1 Please provide Your Organisation / Business Name

2 Primary contact Name

3 Primary Contact Number

4 Primary Contact Email Address

5 Primary Contact Position

6 Secondary Contact Details (if Required)

7. Perimeter - Targets for Testing

Please provide the total number of targets for the perimeter testing or the IP Address(s) for the Internet facing services you wish to have assessed. Such as 203.54.113.0/24, 210.23.154.10, application.domain.tld. Alternatively, a file containing the targets can be uploaded to our Sharefile/SharePoint services. Please contact enquiry@accreditedpentestingaustralia.com.au if you require access to our File Sharing platform.

8. Perimeter - Testing Time Window

Are there specific time window/s that penetration testing activity must be restricted to?

E.g. All can be tested any time or the host 210.215.67.89 only after 5 PM and before 9 AM.

Note: After hours testing requirements will attract an after-hours rate.

9. If we obtain an entry point...

If we successfully breach the perimeter or cloud services or compromise an account would you like us to perform a breach simulation to see how far we can go and what we can get access to?

YesNoAdd as an optional addition

10. Social Engineering - Phishing Attacks

Often the weakest link in most organisations is the end-users. As a result, we would recommend that you consider a phishing campaign(s) to gauge the level of risk from the end-users.  Our options can be found below.

Global Phishing Campaign - In this campaign we work with the client to create 1 email scenario that is sent to everyone in the business (or a subset) with a credential harvesting website setup to capture user responses. We will report on the level of risk across the organisation, including the statistics, high risk users, department information, passwords and usernames provided etc. This engagement is designed to give you the complete 'picture' of the end-user risk to the organisation.Targeted Phishing Campaign - Whereas the Global Phishing Campaign is designed to give you the picture for everyone, the Targeted campaign is designed to get us into the business. An example of this might be sending a fake outstanding invoice to 2 accounts payable employees, with a payload contained within the document to give us access into the network.

11. Internal - Targets for Testing

Please provide the total number of targets for the perimeter testing or the IP Address(s) for the Internet facing services you wish to have assessed. Such as 203.54.113.0/24, 210.23.154.10, application.domain.tld. Alternatively, a file containing the targets can be uploaded to our Sharefile/SharePoint services. Please contact enquiry@accreditedpentestingaustralia.com.au if you require access to our File Sharing platform.

12. Internal - Testing Time Window

Are there specific time window/s that penetration testing activity must be restricted to?

E.g. All can be tested any time or the host 210.215.67.89 only after 5 PM and before 9 AM, all targets after business hours etc.

Note: After hours testing requirements will attract an after-hours rate.

13. Wireless Networks for Testing (SSIDs)

Please provide the number of SSID(s) we are to assess.

14. Wireless - NUC Device

As part of our wireless assessments we will either send a NUC device to site, or complete this component on premise. Please advise if we should:

Send a NUC device with wireless cards to complete remotelyComplete via a tester on site

15. Wireless - Testing Time Window

Are there specific time window/s that penetration testing activity must be restricted to?

E.g. All can be tested any time or the SSID bla, only after 5 PM and before 9 AM.

Note: After hours testing requirements will attract an after-hours rate.

16. Web Application 1

• Please provide the URL we are to assess (if available)

• Please confirm Whether this is a Staging or Live Application

• Please advise any testing constraints we need to be aware of, or restrictions such as specific time windows for testing.

• Please confirm the number of accounts we are testing the application with or is this an unauthenticated assessment (without credentials).

• Rough number of pages/endpoints for the app. (or advise if we can be provided access to determine the details ourselves.)

Example: URL: https://mywebapplication.com (Live URL), Authenticated assessment using 2 accounts (1 x guest, 1 x admin), test after 5PM and before 9AM. ~50 pages/endpoints, 4 forms

Example2: URL: https://stagingwebapplication.com (Staging Environment), No time limit on testing, Anonymous testing only (Unauthenticated) only - Single Login Page (SPA)

17. Web Application 1 - Retest Option

Do you require a Re-test of the application after the vulnerabilities have been remediated?

