Technical Assessment Plans
This page will privide links to Technical Assessment Plans that I have created that can be used to conduct assessments using the tools and utilities that a penetration tester would use. The assessment plans are structured in a way to help with the documentation of evidence for inclusion in a workpaper process. The plans provide helpful information on how to install, configure, and use the tools to obtain the evidence needed for an engagement. This page will continue to grow and improve as I document the methods I used when conducting audit engagements as a penetration tester.
Windows Enumeration Worksheet – Use standard Windows commands and freely downloadable utilities to enumerate the machines, users, and groups in a networked Windows Domain environment.
Windows Password Assessment Worksheet – Use open source and freely downloadable utilities to assess the password strength in a networked Windows Domain environment. Password testing includes password policy assessment, password hash extraction, and online and offline dictionary attacks.