#import "@preview/diagraph:0.3.6": render

#import "pages.typ"
#import "helper.typ"

// Project-specific values
#helper.panicOnPlaceholder.update(false)
#let author = helper.placeholder("Martin \"maride\" Dessauer")
#let targetFull = helper.placeholder("FooBar Dummy Lab")
#let targetHandy = helper.placeholder("Dummy Lab")
#let targetInSentence = helper.placeholder("the Dummy Lab")
// ---

#set text(font: "Helvetica Neue")
#show heading: it => {
  v(1em)
  par(text(it.body, fill: color.linear-rgb(4.5%, 14.5%, 14.5%, 255)))
}

#pages.cover(targetFull, author)
#pages.legal(author)

#set page(
  paper: "a4",
  background: none,
  margin: auto,
  numbering: "1",
  footer: text(size: 12pt, weight: "extralight")[
    #text(fill: silver, [Penetration Test Report #targetFull])
    #h(1fr)
    #context(
      text(fill: silver,
        counter(page).display("1 of 1", both: true)
      )
    )
  ]
)

#pages.toc()

#set heading(numbering: "1.1")
#set par(justify: true)

= Management Summary

== Motivation

This penetration test was conducted to proactively identify, assess, and validate the severity of security vulnerabilities within the defined scope of #targetInSentence, specifically those exploitable by #helper.placeholder("external attackers in real-world scenarios"). Adversarial techniques to bypass controls, gain unauthorized access, and compromise critical assets were performed for this test scenario to determine the actual impact on confidentiality, integrity, and availability.

== Test Object

#helper.placeholder(lorem(30))

== Test Methodology

The aim of the test was to uncover vulnerabilities and weaknesses of all kinds. These were carried out in accordance with the OWASP Web Security Testing Guide, version 4#footnote("https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing"), and, where applicable, the MITRE ATT&CK Framework#footnote("https://attack.mitre.org"). Recommendations for system hardening were made based on the current version of the CIS Benchmarks#footnote("https://www.cisecurity.org/") and the appropriate variant in each case.

The penetration test was performed as a #helper.placeholder("black box test, without any access to source code or other information other than the scope").

== Findings

The penetration test revealed #context(helper.riskCategoryStats.values().map(v => v.final()).sum()) findings, which can be divided into the following risk categories:

#table(
  columns: (16.66%, 16.66%, 16.66%, 16.66%, 16.66%, 16.66%),
  align: center,
  [Critical], [High], [Medium], [Low], [None], [Other],
  table.cell(context(helper.riskCategoryStats.Critical.final()), fill: red, align: center),
  table.cell(context(helper.riskCategoryStats.High.final()), fill: orange, align: center),
  table.cell(context(helper.riskCategoryStats.Medium.final()), fill: yellow, align: center),
  table.cell(context(helper.riskCategoryStats.Low.final()), fill: lime, align: center),
  table.cell(context(helper.riskCategoryStats.None.final()), fill: white, align: center),
  table.cell(context(helper.riskCategoryStats.Other.final()), fill: gray, align: center),
)

== Recommendations & Next Steps

Based on the results of this penetration test, #targetInSentence may be exposed to a production environment.

#pagebreak()
== Test Scope and Setup

The test was conducted from #helper.placeholder("01.01.1970") to #helper.placeholder("01.01.1970").
#helper.placeholder([
  Connection to #targetHandy was made through a dedicated VPN connection via vpnhost.maride.inv. The inner IP address of the test device was 10.0.0.42.
])

The following scope was set for the penetration test:

#let inscope = table.cell("In scope", fill: lime, align: center)
#let outscope = table.cell("Out of scope", fill: gray, align: center)

#table(
  columns: (25%, 50%, 25%,),
  align: center,
  [*Type*], [*Value*], [*State*],
  [Address], [#helper.placeholder("10.23.42.1")], inscope,
  [Address], [#helper.placeholder("2001:db8::2342")], inscope,
  [Domain], [#helper.placeholder("*.maride.inv")], inscope,
  [URL], [#helper.placeholder("secret.maride.inv/flag.txt")], outscope,
  [URL], [#helper.placeholder("important.maride.inv/rickroll")], outscope,
)

From the perspective of the machine used for the penetration test, the network layout was seen as shown in the graph below - simplified by leaving out hops that are not relevant for the penetration test, like third-party network operators and ISPs.

#figure(
  render("
    digraph G {
      rankdir=LR;
      node [shape=rectangle];

      subgraph stage1 {
        style=filled;
        color=red;
        label=\"Connection\";
        User -> Firewall [label=\"OpenVPN\"];
      }

      subgraph targetnet1 {
        style=filled;
        color=red;
        label=\"Target Network\";
        Firewall -> Target1;
        Firewall -> Target2;
        Firewall -> Target3;
        Firewall -> Target4;
      }

      subgraph targetnet2 {
        style=filled;
        color=red;
        label=\"Target Network\";
        Target2 -> Target5;
        Target2 -> Target6;
        Target2 -> Target7;
      }

      subgraph targetnet3 {
        style=filled;
        color=red;
        label=\"Target Network\";
        Target4 -> Target8;
      }
    }
  "),
  caption: [
    Schematic graph showing the test objective network
  ]
)

#pagebreak()
#include "findings.typ"

#pagebreak()
= Appendix

#context(
  [
    #if helper.hasCVSSTable.get() {
      pages.cvssAppendix()
      pagebreak()
      pages.ciaAppendix()
    }
  ]
)