1. Company Name

2. First Name

3. Last Name

4. Email

5. Phone

6. Perimeter - Targets for Testing

Please provide the total number of targets for the perimeter testing or the IP Address(s) for the Internet facing services you wish to have assessed. Such as 203.54.113.0/24, 210.23.154.10, application.domain.tld. Alternatively, a file containing the targets can be uploaded to our Sharefile service. Please contact enquiries@certificateofpentest.com.au if you require access to our Sharefile platform. 7)

7. Perimeter - Testing Time Window

Are there specific time window/s that penetration testing activity must be restricted to?

E.g. All can be tested any time or the host 210.215.67.89 only after 5 PM and before 9 AM.

Note: After hours testing requirements will attract an after-hours rate.

8. If we obtain an entry point...

If we successfully breach the perimeter or cloud services or compromise an account would you like us to perform a breach simulation to see how far we can go and what we can get access to?

YesNo

9. Social Engineering - Phishing Attacks

Often the weakest link in most organisations is the end-users. As a result, we would recommend that you consider a phishing campaign(s) to gauge the level of risk from the end-users. Our options can be found below.

Global Phishing Campaign - In this campaign we work with the client to create 1 email scenario that is sent to everyone in the business (or a subset) with a credential harvesting website setup to capture user responses. We will report on the level or risk across the organisation, including the statistics, high risk users, department information, passwords and usernames provided etc. This engagement is designed to give you the complete 'picture' of the end-user risk to the organisation.

Targeted Phishing Campaign - Whereas the Global Phishing Campaign is designed to give you the picture for everyone, the Targeted campaign is designed to get us into the business. An example of this might be sending a fake outstanding invoice to 2 accounts payable employees, with a payload contained within the document to give us access into the network.

Global Phishing CampaignTargeted Phishing Campaign

10. Internal - Targets for Testing

Please provide the rough number of internal devices/systems within the internal network., Alternatively, you can provide the IP Address ranges and/or VLANs for the internal network. Such as 192.168.100.0/24, 10.144.12.15-16. Alternatively, a file containing the targets can be uploaded to our Sharefile service. Please contact enquiry@accreditedpentestingaustralia.com.au if you require access to our Sharefile platform.

11. Internal - Testing Time Window

Are there specific time window/s that penetration testing activity must be restricted to?

E.g. All can be tested any time or the host 210.215.67.89 only after 5 PM and before 9 AM.

Note: After hours testing requirements will attract an after-hours rate.

12. Wireless Networks for Testing (SSIDs)

Please provide the number of SSID(s) we are to assess.

13. Wireless - NUC Device

As part of our wireless assessments we will either send a NUC device to site, or complete this component on premise. Please advise if we should:

Send a NUC device with wireless cards to complete remotelyComplete via a tester on site

14. Wireless - Testing Time Window

Are there specific time window/s that penetration testing activity must be restricted to?

E.g. All can be tested any time or the host 210.215.67.89 only after 5 PM and before 9 AM.

Note: After hours testing requirements will attract an after-hours rate.

15. Web Application

• Please provide the URL we are to assess

• Please confirm Whether this is a Staging or Live Application

• Please advise any testing constraints we need to be aware of, or restrictions such as specific time windows for testing.

• Please confirm the number of accounts we are testing the application with or is this an unauthenticated assessment (without credentials).

• Rough number of pages/endpoints for the app. (or advise if we can be provided access to determine the details ourselves.)

• Number of login pages / portals within the application.

Example: URL: https://mywebapplication.com (Live URL), Authenticated assessment using 2 accounts (1 x guest, 1 x admin), test after 5PM and before 9AM. ~50 pages/endpoints, 4 forms

Example2: URL: https://stagingwebapplication.com (Staging Environment), No time limit on testing, Anonymous testing only (Unauthenticated) only - Single Login Page (SPA)

16. Web Application - Retest Option

Do you require a Re-test of the application after the vulnerabilities have been remediated?

YesNo

17. Web Application 2

• Please provide the URL we are to assess

• Please confirm Whether this is a Staging or Live Application

• Please advise any testing constraints we need to be aware of, or restrictions such as specific time windows for testing.

• Please confirm the number of accounts we are testing the application with or is this an unauthenticated assessment (without credentials).

• Rough number of pages/endpoints for the app. (or advise if we can be provided access to determine the details ourselves.)

• Number of login pages / portals within the application.

Example: URL: https://mywebapplication.com (Live URL), Authenticated assessment using 2 accounts (1 x guest, 1 x admin), test after 5PM and before 9AM. ~50 pages/endpoints, 4 forms

Example2: URL: https://stagingwebapplication.com (Staging Environment), No time limit on testing, Anonymous testing only (Unauthenticated) only - Single Login Page (SPA)

18. Web Application 2 - Retest Option

Do you require a Re-test of the application after the vulnerabilities have been remediated?

YesNo

19. Web Application 3

• Please provide the URL we are to assess

• Please confirm Whether this is a Staging or Live Application

• Please advise any testing constraints we need to be aware of, or restrictions such as specific time windows for testing.

• Please confirm the number of accounts we are testing the application with or is this an unauthenticated assessment (without credentials).

• Rough number of pages/endpoints for the app. (or advise if we can be provided access to determine the details ourselves.)

• Number of login pages / portals within the application.

