identifying solutions to the issues identified during the assessment. This will include a systematic approach and priority for addressing the issues identified.
4. Present the report findings and conduct a question-and-answer session with the client's senior management after submitting the final report.

Internal Vulnerability Analysis

1. Enumerate network threat landscape based on defined scope (applications, hosts, services, subdomains, etc.)
2. Run commercial, open-source, and proprietary vulnerability assessment tools to identify potential issues.
3. Identify key vulnerabilities and target systems to validate, further inspect, and exploit.
4. Document the findings from the Vulnerability Assessment tools and communicate these to the Client.

Internal Exploitation

1. Attempt to exploit vulnerabilities identified in the vulnerability analysis to gain root or administrator-level access to the target systems or other trusted user account access.
2. Perform default and common authentication tests against suspected target interfaces.
3. Document all relevant information upon access to the command line of a targeted system via the access points identified in the vulnerability analysis, including the host and directory or share name to which access was gained; the host from which access was gained; date, time and the level of access; and finally the security hole(s) that were exploited to gain access.
4. Launch attacks against other systems on the network from the compromised host to identify the risk of lateral movement.
5. Notify the Client if an unauthorized access level is achieved.

Vulnerability Analysis

1. Perform the Vulnerability Analysis steps listed in the guidelines of the Vulnerability Analysis section of the PTES. This approach will blend automated and manual techniques for identifying vulnerabilities at all seven OSI model layers.
2. Document the findings from the Vulnerability Assessment tools and communicate these to the Client.

Direct External Exploitation

1. Validating any/all vulnerabilities identified through the vulnerability analysis in concert with active exploitation or manipulation of the information found during Intelligence Gathering. In addition, Exploitation tasks will follow the Exploitation criteria of the PTES.

Post Exploitation

1. Upon exploiting services or information assets, Lares will take a goal-driven approach to derive the impact of the threat posed by the existence of the vulnerabilities identified and confirmed through exploitation. This approach will follow the guidelines provided within the Post Exploitation section of the PTES.
2. The client will determine the target assets in scope before the start of the engagement. Assets in scope for compromise will be governed by the rules of engagement set forth by the Client team.

Metric Phishing (what platforms do)

When performing a metric-based assessment, the focus is on measuring user behavior and susceptibility to interacting with a suspicious email. Initial baseline metrics may be compared to subsequent phishing campaigns to determine the organization’s security posture, evaluate risk from specific threat types, and demonstrate changes in the overall awareness level over time.

Spear Phishing (what Lares does)

To model an advanced actor’s ability to penetrate an organization using email, Lares can perform a black box assessment against a specific user or group with tailored attack methods to align with the target's experience, knowledge, and job function. Post-exploitation activities can be conducted from a compromised user or system to determine the impact and risk during a successful spear phishing exercise.

Wireless Security Assessment

1. Lares will search for wireless devices (war-walking, war-driving) in and around each location, capturing information such as:
   1. Access point channels, identifiers, and security parameters
   2. Signal range, hardware type and address, associated client details
   3. Visibility of wireless networks outside the facilities in scope
2. Lares will test against approved access points to determine if appropriate security controls, segmentation, and encryption levels have been implemented.