TickYouOff
Sign in
Back
🛡️

Penetration Testing Preparation

Hard 18 items · 2 hours
testuser's avatar
testuser Published 2 weeks ago
Technical

A pre-engagement checklist to prepare teams and clients for an authorized penetration test. Covers authorization, scope, RoE, asset review, OSINT, tool setup, data handling, and reporting. For authorized, ethical testing only.

Progress
0 / 18
  1. Obtain written authorization and scope approval — Get a signed letter or email naming client, testers, targets, dates, and approval limits.
  2. Confirm and document test scope — List in-scope and out-of-scope hosts, IP ranges, apps, and excluded systems.
  3. Draft rules of engagement (RoE) document — Define allowed techniques, time windows, blackout zones, and escalation triggers.
  4. Complete legal and compliance review — Verify applicable laws, contractual limits, and third-party or regulatory constraints.
  5. Finalize data handling agreement and NDA — Specify evidence storage, encryption, access control, and retention timelines.
  6. Compile asset inventory and access list — Collect IPs, hostnames, URLs, service ports, and authorized credentials or auth methods.
  7. Review network diagrams and architecture — Verify diagrams against inventory; note segmentation, DMZs, and critical systems.
  8. Obtain emergency contacts and escalation plan — Collect 24/7 contacts, incident response leads, and preferred escalation methods.
  9. Schedule testing windows and maintenance windows — Agree on exact dates/times, including blackout periods and backup schedules.
  10. Set up testing tools and environment — Prepare isolated lab or jump hosts, update tools, and verify license keys.
  11. Configure Burp Suite for proxying and logging — Install extensions, set intercept rules, and enable detailed logging to files.
  12. Run Nmap baseline scans and fingerprinting — Perform safe timing scans, save XML output, and document service versions.
  13. Prepare Metasploit workspace and exploit modules — Update modules, initialize the database, and pre-load identified targets.
  14. Conduct OSINT reconnaissance and target validation — Enumerate domains, subdomains, public assets, and exposed employee info.
  15. Create report template and evidence capture plan — Prepare sections, severity ratings, screenshots, logs, and replayable steps.
  16. Plan backups, snapshots, and rollback strategy — Arrange VM snapshots, DB exports, and clear rollback steps before intrusive tests.
  17. Confirm cleanup, data retention, and destructive test constraints — Agree what artifacts will be removed, retained, or wiped after testing.
  18. Perform final pre-test review and obtain stakeholder sign-off — Ensure all docs signed, contacts confirmed, tools ready, and stakeholders informed.
Sign in to save
📝 My Notes