Scribd Logo
Importer

Bienvenue sur Scribd !

  • Serpico - No DREAD

    Transféré par

    Zach Lawson
    72 vues10 pages
    Serpico template

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOCX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Serpico template

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    72 vues10 pages

    Serpico - No DREAD

    Transféré par

    Zach Lawson
    Serpico template

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 10

    FULL_COMPANY_NAME Report

    FULL_COMPANY_NAME
    REPORT NAME: REPORT_NAME
    Penetration Testing Report
    Date DATE

    FULL_COMPANY_NAME Report

    Customer Information
    Company
    SHORT_COMPANY_NAME
    Name:
    City:
    CONTACT_CITY
    State: CONTACT_STA
    TE
    URL:
    COMPANY_WEBSI
    TE

    Zip Code:

    CONTACT_ZIP

    Customer Contact Information


    Contact Name:
    CONTACT_NAME
    Title:
    CONTACT_TITLE
    Telephone:
    CONTACT_PHONE
    E-mail:
    CONTACT_EMAIL

    Consultant Information
    Company
    Serpico Template Report, LLC
    Name:
    Contact
    CONSULTANT_NAME
    Name:
    Title:
    CONSULTANT_TITLE
    Telephone:
    CONSULTANT_PHONE
    E-mail:
    CONSULTANT_EMAIL
    Business
    123 Paper St
    Address:
    City
    TestCity
    State:
    URL:

    http://www.github.com

    MA

    Zip
    Code:

    11111

    FULL_COMPANY_NAME Report
    1.0 Executive Summary
    Serpico Template Company (STC) was contracted to perform a penetration test for
    SHORT_COMPANY_NAME. This report discusses the results from the assessment. Really, if you
    are reading this you should update the template to match your executive summary. The symbols
    throughout this report are used to display the data. Please see the README to understand how
    they work.
    Overall, STC was able to achieve the goals of the assessment and exfiltrate the targeted data.
    There were a number of critical findings during the assessment including the following:
    Finding Name
    report/findings_list/findings:::DREAD_TOTAL>40
    title

    Remediation
    Effort
    EFFORT

    Here is a super fancy flow chart that shows the exploitation narrative (or just the cyber kill
    chain):

    Reconnaisan
    ce

    Weaponizatio
    n

    Delivery

    Exploitation

    Installation

    C&C

    Actions on
    Objectives

    FULL_COMPANY_NAME Report
    2.0 Attack Narrative
    This explains the story of the attack. Chances are this will be custom written. You can add in an
    attack narrative input box to the web server and make this easy to fill out. Or just edit this
    section for the specific report.

    FULL_COMPANY_NAME Report
    3.0 Findings
    3.1Findings Table
    The following were the results from the assessment. <TO THE AUTHOR, NOTICE THE
    DREAD SCORE IS NOT SHOWN BUT USED TO INSERT INTO THE TABLE>
    Finding Name

    Remediati
    on Effort

    High Risk Findings


    report/findings_list/findings:::DREAD_TOTAL>35 title

    EFFORT

    Moderate Risk Findings


    report/findings_list/findings:::DREAD_TOTAL<36:::DREAD_
    TOTAL>19title

    EFFORT

    Low Risk Findings


    report/findings_list/findings:::DREAD_TOTAL<20:::DREAD_
    TOTAL>0title

    EFFORT

    FULL_COMPANY_NAME Report
    CRITICAL FINDINGS
    The following are all of the Critical Findings from the assessment.
    report/findings_list/findings
    DREAD_TOTAL<50
    DREAD_TOTAL>30

    FULL_COMPANY_NAME Report
    DREAD
    Score
    Damage
    Potential
    Reproduci
    bility
    Exploitabi
    lity
    Affected
    Users
    Discovera
    bility
    Total

    damage
    reproducability

    exploitability
    affected_users

    discoverability

    dread_total

    Summary
    overview/paragraph zzzz .
    code .
    italics .

    h4

    bullet .

    Proof
    poc/paragraph

    Remediation
    remediation/paragraph zzzz .
    code .
    italics .

    h4

    bullet .

    FULL_COMPANY_NAME Report

    FULL_COMPANY_NAME Report
    OTHER FINDINGS
    Notice the changes in colors in this section.
    report/findings_list/findings:::DREAD_SCORE<30

    FULL_COMPANY_NAME Report
    DREAD
    Score
    Damage
    Potential
    Reproduci
    bility
    Exploitabi
    lity
    Affected
    Users
    Discovera
    bility
    Total

    damage
    reproducability

    exploitability
    affected_users

    discoverability

    dread_total

    Summary
    overview/paragraph zzzz .
    code .
    italics .

    h4

    bullet .

    Proof
    poc/paragraph

    Remediation
    remediation/paragraph zzzz .
    code .
    italics .

    h4

    bullet .

    Vous aimerez peut-être aussi