Module 02: Penetration Testing Scoping and Engagement Methodology - Mission Briefing [End]

Mission Briefing

Scenario

In this exercise, the Engagement Team Leader (ETL) will prepare and issue a mission briefing to the rest of the engagement team. The mission briefing is prepared from the engagement control documents, project plan and other sources of information. The purpose of the mission briefing is to give team members the maximum amount of time and information to prepare for the mission and perform any equipment (hardware and software) maintenance required.

When preparing the mission briefing, the ETL should endeavor to provide the engagement team with as much information as possible about the TORG. This is especially important when the engagement is being conducted under less than favorable circumstances such as a pending unpopular merger, as the result of a security breach when the TORG employees may perceive findings as an excuse for their dismissal, etc.

An example mission briefing template is located at YY-DD-MM**-FNBF\00_Administration\00N_MB** and at Appendix 5. The ETL may use the contents of this briefing “as is” or may modify to suit. It is not required that this particular format is used. What is important is that the engagement team be provided with as much information about the mission and the TORG as possible.

Lab Duration: 5 Minutes

1. 
   
   1. The ETL determines the amount of time required to complete the mission briefing.
   2. The ETL determines a suitable date, time and place to issue the briefing to all team members participating in the engagement.
   3. The ETL sends an email to the affected team members informing them of the time, date and place of the mission briefing.

   Note:
   1) These steps are followed in a real-life pen testing engagement. These are given here just for your reference and do not require any action.

2. 
   
   1. Navigate to YY-DD-MM**-FNBF****\00_Administration\00N_MB\** and rename the Msnbrfvx.x.docx file to YY-DD-MM**-FNBF****_MB**. Delete vx.xat the end of the file name so that the document name is YY-DD-MM**-FNBF****_MB.docx**.
   2. Open the renamed file.
   3. Replace items in red with information about this client and engagement, providing as much detail as possible.
   4. Save the file with the original file name.

   Note:
   1) The YY-DD-MM-FNBF\00_Administration\00N_MB\folder is available under MasterEngagementFolders. The MasterEngagementFolders are available as a part of ECSA Report Templates. ECSA Report Templates.zip file is available under Academia section in Aspen Portal.
   2) ECCU students can find the Msnbrfvx.x.docx from the ECSA Report Templates -> MasterEngagementFolders-> 00_Administration -> 00N_MB folder available in the Introduction section of the course.

3. 
   
   1. At the appointed time and date, assemble the members of the engagement team and orally brief them on the contents of the mission briefing. This mission briefing document will be the primary execution document for the team during the mission.
   2. Ask any questions about the content of the briefing and resolve them accordingly.
   3. After the briefing, ensure that each team member clearly understands their part of the mission by asking for feedbacks from each member on their portion of the mission.

   Note: These steps are followed in a real-life pen testing engagement. These are given here just for your reference and do not require any action.

After completing this exercise you will be all set for the execution phase of the pen testing assignment