YesNoAdd as an additional option

18. Web Application 2

• Please provide the URL we are to assess (if available)

• Please confirm Whether this is a Staging or Live Application

• Please advise any testing constraints we need to be aware of, or restrictions such as specific time windows for testing.

• Please confirm the number of accounts we are testing the application with or is this an unauthenticated assessment (without credentials).

• Rough number of pages/endpoints for the app. (or advise if we can be provided access to determine the details ourselves.)

Example: URL: https://mywebapplication.com (Live URL), Authenticated assessment using 2 accounts (1 x guest, 1 x admin), test after 5PM and before 9AM. ~50 pages/endpoints, 4 forms

Example2: URL: https://stagingwebapplication.com (Staging Environment), No time limit on testing, Anonymous testing only (Unauthenticated) only - Single Login Page (SPA)

19. Web Application 2 - Retest Option

Do you require a Re-test of the application after the vulnerabilities have been remediated?

YesNoAdd as an additional option

20. Web Application 3

Do you require a Re-test of the application after the vulnerabilities have been remediated?

• Please provide the URL we are to assess (if available)

• Please confirm Whether this is a Staging or Live Application

• Please advise any testing constraints we need to be aware of, or restrictions such as specific time windows for testing.

• Please confirm the number of accounts we are testing the application with or is this an unauthenticated assessment (without credentials).

• Rough number of pages/endpoints for the app. (or advise if we can be provided access to determine the details ourselves.)

Example: URL: https://mywebapplication.com (Live URL), Authenticated assessment using 2 accounts (1 x guest, 1 x admin), test after 5PM and before 9AM. ~50 pages/endpoints, 4 forms

Example2: URL: https://stagingwebapplication.com (Staging Environment), No time limit on testing, Anonymous testing only (Unauthenticated) only - Single Login Page (SPA)

21. Web Application 3 - Retest Option

Do you require a Re-test of the application after the vulnerabilities have been remediated?

YesNoAdd as an additional option

22. Additional Web Applications

Please provide the detail of any additional applications you would like included in your scope.

• Please provide the URL we are to assess (if available)

• Please confirm Whether this is a Staging or Live Application

• Please advise any testing constraints we need to be aware of, or restrictions such as specific time windows for testing.

• Please confirm the number of accounts we are testing the application with or is this an unauthenticated assessment (without credentials).

• Rough number of pages/endpoints for the app. (or advise if we can be provided access to determine the details ourselves.)

Example: URL: https://mywebapplication.com (Live URL), Authenticated assessment using 2 accounts (1 x guest, 1 x admin), test after 5PM and before 9AM. ~50 pages/endpoints, 4 forms

Example2: URL: https://stagingwebapplication.com (Staging Environment), No time limit on testing, Anonymous testing only (Unauthenticated) only - Single Login Page (SPA)

23. Additional Webapps - Retest Option

Do you require a Re-test of the application after the vulnerabilities have been remediated?

YesNoAdd as an additional option

24. API Testing

If you require an API assessment, please complete the below section.

Please advise the number of endpoints and Methods for the API as well as the number of user roles to be tested.

e.g. 5 Endpoints, 2 API access roles, admin & sponsor

25. API Testing

If we are testing an API(s) is there a Postman, Swagger or WSDL file that can be populated and provided to the tester?

YesNoNot ApplicableOther

26. API Testing - 2

Please advise the number of endpoints and Methods for the API as well as the number of user roles to be tested.

e.g. 5 Endpoints, 2 API access roles, admin & sponsor

27. API Testing - 2

If we are testing an API(s) is there a Postman, Swagger or WSDL file that can be populated and provided to the tester?

