Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:01,980 -: In this section of the course, 2 00:00:01,980 --> 00:00:04,019 we're gonna cover the various considerations 3 00:00:04,019 --> 00:00:06,840 that you need to think of when scoping and engagement. 4 00:00:06,840 --> 00:00:08,370 Now, when we use the term scope 5 00:00:08,370 --> 00:00:10,110 in the world of penetration testing, 6 00:00:10,110 --> 00:00:13,110 we're referring to the combined objectives and requirements 7 00:00:13,110 --> 00:00:15,030 needed to complete an engagement. 8 00:00:15,030 --> 00:00:16,470 From a business perspective, 9 00:00:16,470 --> 00:00:17,880 it's important that both the client 10 00:00:17,880 --> 00:00:20,910 and the penetration tester knows what is and is not 11 00:00:20,910 --> 00:00:22,950 in the scope of a given engagement. 12 00:00:22,950 --> 00:00:25,920 For example, if I hire you to perform a penetration test 13 00:00:25,920 --> 00:00:28,440 of my website, we need to agree upfront 14 00:00:28,440 --> 00:00:29,910 what portions of the website 15 00:00:29,910 --> 00:00:31,860 you're gonna conduct your assessment against 16 00:00:31,860 --> 00:00:33,960 and what type of tools and techniques 17 00:00:33,960 --> 00:00:36,540 you're gonna be allowed to use against my website. 18 00:00:36,540 --> 00:00:39,720 For example, I might allow you to conduct an SQL ejection 19 00:00:39,720 --> 00:00:41,460 against my learning management system 20 00:00:41,460 --> 00:00:42,960 but I'm not gonna allow you 21 00:00:42,960 --> 00:00:44,760 to do a distributed denial of service attack 22 00:00:44,760 --> 00:00:46,230 against my servers. 23 00:00:46,230 --> 00:00:47,700 Now, the reason isn't that I'm afraid 24 00:00:47,700 --> 00:00:50,340 of you taking my servers offline, but instead 25 00:00:50,340 --> 00:00:53,010 it's that we use an elastic cloud-based architecture, 26 00:00:53,010 --> 00:00:55,650 and if you start to run a DDoS attack against my servers 27 00:00:55,650 --> 00:00:58,410 they're gonna automatically spin up new compute instances 28 00:00:58,410 --> 00:01:00,210 to service all that new load. 29 00:01:00,210 --> 00:01:03,330 This would in turn really increased my cloud hosting costs 30 00:01:03,330 --> 00:01:04,163 for that month 31 00:01:04,163 --> 00:01:06,210 and it really doesn't gimme any valuable information 32 00:01:06,210 --> 00:01:07,740 during the penetration test. 33 00:01:07,740 --> 00:01:09,960 So I'm gonna make that off limits. 34 00:01:09,960 --> 00:01:10,890 Now, on the other hand, 35 00:01:10,890 --> 00:01:12,840 if I wanted to stress test our systems 36 00:01:12,840 --> 00:01:15,840 and see just how large of a DDoS attack we could withstand 37 00:01:15,840 --> 00:01:17,250 then maybe we would agree to put that 38 00:01:17,250 --> 00:01:19,110 back into the scope of the assessment. 39 00:01:19,110 --> 00:01:21,090 But for most penetration tests, 40 00:01:21,090 --> 00:01:23,640 you're simply not gonna be allowed to do a DDoS attack 41 00:01:23,640 --> 00:01:26,010 because it could either harm the organization's business 42 00:01:26,010 --> 00:01:29,400 or it'll simply waste a lot of their time and resources. 43 00:01:29,400 --> 00:01:31,170 So in this section of the course, 44 00:01:31,170 --> 00:01:33,090 we're really gonna focus on scoping 45 00:01:33,090 --> 00:01:36,120 which is part of domain one: planning and scoping. 46 00:01:36,120 --> 00:01:36,960 This section, 47 00:01:36,960 --> 00:01:39,360 we're gonna be covering parts of objectives, 1.1, 48 00:01:39,360 --> 00:01:43,170 1.2 and 1.3 that we didn't cover in the last section. 