maride/penretem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
penretem/pages/mgmtsum.typ

106 lines
3.8 KiB
Typst
Raw Permalink Blame History

#import "@preview/diagraph:0.3.6"
#import "../addons/cvss.typ"
#import "../addons/mitre.typ"
#let render(target: str, targetInSentence: str, testFocus: str, testObject: str, testScenario: str, recommendation: str, start: str, end: str, setup: str, nodes: raw, scope: array) = {
[
= Management Summary
== Motivation
#target ordered Acme Security, LLC to perform a #testScenario penetration test onto a selected number of hosts in a live and productive environment.
This penetration test was conducted to proactively identify, assess, and validate the severity of security vulnerabilities within the defined scope of #targetInSentence, specifically those exploitable by #testFocus. Adversarial techniques to bypass controls, gain unauthorized access, and compromise critical assets were performed for this test scenario to determine the actual impact on confidentiality, integrity, and availability.
== Test Object
#testObject
== Test Methodology
The aim of the test was to uncover vulnerabilities and weaknesses of all kinds and chaining findings and vulnerabilities accordingly to gain a deep understanding of the audited hosts, following a security-in-depth approach. #context([
#let methods = (
if mitre.isUsed.final() { [the MITRE ATT&CK Framework#footnote("https://attack.mitre.org")] },
).filter(m => m != none)
#if methods.len() > 0 {
[The tests were carried out in accordance with #methods.join(", ", last: ", and ").]
}
])
The penetration test was performed as a #testScenario.
== Findings
The penetration test revealed #context([
#let num = cvss.riskCategories.values().map(v => v.state.final()).sum()
#if num == 1 {
[ #num finding ]
} else {
[ #num findings ]
}
]) which can be categorized by risk:
#table(
columns: (16.66%, 16.66%, 16.66%, 16.66%, 16.66%, 16.66%),
align: center,
[Critical], [High], [Medium], [Low], [None], [Other],
table.cell(context(cvss.riskCategories.at("CRITICAL").state.final()), fill: red, align: center),
table.cell(context(cvss.riskCategories.at("HIGH").state.final()), fill: orange, align: center),
table.cell(context(cvss.riskCategories.at("MEDIUM").state.final()), fill: yellow, align: center),
table.cell(context(cvss.riskCategories.at("LOW").state.final()), fill: lime, align: center),
table.cell(context(cvss.riskCategories.at("NONE").state.final()), fill: white, align: center),
table.cell(context(cvss.riskCategories.at("OTHER").state.final()), fill: gray, align: center),
)
== Recommendations & Next Steps
#recommendation
== Test Scope and Setup
#if start != "" {
if end != "" {
[ The test was conducted from #start to #end. ]
} else {
[ The test was conducted on #start. ]
}
}
#setup
The following scope was set for the penetration test:
#table(
columns: (25%, 50%, 25%),
align: center,
inset: 10pt,
table.cell(fill: color.linear-rgb(4.5%, 14.5%, 14.5%, 100))[*Type*],
table.cell(fill: color.linear-rgb(4.5%, 14.5%, 14.5%, 100))[*Value*],
table.cell(fill: color.linear-rgb(4.5%, 14.5%, 14.5%, 100))[*State*],
..for (i, value) in scope.enumerate() {
(
table.cell(value.type),
table.cell(value.content),
if value.inScope {
table.cell("In scope", fill: lime, align: center)
} else {
table.cell("Out of scope", fill: gray, align: center)
}
)
}
)
#if nodes != "" {
[ From the perspective of the machine used for the penetration test, the network layout was seen as shown in the graph below. ]
figure(
diagraph.raw-render(nodes),
caption: [
Schematic graph showing the test objective network
]
)
}
]
}
Reference in New Issue View Git Blame Copy Permalink