Sample Penetration Test Report PurpleSec
Yüklə 1,24 Mb. Pdf görüntüsü
|
|
23 sales@purplesec.us CLI 4.4 Current Zone Activities: P urpleSec’s Social Engineer worked with staff to compile 175 email addresses to perform the social engineering test. A phishing template with appropriate signage and logos was created. Nexus Point Activities: PurpleSec’s Social Engineer sent a phishing e -mail to all the in-scope addresses. The e- mail originated from a spurious IT support company and claimed to be a legitimate technical support request authorized by CLIENT’s IT Department. The e -mail also requested that the user navigate to an PurpleSec-controlled Website and: • Provide his/her domain username, • Provide his/her e-mail address (in lieu of password), and • Download a benign executable file, • Run the executable locally on his/her workstation. Of the 175 email addresses tested, 13 users interacted with untrusted content (hyperlink) and 9 provided domain usernames/e-mail address. Figure 3.49 – Screenshot showing the email phishing results. Risk Rating: Medium Bottom Line : The response and click rates for CLIENT’s staff tested via email are just under 10% and should be considered a vulnerability for the organization. It should be noted that most malware needs only a single response, and full response from a user to username/password requests may lead to significant breaches. PEN TEST REPORT: EXAMPLE INSTITUTE JANUARY 28, 2019 24 sales@purplesec.us Recommendations: • While click and interaction rates were calculated as Medium it is highly recommended that CLIENT engage in Cybersecurity awareness training immediately. Yüklə 1,24 Mb. Dostları ilə paylaş:
|