Understanding the current environment

Before jumping into the various tools to map out and probe the network, security, and systems in place, it is a good practice to review the current documentation that you may receive as a part of the stakeholder meeting. Along with that, you will want to interview various teams within the organization to get some background information on what the topology is like, prior to you having to discover it yourself. It definitely makes the job of the penetration tester easier if you have some sort of layout already defined, as opposed to spending days probing and mapping to just get to that point.

Here is a list of teams I tend to talk with. The teams you choose will ultimately depend on the organization and what is in scope for the penetration test:

• Network Team: Interview the network team to get a better understanding of the current network topology, network devices currently in play, network vendors that are used, and any other information that will help you understand the network.

• Systems Administrators: Talking with the systems administrators will help you get an understanding of the various operating systems that are in place as well as server roles, applications, and data flow throughout the applications. This information is priceless when it comes to looking at the application layer and vulnerabilities that may be in play.

• Security Team: This one is near and dear to my heart. Understanding the current security devices that are utilized in the network is key to really understanding the topology. Firewalls and devices may be hiding portions of the network, so to know where and why they exist will help you lay out the network and any potential targets. Also, understanding the company's security policies such as patch management policies, password policies, and endpoint policies, will definitely help you identity targets for future tools.