Ethical and Legal Considerations
- It does not hurt to reach out and ask if other hosts you notice should be included, but, again, make sure this is
in writing and not just given on a phone call.
Document, document, document. When in doubt, document and overcommunicate.\- If you participate, even if your intentions are good, you can still be liable and get into legal and even criminal trouble.
- When working for any company, make sure that you have a copy of the signed scope of work/contract and a formal document listing the scope of testing (URLs, individual IP addresses, CIDR network ranges, wireless SSIDs, facilities for a physical assessment, or lists of email or phone numbers for social engineering engagements), also signed by the client.
- When in doubt, request additional approvals and documentation before beginning any testing.
- While performing testing,
stay within the scope of testing.
if in doubt, reach out
Penetration Tester Path Syllabus
Introduction
- Penetration Testing Process
- Getting Started
Reconnaissance, Enumeration & Attack Planning
- Network Enumeration with Nmap