Incident Report

В этой теме можно использовать автоматический гарант!

Новая сделка
Статус
Закрыто для дальнейших ответов.
Отслеживать
rwxrwx

rwxrwx

(L3) cache
Пользователь
Регистрация
15.01.2023
Сообщения
283
Реакции
100
Hello gentlemen,

After a successful penetration testing assessment into a company network, taking the sensitive data and leaving a note to the IT Admins and Management about the incident, while negotiating for a price, should we give a incident report to the company saying how we hacked them and a solution to patch vulnerabilities?
 
rwxrwx сказал(а):
should we give a incident report to the company saying how we hacked them and a solution to patch vulnerabilities?
If you are a white hat pentester, you should definitely write everything down from start to finish. Vulnerability type, CVE number, time of compromise, infected hosts on the network, and so on down the list.
If you are a black hat, you should definitely not talk about it, even after the ransom is paid.
 
Alpano сказал(а):
If you are a white hat pentester, you should definitely write everything down from start to finish. Vulnerability type, CVE number, time of compromise, infected hosts on the network, and so on down the list.
If you are a black hat, you should definitely not talk about it, even after the ransom is paid.
Exactly what I meant. If you are concerned about all those things you are probably working as a white hat and should create a company for that. Otherwise forget it.
 
If you are a white as the mates told, the question is, do you have any contract signed with the company? Or you vulnerated his network to try gain the client?

- If is the first question, in my opinion you should negotiate the price first. But if you are ensure that the company will pay with good price, you should to create the report the most detailed as possible.

- If is the second question, in my opinion, absolutely no, you wont do a work without ensure that you will receive any revenue for it and maybe you can get a revenue for other side, you know ;)
 
Статус
Закрыто для дальнейших ответов.
Верх