Description

Project agenda: To perform a security vulnerability assessment $($VA$)$ and penetration testing $($PT$)$ on the two identified systems $($Windows and Debian Linux$),$ document the VA and PT findings and provide a remediation plan to the customer.

Description: The security tester should follow the standard process of VA and PT$,$ document the test results, and align the process to the below$-$mentioned stages:

Information Gathering and Reconnaissance

Scanning and Enumeration

Vulnerability Assessment

Exploitation

Analysis and Reporting

Tools required: Kali Linux, Windows $10,$ and Debian System

Expected deliverables: The customer leadership team is expecting two types of reports from the security testing organization:

Executive report: The customer wants a short report with a summary of the assessment and key risks, findings from the executive dashboard, and areas of improvement. The report should be non$-$technical and comprehend the risk view if exploited. This audience for the report is the senior leadership of the customer organization.

Technical report: This report is intended for sharing with the customer$$s technical team. The objective of the report is to provide details:

Vulnerabilities identified

Exploitable and non$-$exploitable vulnerabilities

Exploitation evidence $($screenshot and proof$-$of$-$concept video$)$

Remediation suggestion