Before We Start

Checklists

Rules of Engagement (RoE)

• Make sure to go through RoE
• Check the Scope / Out of scope
• Make Sure The RoE is signed.
• Read Briefly Through the RoE and Take Notes of what is allowed and what is Not Allowed.

Verifying Scope

• Verify the scope (Given in RoE) before starting Pentesting.
• There are multiple ways to verify the scope
  • bgp.he.net

Client Communication

• Make sure to communicate with Client During Pentest time Period if Anything Urgent Happens or if You finds any critical vulnerability During External Pentesting.

Kicking Off

Attack Strategy

• Think of external Pentests like Home Security.
• Low chance of RCE, high chance of weak passwords.