Example: URL: https://mywebapplication.com (Live URL), Authenticated assessment using 2 accounts (1 x guest, 1 x admin), test after 5PM and before 9AM. ~50 pages/endpoints, 4 forms

Example2: URL: https://stagingwebapplication.com (Staging Environment), No time limit on testing, Anonymous testing only (Unauthenticated) only - Single Login Page (SPA)

20. Web Application 3 - Retest Option

Do you require a Re-test of the application after the vulnerabilities have been remediated?

YesNo

21. Additional Web Applications

• Please provide the URL we are to assess

• Please confirm Whether this is a Staging or Live Application

• Please advise any testing constraints we need to be aware of, or restrictions such as specific time windows for testing.

• Please confirm the number of accounts we are testing the application with or is this an unauthenticated assessment (without credentials).

• Rough number of pages/endpoints for the app. (or advise if we can be provided access to determine the details ourselves.)

• Number of login pages / portals within the application.

Example: URL: https://mywebapplication.com (Live URL), Authenticated assessment using 2 accounts (1 x guest, 1 x admin), test after 5PM and before 9AM. ~50 pages/endpoints, 4 forms

Example2: URL: https://stagingwebapplication.com (Staging Environment), No time limit on testing, Anonymous testing only (Unauthenticated) only - Single Login Page (SPA)

22. Additional Webapps - Retest Option

Do you require a Re-test of the application after the vulnerabilities have been remediated?

YesNo

23. API Testing

Please advise the number of endpoints for the API as well as the number of user roles to be tested.

Example: 5 endpoints, 2 API access roles, admin & sponsor

24. API Testing

If we are testing an API(s) is there a Postman, Swagger or WSDL file that can be populated and provided to the tester?

YesNoNot Applicable

25. API Testing 2

Please advise the number of endpoints for the API as well as the number of user roles to be tested.

Example: 5 endpoints, 2 API access roles, admin & sponsor

26. API Testing 2

If we are testing an API(s) is there a Postman, Swagger or WSDL file that can be populated and provided to the tester?

YesNoNot Applicable

27. Additional APIs to be tested

Please advise the number of endpoints for the API as well as the number of user roles to be tested.

Example: 5 endpoints, 2 API access roles, admin & sponsor

28. Additional Options

Please advise the number of endpoints for the API as well as the number of user roles to be tested.

Password Audit - To ease administration and complexity, most perimeter systems such as ADFS, Remote Access and/or VPN’s are integrated with Active Directory, which in turn ensures that users only need to remember one password to be able to access these systems and other corporate resources. Weak password usage by end-users is also used frequently by malicious threat actors to breach networks today. In this component we will perform a recovery of all on-premise Active Directory Passwords to provide a picture of the level of risk from end-user and system passwords, including reporting on high-risk passwords, password change cycles, administrators, non-expiring accounts etc.Azure/M365 Review - In this component we will review the 365/Azure tenancy for security issues and missing hardening controls. This includes, but is not limited to; • Tenancy Configuration – Remote PowerShell access, Company Admins, Roles, • Accounts details – Non-expiring, Non-MFA enabled, Users, Admin Roles assigned, Passwords never changed etc., • Group Details – Stale groups, group memberships, • Conditional Access and Data Classification Policies, • Mailbox Review including Insecure Mailbox Protocols, sizing etc., • Password policies and controlsBreach Simulation Exercise - In this component , the client will provide us a simulated entry point on to a workstation/desktop with standard user access. We will then assess the available privilege escalation and lateral movement options in line with current Techniques, Tactics & Procedures (TTP’s) that are leveraged in the wild by threat actors to gain access to sensitive information and systems within the internal network.Detection Testing Option - Our assessment can also encompass a review of the detection methods employed. Detection and alerting is a key component of the Incident Response Process. All organisations should be aware when a malicious threat actor is trying to breach the network and the appropriate action is being taken. We will collate and provide a list of all activities performed which can be correlated against a client's alerting/detection systems to perform a GAP analysis and fine tune detection mechanisms.Network Retest - In this component we will perform a retest of the network vulnerabilities, post-remediation activities, and provide a report of the remediation status and/or if any new vulnerabilities have been introduced.Data-Loss Prevention (DLP) Review - In this component we will perform an assessment of the data exfiltration avenues that could be leveraged by a disgruntled employee or an attacker having local network access. This includes testing such as tunneling (DNS, SSH, ICMP etc.), web exfiltration methods (such as dropbox, yousendit, M365 etc.) and physical avenues (such as malicious USB hacking devices and removable media).Workstation Build Assessment - In this component we will assess the client SOE / workstation build employed on devices to identify areas of improvement for locking down of the workstations and will also assess the Endpoint Protection for the level of detection capabilities.Physical Access Assessment - In this component we will perform a physical assessment of up to 2 locations to gain physical access into the environment. We will leverage Social Engineering techniques to pre-stage the scenario and attempt to bypass Physical Controls that are in place as well as leverage physical access tools such as USB keys to attempt to bypass these controls.Vishing (Voice & Phishing) - Vishing is the practice of using Social Engineering techniques over the telephone system to gain access to private personal or company information, or obtain an entry point into a network. The agreement will encompass 2 separate Vishing attacks against staff, with Staff members contacted via the Telephone and persuaded to provide information or assistance or to execute a link or payload. Vishing continues to be very successful year-after-year in harvesting personal information and breaching some of the world’s most secure networks.Incident Response Retainer - Retainer of hours to assist the client in the event of a data breach or security incident. (priced per Hour)Online Awareness Training & Phishing Platform (Cyberaware) - Unlimited Access to the Nexon online awareness training platform and automated Phishing Assessments for staff, including setup, training & onboarding. If selected please add the number of staff in the 'Other' option