Week 1.md - Snowboundport37/champlain GitHub Wiki

Week 1 (1/13 - 1/17)

Topics Covered

  • Setting up remote desktop access.
  • Introduction to penetration testing methodologies and best practices.

Assignments

Assignment 1: Setting Up Google Remote Desktop

Objective: Configure Google Remote Desktop on your Kali VM to allow remote access.

Steps:

  1. Open Google Chrome on Kali and log in with your Google account.
  2. Visit Google Remote Desktop Headless Setup and download the .deb file for Debian-based systems.
  3. On your host machine, navigate to the same URL and authorize remote access.
  4. Transfer the command from your host to the Kali VM (e.g., via email) and set it up.
  5. Set a secure PIN for remote access.
  6. Verify access by connecting to the Kali VM via the Remote Desktop interface on your host.

Deliverable:
Provide a screenshot of successful access to your Kali VM through remotedesktop.google.com.

Assignment 2: Penetration Testing Overview

Objective: Understand the fundamentals of penetration testing, including methodologies, goals, and limitations.

Key Sections:

  1. Conducting the Penetration Test

    • Focus & Intent: Identify vulnerabilities while minimizing disruption to critical operations, such as NASA systems.
    • Key Priorities:
      • Clear Planning: Define scope, goals, and rules of engagement during initial meetings.
      • Controlled Testing: Pause or stop tests when critical vulnerabilities are identified.
      • Documentation: Record findings with actionable remediation recommendations.

  2. Appendix A: Penetration Test Plan

    • Relation to Methodology:
      Phase Description
      Planning Corresponds to reconnaissance, where testers gather information about the target.
      Vulnerability Analysis Matches scanning, identifying vulnerabilities in the system.
      Penetration Testing Involves exploitation and post-exploitation to assess system weaknesses.
    • Significance: Structured plans align with real-world attack methods and provide consistency.

  3. Appendix B: Rules to Be Followed

    • Limitations:
      • Targeted Scans Only: Testing is limited to predefined targets.
      • No Exploitation: Prohibits testing chained vulnerabilities to avoid system damage.
    • Importance of Rules: Ensures system stability and protects sensitive information.

  4. War Dialing

    • Definition: Scanning phone numbers for active modems or connections, relevant for evaluating legacy systems.
    • Significance: Highlights vulnerabilities in older systems that may still be operational.

Deliverables:

  • Summarize the significance of effective documentation, adherence to rules, and aligning tests with real-world attack methods.

Assignment 3: Ethical Guidelines

Objective: Develop ethical rules for penetration testing as a group.

Group Members:

  • Andrei Gorlitsky
  • Timothy Price
  • Connor Jay

Group Rules:

  1. Follow the Scope of Work:
    Always adhere to the agreement with the client. Unauthorized actions can put the client at risk and compromise trust.

  2. Don’t Take What Is Not Yours:
    Only perform penetration testing activities with explicit permission from the client. Avoid unauthorized actions at all costs.

  3. Respect the Thoughts of Others:
    Foster a respectful environment with clients and peers. Encourage constructive dialogue and avoid demeaning or belittling others' ideas.

Deliverable:
Submit the rules document (docx) to the assignment portal. Each group member should submit the same document.

Notes

  • Remote access tools like Google Remote Desktop are essential for managing VMs.
  • Penetration testing methodologies must align with real-world attack methods to ensure thoroughness.
  • Ethical guidelines are critical for maintaining professionalism and trust in penetration testing.

Back to Main Page