49 00:01:43,170 --> 00:01:44,850 And this will also complete our coverage 50 00:01:44,850 --> 00:01:46,710 of all of the domain one objectives 51 00:01:46,710 --> 00:01:49,350 that will be covered on your PenTest+ exam. 52 00:01:49,350 --> 00:01:51,360 This includes objective 1.1, 53 00:01:51,360 --> 00:01:52,950 which states that you must be able to compare 54 00:01:52,950 --> 00:01:56,100 and contrast governance, risk and compliance concepts. 55 00:01:56,100 --> 00:01:59,250 Objective 1.2, that states you must be able to explain 56 00:01:59,250 --> 00:02:00,450 the importance of scoping 57 00:02:00,450 --> 00:02:02,940 and organizational or customer requirements. 58 00:02:02,940 --> 00:02:06,090 An objective 1.3, that states given a scenario 59 00:02:06,090 --> 00:02:08,520 you must demonstrate an ethical hacking mindset 60 00:02:08,520 --> 00:02:11,250 by maintaining professionalism and integrity. 61 00:02:11,250 --> 00:02:13,890 As we begin this section, we're gonna first talk about 62 00:02:13,890 --> 00:02:15,900 how you can define the scope of an engagement 63 00:02:15,900 --> 00:02:18,150 by working with your client to determine what will 64 00:02:18,150 --> 00:02:20,730 and won't be covered during a penetration test. 65 00:02:20,730 --> 00:02:22,680 It is always important that you have defined 66 00:02:22,680 --> 00:02:25,680 and agreed to the proper scope before any technical portions 67 00:02:25,680 --> 00:02:28,140 of your penetration test have begun. 68 00:02:28,140 --> 00:02:31,230 Then we're gonna move into the types of devices, systems 69 00:02:31,230 --> 00:02:33,720 and programs that may be added to your target list 70 00:02:33,720 --> 00:02:35,430 when you're scoping your engagement. 71 00:02:35,430 --> 00:02:38,670 This includes things like wireless networks, IP ranges, 72 00:02:38,670 --> 00:02:41,820 domains, APIs, physical locations, 73 00:02:41,820 --> 00:02:43,950 internal targets, external targets 74 00:02:43,950 --> 00:02:46,170 and targets that are either first party hosted 75 00:02:46,170 --> 00:02:48,210 or third party hosted. 76 00:02:48,210 --> 00:02:50,820 Next, we're gonna move into identifying the restrictions 77 00:02:50,820 --> 00:02:53,340 that may be placed upon you during an engagement, 78 00:02:53,340 --> 00:02:55,230 things like geographic restrictions, 79 00:02:55,230 --> 00:02:57,330 the types of tools you can and cannot use, 80 00:02:57,330 --> 00:02:58,530 and the different laws 81 00:02:58,530 --> 00:03:00,750 that may affect your penetration tests. 82 00:03:00,750 --> 00:03:03,510 After that, we're gonna discuss the rules of engagement 83 00:03:03,510 --> 00:03:05,910 that you're gonna need to follow along with a discussion 84 00:03:05,910 --> 00:03:07,350 of the different types of assessments 85 00:03:07,350 --> 00:03:09,330 that you and your client may agree to use 86 00:03:09,330 --> 00:03:10,830 during this engagement. 87 00:03:10,830 --> 00:03:12,780 We're also gonna discuss the methods that you can use 88 00:03:12,780 --> 00:03:15,030 to validate the scope of the engagement. 89 00:03:15,030 --> 00:03:17,400 Finally, we're gonna discuss the different limitations 90 00:03:17,400 --> 00:03:19,590 that could be placed on the penetration tester 91 00:03:19,590 --> 00:03:22,740 for this engagement and the necessity of gaining permission 92 00:03:22,740 --> 00:03:24,840 from the client before and during 93 00:03:24,840 --> 00:03:27,930 different parts of the engagement to avoid fees, fines 94 00:03:27,930 --> 00:03:29,850 or possible criminal charges. 95 00:03:29,850 --> 00:03:32,580 So let's continue our coverage of domain one 96 00:03:32,580 --> 00:03:35,480 with scoping and engagement in this section of the course. 7416