YesNoNot ApplicableOther

28. Additional APIs to be tested

Please advise the number of endpoints and Methods for the API as well as the number of user roles to be tested.

e.g. 5 Endpoints, 2 API access roles, admin & sponsor

29. Additional Options

Password Audit - To ease administration and complexity, most perimeter systems such as ADFS, Remote Access and/or VPN’s are integrated with Active Directory, which in turn ensures that users only need to remember one password to be able to access these systems and other corporate resources. Weak password usage by end-users is also used frequently by malicious threat actors to breach networks today. In this component we will perform a recovery of all on-premise Active Directory Passwords to provide a picture of the level of risk from end-user and system passwords, including reporting on high-risk passwords, password change cycles, administrators, non-expiring accounts etc.Azure/M365 Review - In this component we will review the 365/Azure tenancy for security issues and missing hardening controls. This includes, but is not limited to; • Tenancy Configuration – Remote PowerShell access, Company Admins, Roles, • Accounts details – Non-expiring, Non-MFA enabled, Users, Admin Roles assigned, Passwords never changed etc., • Group Details – Stale groups, group memberships, • Conditional Access and Data Classification Policies, • Mailbox Review including Insecure Mailbox Protocols, sizing etc., • Password policies and controlsBreach Simulation Exercise - In this component , the client will provide us a simulated entry point on to a workstation/desktop with standard user access. We will then assess the available privilege escalation and lateral movement options in line with current Techniques, Tactics & Procedures (TTP’s) that are leveraged in the wild by threat actors to gain access to sensitive information and systems within the internal network.Detection Testing Option - Our assessment can also encompass a review of the detection methods employed. Detection and alerting is a key component of the Incident Response Process. All organisations should be aware when a malicious threat actor is trying to breach the network and the appropriate action is being taken. We will collate and provide a list of all activities performed which can be correlated against a client's alerting/detection systems to perform a GAP analysis and fine tune detection mechanisms.Network Retest - In this component we will perform a retest of the network vulnerabilities, post-remediation activities, and provide a report of the remediation status and/or if any new vulnerabilities have been introduced.Data-Loss Prevention (DLP) Review - In this component we will perform an assessment of the data exfiltration avenues that could be leveraged by a disgruntled employee or an attacker having local network access. This includes testing such as tunneling (DNS, SSH, ICMP etc.), web exfiltration methods (such as dropbox, yousendit, M365 etc.) and physical avenues (such as malicious USB hacking devices and removable media).Workstation Build Assessment - In this component we will assess the client SOE / workstation build employed on devices to identify areas of improvement for locking down of the workstations and will also assess the Endpoint Protection for the level of detection capabilities.Physical Access Assessment - In this component we will perform a physical assessment of up to 2 locations to gain physical access into the environment. We will leverage Social Engineering techniques to pre-stage the scenario and attempt to bypass Physical Controls that are in place as well as leverage physical access tools such as USB keys to attempt to bypass these controls.Vishing (Voice & Phishing) - Vishing is the practice of using Social Engineering techniques over the telephone system to gain access to private personal or company information, or obtain an entry point into a network. The agreement will encompass 2 separate Vishing attacks against staff, with Staff members contacted via the Telephone and persuaded to provide information or assistance or to execute a link or payload. Vishing continues to be very successful year-after-year in harvesting personal information and breaching some of the world’s most secure networks.Incident Response Retainer - Retainer of hours to assist the client in the event of a data breach or security incident. (priced per Hour)Online Awareness Training & Phishing Platform (Cyberaware) - Unlimited Access to the Nexon online awareness training platform and automated Phishing Assessments for staff, including setup, training & onboarding. If selected please add the number of staff in the 'Other' optionOther

30. Is there any additional information you would like to share to the assigned tester/team? Note we will not launch any Denial of Service (DoS/DDoS) attacks or exploits during the engagement.

For example:

• Do not test URL xxxx://fqdn/uri_path,

• Do not test for SQLi.

• Our x system is our main critical system that extreme care should be taken on.

31. Please advise your preferred commencement date:

32. Please advise your must be completed by date:

33. Any other information or requirements?: